openstack/neutron-lbaas
Code Issues Proposed changes
74d1093990
neutron-lbaas/neutron
History
Elena Ezhova 74d1093990 Forbid regular users to reset admin-only attrs to default values 
A regular user can reset an admin-only attribute to its default
value due to the fact that a corresponding policy rule is
enforced only in the case when an attribute is present in the
target AND has a non-default value.

Added a new attribute "attributes_to_update" which contains a list
of all to-be updated attributes to the body of the target that is
passed to policy.enforce.

Changed a check for whether an attribute is explicitly set.
Now, in the case of update, the function should not pay attention
to a default value of an attribute, but check whether it was
explicitly marked as being updated.

Added unit-tests.

Closes-Bug: #1357379
Related-Bug: #1338880
Change-Id: I6537bb1da5ef0d6899bc71e4e949f2c760c103c2
2014-09-23 15:18:51 +04:00
..
agent Merge "Added TAP_DEVICE_PREFIX info to common/constants" 2014-09-23 08:01:24 +00:00
api Forbid regular users to reset admin-only attrs to default values 2014-09-23 15:18:51 +04:00
cmd Remove @author(s) from copyright statements 2014-09-15 21:40:09 +09:00
common Forbid regular users to reset admin-only attrs to default values 2014-09-23 15:18:51 +04:00
db Merge "DVR to delete router namespaces for service ports" 2014-09-22 23:13:54 +00:00
debug Merge "Clarify message when no probes are cleared" 2014-09-13 15:29:24 +00:00
extensions Merge "Remove @author(s) from copyright statements" 2014-09-16 13:30:38 +00:00
hacking Remove @author(s) from copyright statements 2014-09-15 21:40:09 +09:00
locale Imported Translations from Transifex 2014-09-15 06:11:19 +00:00
notifiers Fix spelling mistakes 2014-08-01 16:10:23 +00:00
openstack Fix spelling mistakes 2014-08-01 16:10:23 +00:00
plugins Merge "Added TAP_DEVICE_PREFIX info to common/constants" 2014-09-23 08:01:24 +00:00
scheduler Merge "Add a new scheduler for the l3 HA" 2014-09-13 13:06:47 +00:00
server Configure agents using neutron.common.config.init (formerly .parse) 2014-06-17 21:56:24 +02:00
services Remove @author(s) from copyright statements 2014-09-15 21:40:09 +09:00
tests Forbid regular users to reset admin-only attrs to default values 2014-09-23 15:18:51 +04:00
__init__.py Remove the useless vim modelines 2014-06-21 15:07:31 +08:00
auth.py add auth token to context 2014-08-12 11:17:21 +09:00
context.py add auth token to context 2014-08-12 11:17:21 +09:00
hooks.py Remove the useless vim modelines 2014-06-21 15:07:31 +08:00
manager.py Moved rpc_compat.py code back into rpc.py 2014-06-24 10:35:39 +02:00
neutron_plugin_base_v2.py Throw exception instances instead of classes 2014-09-07 12:56:30 +04:00
policy.py Forbid regular users to reset admin-only attrs to default values 2014-09-23 15:18:51 +04:00
quota.py Remove the useless vim modelines 2014-06-21 15:07:31 +08:00
service.py Merge "Throw exception instances instead of classes" 2014-09-08 22:25:05 +00:00
version.py Remove the useless vim modelines 2014-06-21 15:07:31 +08:00
wsgi.py Remove the useless vim modelines 2014-06-21 15:07:31 +08:00