d2fc261457
Currently a versioned write PUT uses a pre-authed request to move it into the versioned container before checking whether the user is authorised. This can lead to some interesting behaviour whereby a user can select a versioned object path that it does not have access to, request a put on that versioned object, and this request will execute the copy part of the request before it fails due to lack of permissions. This patch changes the behaviour to be the same as versioned DELETE where the request is authorised before anything is moved. Change-Id: Ia8b92251718d10b1eb44a456f28d3d2569a30003 Closes-Bug: #1562175 |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| swift_test_client.py | ||
| test_access_control.py | ||
| test_account.py | ||
| test_container.py | ||
| test_object.py | ||
| tests.py | ||