commit 74d10939903984d5f06c1749a8707fa3257e44ff
Author: Elena Ezhova <email address hidden>
Date: Tue Aug 19 15:54:36 2014 +0400
Forbid regular users to reset admin-only attrs to default values
A regular user can reset an admin-only attribute to its default
value due to the fact that a corresponding policy rule is
enforced only in the case when an attribute is present in the
target AND has a non-default value.
Added a new attribute "attributes_to_update" which contains a list
of all to-be updated attributes to the body of the target that is
passed to policy.enforce.
Changed a check for whether an attribute is explicitly set.
Now, in the case of update, the function should not pay attention
to a default value of an attribute, but check whether it was
explicitly marked as being updated.
Reviewed: https:/ /review. openstack. org/114531 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=74d10939903 984d5f06c1749a8 707fa3257e44ff
Committed: https:/
Submitter: Jenkins
Branch: master
commit 74d10939903984d 5f06c1749a8707f a3257e44ff
Author: Elena Ezhova <email address hidden>
Date: Tue Aug 19 15:54:36 2014 +0400
Forbid regular users to reset admin-only attrs to default values
A regular user can reset an admin-only attribute to its default
value due to the fact that a corresponding policy rule is
enforced only in the case when an attribute is present in the
target AND has a non-default value.
Added a new attribute "attributes_ to_update" which contains a list
of all to-be updated attributes to the body of the target that is
passed to policy.enforce.
Changed a check for whether an attribute is explicitly set.
Now, in the case of update, the function should not pay attention
to a default value of an attribute, but check whether it was
explicitly marked as being updated.
Added unit-tests.
Closes-Bug: #1357379 6899bc71e4e949f 2c760c103c2
Related-Bug: #1338880
Change-Id: I6537bb1da5ef0d