From: Leonardo Garcia <lagarcia@br.ibm.com> There is a need to restrict access to the REST API /host on POST, PUT, and DELETE HTTP methods to user with admin rights. In the context of the authorization feature developed, that means the user needs to have sudo rights to run any commands on the system in order to be able to access the /host REST API using POST, PUT, and DELETE HTTP methods. Signed-off-by: Leonardo Garcia <lagarcia@br.ibm.com> --- src/kimchi/control/host.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/kimchi/control/host.py b/src/kimchi/control/host.py index 053c822..624e0d2 100644 --- a/src/kimchi/control/host.py +++ b/src/kimchi/control/host.py @@ -27,7 +27,7 @@ from kimchi.control.base import Collection, Resource from kimchi.control.utils import UrlSubNode -@UrlSubNode("host", True) +@UrlSubNode("host", True, ['POST', 'PUT', 'DELETE']) class Host(Resource): def __init__(self, model, id=None): super(Host, self).__init__(model, id) -- 1.8.5.3