From c05dd7f72a4b5282e49a4ee030d6945d020049ac Mon Sep 17 00:00:00 2001
From: Eugene Nikanorov <enikanorov@mirantis.com>
Date: Wed, 28 May 2014 02:08:17 +0400
Subject: [PATCH] Disallow regular user to update firewall's shared attribute

Shared firewalls should only be operable by  admins.
Currently only admin can provide shared attribute at firewall creation,
so update_firewall should be consistent with that as well.

Change-Id: I093743514637824207b375d724404d51f778d012
Closes-Bug: #1323322
---
 etc/policy.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/policy.json b/etc/policy.json
index 922657b2..369e0a80 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -70,6 +70,7 @@
     "create_firewall:shared": "rule:admin_only",
     "get_firewall:shared": "rule:admin_only",
     "update_firewall": "rule:admin_or_owner",
+    "update_firewall:shared": "rule:admin_only",
     "delete_firewall": "rule:admin_or_owner",
 
     "create_firewall_policy": "",