neutron

  1. Bug #1357379
  2. Comment #15

Comment 15 for bug 1357379

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/114531
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=74d10939903984d5f06c1749a8707fa3257e44ff
Submitter: Jenkins
Branch: master

commit 74d10939903984d5f06c1749a8707fa3257e44ff
Author: Elena Ezhova <email address hidden>
Date: Tue Aug 19 15:54:36 2014 +0400

    Forbid regular users to reset admin-only attrs to default values

    A regular user can reset an admin-only attribute to its default
    value due to the fact that a corresponding policy rule is
    enforced only in the case when an attribute is present in the
    target AND has a non-default value.

    Added a new attribute "attributes_to_update" which contains a list
    of all to-be updated attributes to the body of the target that is
    passed to policy.enforce.

    Changed a check for whether an attribute is explicitly set.
    Now, in the case of update, the function should not pay attention
    to a default value of an attribute, but check whether it was
    explicitly marked as being updated.

    Added unit-tests.

    Closes-Bug: #1357379
    Related-Bug: #1338880
    Change-Id: I6537bb1da5ef0d6899bc71e4e949f2c760c103c2