From 968fc95fdad0239fcfbdc6d2a3594b52d1e4bc9f Mon Sep 17 00:00:00 2001
From: Stephen Ma <stephen.ma@hp.com>
Date: Mon, 20 Jan 2014 15:48:28 +0000
Subject: [PATCH] Disallow non-admin users update net's shared attribute

Currently non-admin user cannot create a network with
shared=True. But the user can create the network and then
change the shared attribute to True.

This patch will no longer allow non-admin user to update a
network's shared value to True.

Change-Id: Id596ee399c56b9882efab97a89dbf7d14c5cf7f4
Closes-Bug: 1268823
---
 etc/policy.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/policy.json b/etc/policy.json
index d0e02220..cd65e6b9 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -35,6 +35,7 @@
     "create_network:provider:segmentation_id": "rule:admin_only",
     "update_network": "rule:admin_or_owner",
     "update_network:segments": "rule:admin_only",
+    "update_network:shared": "rule:admin_only",
     "update_network:provider:network_type": "rule:admin_only",
     "update_network:provider:physical_network": "rule:admin_only",
     "update_network:provider:segmentation_id": "rule:admin_only",