From: liyingjun <yingjun.li@kylin-cloud.com>
Date: Fri, 17 Jul 2015 07:48:18 +0000 (+0800)
Subject: Set default policy for "volume:get"
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=5a4f399d6c3c675afab5a1bd961db6a39e37ac1b;p=openstack-build%2Fcinder-build.git

Set default policy for "volume:get"

Currently, there is no policy check defined for "volume:get", so
everyone can get another tenant's volume detail by UUID. It's necessary
to set policy to "rule:admin_or_owner" for "volume:get" by default.

Change-Id: Iefdf7e5703a28856b20d97a885267c01bed6bbb4
Closes-bug: #1475422
---

diff --git a/etc/cinder/policy.json b/etc/cinder/policy.json
index 42d157b2a..ee319f71c 100644
--- a/etc/cinder/policy.json
+++ b/etc/cinder/policy.json
@@ -7,7 +7,7 @@
 
     "volume:create": "",
     "volume:delete": "",
-    "volume:get": "",
+    "volume:get": "rule:admin_or_owner",
     "volume:get_all": "",
     "volume:get_volume_metadata": "",
     "volume:get_volume_admin_metadata": "rule:admin_api",