review.fuel-infra Code Review - openstack-build/cinder-build.git/commit

author	Zhiteng Huang <zhithuang@ebaysf.com>
	Tue, 19 Aug 2014 14:27:26 +0000 (22:27 +0800)
committer	Zhiteng Huang <zhithuang@ebaysf.com>
	Wed, 20 Aug 2014 17:47:31 +0000 (01:47 +0800)
commit	d6d75f868d5da77c2c8e20d0562555a14a6f91ec
tree	8d73ef142284fcc842d931b57aedc151c15220df	tree \| snapshot
parent	c8941ececc22c4642d5448174ccb062d027626d8	commit \| diff

Honor volume:get policy

The fix for bug 1356368 hard-coded a policy check (same as
rule:admin_or_owner) for volume:get.  While in most cases this is
what people want, it'd be good we honor policy setting.

Note that before commit 0505bb268942534ad5d6ecd5e34a4d9b0e7f5c04,
DB query volume_get() actually acted as the policy checker for
volume:get, and it raised VolumeNotFound if context.project_id didn't
match volume['project_id'].  The check_policy() in volume:get didn't
get a chance to raise PolicyNotAuthorized exception.  So in this
change we keep the same behavor.

Change-Id: If43cec5cce977b9220296709b4e243b35b06ecd5
Related-bug: #1356368

cinder/tests/policy.json		diff \| blob \| history
cinder/volume/api.py		diff \| blob \| history