Reviewed: https://review.openstack.org/234457 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=293c3e01efce74d110ff34703a9e68ce2cd782e6 Submitter: Jenkins Branch: master
commit 293c3e01efce74d110ff34703a9e68ce2cd782e6 Author: Salvatore Orlando <[email protected]> Date: Tue Oct 13 15:08:47 2015 -0700 Pecan: Fixes and tests for the policy enforcement hook As PolicyNotAuthorizedException is raised in a hook, the ExceptionTranslationHook is not invoked for it; therefore a 500 response is returned whereas a 403 was expected. This patch explicitly handles the exception in the hook in order to ensure the appropriate response code is returned. Moreover, the structure of the 'before' hook prevented checks on DELETE requests from being performed. As a result the check was not performed at all (checks on the 'after' hook only pertain GET requests). This patch changes the logic of the 'before' hook by ensuring the item to authorize acces to is loaded both on PUT and DELETE requests. This patch also adds functional tests specific for the policy enforcement hook. Change-Id: I8c76cb05568df47648cff71a107cfe701b286bb7 Closes-Bug: #1520180 Closes-Bug: #1505831 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1520180 Title: Pecan: no authZ check on DELETE operations Status in neutron: Fix Released Bug description: Authorization checks are completely skipped on DELETE operations both in the 'before' and in the 'after' hooks. This does not look great, and should be fixed. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1520180/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
