openstack/keystone
Code Issues Proposed changes

Merge "Fix validation of role assignment subtree list"

Browse Source
This commit is contained in:
Zuul 2019-09-27 01:42:07 +00:00 committed by Gerrit Code Review
commit e860c69831
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
keystone/api/role_assignments.py
View File

@ -80,12 +80,12 @@ class RoleAssignmentsResource(ks_flask.ResourceBase):
'group.id', 'role.id', 'scope.domain.id', 'scope.project.id',
'scope.OS-INHERIT:inherited_to', 'user.id'
]
target = {}
target = None
if 'scope.project.id' in flask.request.args:
project_id = flask.request.args['scope.project.id']
if project_id:
target['project'] = PROVIDERS.resource_api.get_project(
project_id)
target = {'project': PROVIDERS.resource_api.get_project(
project_id)}
ENFORCER.enforce_call(action='identity:list_role_assignments_for_tree',
filters=filters, target_attr=target)
if not flask.request.args.get('scope.project.id'):

14
keystone/tests/unit/test_v3_assignment.py
View File

@ -2596,11 +2596,15 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
def test_project_id_specified_if_include_subtree_specified(self):
"""When using include_subtree, you must specify a project ID."""
self.get('/role_assignments?include_subtree=True',
expected_status=http_client.BAD_REQUEST)
self.get('/role_assignments?scope.project.id&'
'include_subtree=True',
expected_status=http_client.BAD_REQUEST)
r = self.get('/role_assignments?include_subtree=True',
expected_status=http_client.BAD_REQUEST)
error_msg = ("scope.project.id must be specified if include_subtree "
"is also specified")
self.assertEqual(error_msg, r.result['error']['message'])
r = self.get('/role_assignments?scope.project.id&'
'include_subtree=True',
expected_status=http_client.BAD_REQUEST)
self.assertEqual(error_msg, r.result['error']['message'])
def test_get_role_assignments_for_project_tree(self):
"""Get role_assignment?scope.project.id=X&include_subtree``.