review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

author	Salvatore Orlando <salv.orlando@gmail.com>
	Tue, 13 Oct 2015 22:08:47 +0000 (15:08 -0700)
committer	Salvatore Orlando <salv.orlando@gmail.com>
	Wed, 13 Jan 2016 16:05:07 +0000 (16:05 +0000)
commit	293c3e01efce74d110ff34703a9e68ce2cd782e6
tree	5260b62e09a0cd92b81ae92f727c266443598fc3	tree \| snapshot
parent	24b482ac15b5fa99edd2c3438318a41f9af06bcf	commit \| diff

Pecan: Fixes and tests for the policy enforcement hook

As PolicyNotAuthorizedException is raised in a hook, the
ExceptionTranslationHook is not invoked for it; therefore a 500
response is returned whereas a 403 was expected. This patch
explicitly handles the exception in the hook in order to ensure
the appropriate response code is returned.

Moreover, the structure of the 'before' hook prevented checks
on DELETE requests from being performed. As a result the check
was not performed at all (checks on the 'after' hook only pertain
GET requests). This patch changes the logic of the 'before' hook
by ensuring the item to authorize acces to is loaded both on PUT
and DELETE requests.

This patch also adds functional tests specific for the policy
enforcement hook.

Change-Id: I8c76cb05568df47648cff71a107cfe701b286bb7
Closes-Bug: #1520180
Closes-Bug: #1505831

neutron/pecan_wsgi/hooks/policy_enforcement.py		diff \| blob \| history
neutron/tests/functional/pecan_wsgi/test_functional.py		diff \| blob \| history