9c03dcf727
The API list methods were not handling unscoped tokens correctly.
If the API is using the admin_or_owner-policy.yaml policy override file,
and a user used an unscoped token, the API will list objects for all
projects. This patch corrects that issue.
If you are using the default policies, the API handles unscoped tokens
correctly.
Depends-On: https://review.opendev.org/753838
Change-Id: I88e64fd5e8a4c709f735be85b85139dbb52e4acd
(cherry picked from commit
|
||
---|---|---|
.. | ||
amphorae | ||
api | ||
db | ||
__init__.py |