Control create/delete flavor api permissions using policy.json
The permissions of create/delete flavor api is currently broken and expects the user to be always an admin, instead of controlling the permissions by the rules defined in the nova policy.json. Change-Id: Ide3c9ec2fa674b4fe3ea9d935cd4f7848914b82e Closes-Bug: 1445335
This commit is contained in:
parent
b8947eef39
commit
ced60b1d1b
|
@ -16,7 +16,6 @@ from nova.api.openstack.compute.views import flavors as flavors_view
|
|||
from nova.api.openstack import extensions
|
||||
from nova.api.openstack import wsgi
|
||||
from nova.compute import flavors
|
||||
from nova import context as nova_context
|
||||
from nova import exception
|
||||
from nova.i18n import _
|
||||
|
||||
|
@ -35,11 +34,6 @@ class FlavorManageController(wsgi.Controller):
|
|||
def _delete(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
|
||||
# NOTE(alex_xu): back-compatible with db layer hard-code admin
|
||||
# permission checks.
|
||||
nova_context.require_admin_context(context)
|
||||
|
||||
try:
|
||||
flavor = flavors.get_flavor_by_flavor_id(
|
||||
id, ctxt=context, read_deleted="no")
|
||||
|
@ -54,11 +48,6 @@ class FlavorManageController(wsgi.Controller):
|
|||
def _create(self, req, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
|
||||
# NOTE(alex_xu): back-compatible with db layer hard-code admin
|
||||
# permission checks.
|
||||
nova_context.require_admin_context(context)
|
||||
|
||||
if not self.is_valid_body(body, 'flavor'):
|
||||
msg = _("Invalid request body")
|
||||
raise webob.exc.HTTPBadRequest(explanation=msg)
|
||||
|
|
|
@ -442,7 +442,7 @@ class FlavorManageTestV2(FlavorManageTestV21):
|
|||
environ['nova.context'])
|
||||
|
||||
def _get_http_request(self, url=''):
|
||||
return fakes.HTTPRequest.blank(url, use_admin_context=True)
|
||||
return fakes.HTTPRequest.blank(url, use_admin_context=False)
|
||||
|
||||
|
||||
class PrivateFlavorManageTestV2(PrivateFlavorManageTestV21):
|
||||
|
@ -464,7 +464,7 @@ class PrivateFlavorManageTestV2(PrivateFlavorManageTestV21):
|
|||
environ['nova.context'])
|
||||
|
||||
def _get_http_request(self, url=''):
|
||||
return fakes.HTTPRequest.blank(url, use_admin_context=True)
|
||||
return fakes.HTTPRequest.blank(url, use_admin_context=False)
|
||||
|
||||
|
||||
class FlavorManagerPolicyEnforcementV21(test.NoDBTestCase):
|
||||
|
|
Loading…
Reference in New Issue