From: Aline Manera <alinefm(a)linux.vnet.ibm.com>
Each API must specify which requests methods are exclusive for the admin
role.
Signed-off-by: Aline Manera <alinefm(a)linux.vnet.ibm.com>
---
src/kimchi/control/debugreports.py | 2 +-
src/kimchi/control/host.py | 2 +-
src/kimchi/control/interfaces.py | 2 +-
src/kimchi/control/networks.py | 2 +-
src/kimchi/control/storagepools.py | 2 +-
src/kimchi/control/storageservers.py | 2 +-
src/kimchi/control/templates.py | 2 +-
tests/test_authorization.py | 8 ++++----
8 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/kimchi/control/debugreports.py b/src/kimchi/control/debugreports.py
index 444cb07..d651eb1 100644
--- a/src/kimchi/control/debugreports.py
+++ b/src/kimchi/control/debugreports.py
@@ -22,7 +22,7 @@
from kimchi.control.utils import UrlSubNode
-@UrlSubNode("debugreports", True, ['GET', 'PUT',
'POST'])
+@UrlSubNode("debugreports", True, ['GET', 'PUT',
'POST', 'DELETE'])
class DebugReports(AsyncCollection):
def __init__(self, model):
super(DebugReports, self).__init__(model)
diff --git a/src/kimchi/control/host.py b/src/kimchi/control/host.py
index ebf1bed..9158565 100644
--- a/src/kimchi/control/host.py
+++ b/src/kimchi/control/host.py
@@ -25,7 +25,7 @@
from kimchi.template import render
-@UrlSubNode("host", True, ['POST'])
+@UrlSubNode("host", True, ['GET', 'PUT', 'POST',
'DELETE'])
class Host(Resource):
def __init__(self, model, id=None):
super(Host, self).__init__(model, id)
diff --git a/src/kimchi/control/interfaces.py b/src/kimchi/control/interfaces.py
index 3f353a9..6ae688d 100644
--- a/src/kimchi/control/interfaces.py
+++ b/src/kimchi/control/interfaces.py
@@ -21,7 +21,7 @@
from kimchi.control.utils import UrlSubNode
-@UrlSubNode("interfaces")
+@UrlSubNode("interfaces", True, ['GET'])
class Interfaces(Collection):
def __init__(self, model):
super(Interfaces, self).__init__(model)
diff --git a/src/kimchi/control/networks.py b/src/kimchi/control/networks.py
index b905891..431a01f 100644
--- a/src/kimchi/control/networks.py
+++ b/src/kimchi/control/networks.py
@@ -21,7 +21,7 @@
from kimchi.control.utils import UrlSubNode
-@UrlSubNode("networks", True, ['POST', 'DELETE'])
+@UrlSubNode("networks", True, ['PUT', 'POST',
'DELETE'])
class Networks(Collection):
def __init__(self, model):
super(Networks, self).__init__(model)
diff --git a/src/kimchi/control/storagepools.py b/src/kimchi/control/storagepools.py
index b75bca0..2adaa30 100644
--- a/src/kimchi/control/storagepools.py
+++ b/src/kimchi/control/storagepools.py
@@ -28,7 +28,7 @@
from kimchi.control.utils import UrlSubNode
-@UrlSubNode("storagepools", True, ['POST', 'DELETE'])
+@UrlSubNode("storagepools", True, ['PUT', 'POST',
'DELETE'])
class StoragePools(Collection):
def __init__(self, model):
super(StoragePools, self).__init__(model)
diff --git a/src/kimchi/control/storageservers.py b/src/kimchi/control/storageservers.py
index 515120f..068f9ae 100644
--- a/src/kimchi/control/storageservers.py
+++ b/src/kimchi/control/storageservers.py
@@ -22,7 +22,7 @@
from kimchi.control.utils import get_class_name, model_fn, UrlSubNode
-@UrlSubNode("storageservers", True)
+@UrlSubNode("storageservers", True, ['GET'])
class StorageServers(Collection):
def __init__(self, model):
super(StorageServers, self).__init__(model)
diff --git a/src/kimchi/control/templates.py b/src/kimchi/control/templates.py
index a535960..7a203a5 100644
--- a/src/kimchi/control/templates.py
+++ b/src/kimchi/control/templates.py
@@ -21,7 +21,7 @@
from kimchi.control.utils import UrlSubNode
-@UrlSubNode("templates", True, ['PUT', 'DELETE'])
+@UrlSubNode("templates", True, ['GET', 'PUT', 'POST',
'DELETE'])
class Templates(Collection):
def __init__(self, model):
super(Templates, self).__init__(model)
diff --git a/tests/test_authorization.py b/tests/test_authorization.py
index 196625e..03f8a88 100644
--- a/tests/test_authorization.py
+++ b/tests/test_authorization.py
@@ -61,11 +61,11 @@ def setUp(self):
def test_nonroot_access(self):
# Non-root users can access static host information
resp = self.request('/host', '{}', 'GET')
- self.assertEquals(200, resp.status)
+ self.assertEquals(403, resp.status)
# Non-root users can access host stats
resp = self.request('/host/stats', '{}', 'GET')
- self.assertEquals(200, resp.status)
+ self.assertEquals(403, resp.status)
# Non-root users can not reboot/shutdown host system
resp = self.request('/host/reboot', '{}', 'POST')
@@ -102,10 +102,10 @@ def test_nonroot_access(self):
# Non-root users can not update or delete a template
# but he can get and create a new one
resp = self.request('/templates', '{}', 'GET')
- self.assertEquals(200, resp.status)
+ self.assertEquals(403, resp.status)
req = json.dumps({'name': 'test', 'cdrom':
'/nonexistent.iso'})
resp = self.request('/templates', req, 'POST')
- self.assertEquals(201, resp.status)
+ self.assertEquals(403, resp.status)
resp = self.request('/templates/test', '{}', 'PUT')
self.assertEquals(403, resp.status)
resp = self.request('/templates/test', '{}', 'DELETE')
--
1.9.3