review.fuel-infra Code Review - openstack-build/cinder-build.git/commit

]> review.fuel-infra Code Review - openstack-build/cinder-build.git/commit

Code Review / openstack-build / cinder-build.git / commit

author	git-harry <git-harry@live.co.uk>
	Wed, 13 Aug 2014 13:22:49 +0000 (14:22 +0100)
committer	git-harry <git-harry@live.co.uk>
	Wed, 13 Aug 2014 13:22:49 +0000 (14:22 +0100)
commit	5868e8f285d23b56ca6123dab760342c57bf8c80
tree	b6fb8b596133a080680d3893a876e49317eb01ad	tree \| snapshot
parent	ca9b202dc5a55639239f1383569d7a4b5ef1cbc1	commit \| diff

Prevent tenant viewing volumes owed by another

Bug introduced by 0505bb268942534ad5d6ecd5e34a4d9b0e7f5c04 allows any
tenant to get the details of a volume belonging to any other tenant
if the UUID is known.

This commit allows only the tenant or an admin to get a volume.

Change-Id: I0268d374f7529d89068dcbf3c1cb9ab3d60d4115
Closes-Bug: #1356368

RSS Atom

cinder/tests/api/fakes.py		diff \| blob \| history
cinder/tests/api/test_router.py		diff \| blob \| history
cinder/tests/api/v1/test_snapshot_metadata.py		diff \| blob \| history
cinder/tests/api/v1/test_volume_metadata.py		diff \| blob \| history
cinder/tests/api/v2/test_snapshot_metadata.py		diff \| blob \| history
cinder/tests/api/v2/test_volume_metadata.py		diff \| blob \| history
cinder/tests/api/v2/test_volumes.py		diff \| blob \| history
cinder/tests/test_volume.py		diff \| blob \| history
cinder/volume/api.py		diff \| blob \| history