review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

author	Elena Ezhova <eezhova@mirantis.com>
	Tue, 19 Aug 2014 11:54:36 +0000 (15:54 +0400)
committer	Elena Ezhova <eezhova@mirantis.com>
	Tue, 23 Sep 2014 11:18:51 +0000 (15:18 +0400)
commit	74d10939903984d5f06c1749a8707fa3257e44ff
tree	995d2cf7fd7f81db90b20015ef11ed7f9fafc42b	tree \| snapshot
parent	ccf95897dca96acd5aaf37091e30e72f53083731	commit \| diff

Forbid regular users to reset admin-only attrs to default values

A regular user can reset an admin-only attribute to its default
value due to the fact that a corresponding policy rule is
enforced only in the case when an attribute is present in the
target AND has a non-default value.

Added a new attribute "attributes_to_update" which contains a list
of all to-be updated attributes to the body of the target that is
passed to policy.enforce.

Changed a check for whether an attribute is explicitly set.
Now, in the case of update, the function should not pay attention
to a default value of an attribute, but check whether it was
explicitly marked as being updated.

Added unit-tests.

Closes-Bug: #1357379
Related-Bug: #1338880
Change-Id: I6537bb1da5ef0d6899bc71e4e949f2c760c103c2

neutron/api/v2/base.py		diff \| blob \| history
neutron/common/constants.py		diff \| blob \| history
neutron/policy.py		diff \| blob \| history
neutron/tests/unit/test_api_v2.py		diff \| blob \| history
neutron/tests/unit/test_policy.py		diff \| blob \| history