I didn't apply this patch because the tests need to be updated to run
accordingly to this modification
I will update the tests in a new patch set and then apply it and all
changes to block Kimchi URIs to non-root users.
On 02/13/2014 12:28 AM, Leonardo Garcia wrote:
From: Leonardo Garcia <lagarcia(a)br.ibm.com>
There is a need to restrict access to the REST API /host on POST, PUT,
and DELETE HTTP methods to user with admin rights. In the context of the
authorization feature developed, that means the user needs to have sudo
rights to run any commands on the system in order to be able to access
the /host REST API using POST, PUT, and DELETE HTTP methods.
Signed-off-by: Leonardo Garcia <lagarcia(a)br.ibm.com>
---
src/kimchi/control/host.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/kimchi/control/host.py b/src/kimchi/control/host.py
index 053c822..624e0d2 100644
--- a/src/kimchi/control/host.py
+++ b/src/kimchi/control/host.py
@@ -27,7 +27,7 @@ from kimchi.control.base import Collection, Resource
from kimchi.control.utils import UrlSubNode
-@UrlSubNode("host", True)
+@UrlSubNode("host", True, ['POST', 'PUT', 'DELETE'])
class Host(Resource):
def __init__(self, model, id=None):
super(Host, self).__init__(model, id)