
From: Aline Manera <alinefm@linux.vnet.ibm.com> Each API must specify which requests methods are exclusive for the admin role. Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com> --- src/kimchi/control/debugreports.py | 2 +- src/kimchi/control/host.py | 2 +- src/kimchi/control/interfaces.py | 2 +- src/kimchi/control/networks.py | 2 +- src/kimchi/control/storagepools.py | 2 +- src/kimchi/control/storageservers.py | 2 +- src/kimchi/control/templates.py | 2 +- tests/test_authorization.py | 8 ++++---- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/kimchi/control/debugreports.py b/src/kimchi/control/debugreports.py index 444cb07..d651eb1 100644 --- a/src/kimchi/control/debugreports.py +++ b/src/kimchi/control/debugreports.py @@ -22,7 +22,7 @@ from kimchi.control.utils import UrlSubNode -@UrlSubNode("debugreports", True, ['GET', 'PUT', 'POST']) +@UrlSubNode("debugreports", True, ['GET', 'PUT', 'POST', 'DELETE']) class DebugReports(AsyncCollection): def __init__(self, model): super(DebugReports, self).__init__(model) diff --git a/src/kimchi/control/host.py b/src/kimchi/control/host.py index ebf1bed..9158565 100644 --- a/src/kimchi/control/host.py +++ b/src/kimchi/control/host.py @@ -25,7 +25,7 @@ from kimchi.template import render -@UrlSubNode("host", True, ['POST']) +@UrlSubNode("host", True, ['GET', 'PUT', 'POST', 'DELETE']) class Host(Resource): def __init__(self, model, id=None): super(Host, self).__init__(model, id) diff --git a/src/kimchi/control/interfaces.py b/src/kimchi/control/interfaces.py index 3f353a9..6ae688d 100644 --- a/src/kimchi/control/interfaces.py +++ b/src/kimchi/control/interfaces.py @@ -21,7 +21,7 @@ from kimchi.control.utils import UrlSubNode -@UrlSubNode("interfaces") +@UrlSubNode("interfaces", True, ['GET']) class Interfaces(Collection): def __init__(self, model): super(Interfaces, self).__init__(model) diff --git a/src/kimchi/control/networks.py b/src/kimchi/control/networks.py index b905891..431a01f 100644 --- a/src/kimchi/control/networks.py +++ b/src/kimchi/control/networks.py @@ -21,7 +21,7 @@ from kimchi.control.utils import UrlSubNode -@UrlSubNode("networks", True, ['POST', 'DELETE']) +@UrlSubNode("networks", True, ['PUT', 'POST', 'DELETE']) class Networks(Collection): def __init__(self, model): super(Networks, self).__init__(model) diff --git a/src/kimchi/control/storagepools.py b/src/kimchi/control/storagepools.py index b75bca0..2adaa30 100644 --- a/src/kimchi/control/storagepools.py +++ b/src/kimchi/control/storagepools.py @@ -28,7 +28,7 @@ from kimchi.control.utils import UrlSubNode -@UrlSubNode("storagepools", True, ['POST', 'DELETE']) +@UrlSubNode("storagepools", True, ['PUT', 'POST', 'DELETE']) class StoragePools(Collection): def __init__(self, model): super(StoragePools, self).__init__(model) diff --git a/src/kimchi/control/storageservers.py b/src/kimchi/control/storageservers.py index 515120f..068f9ae 100644 --- a/src/kimchi/control/storageservers.py +++ b/src/kimchi/control/storageservers.py @@ -22,7 +22,7 @@ from kimchi.control.utils import get_class_name, model_fn, UrlSubNode -@UrlSubNode("storageservers", True) +@UrlSubNode("storageservers", True, ['GET']) class StorageServers(Collection): def __init__(self, model): super(StorageServers, self).__init__(model) diff --git a/src/kimchi/control/templates.py b/src/kimchi/control/templates.py index a535960..7a203a5 100644 --- a/src/kimchi/control/templates.py +++ b/src/kimchi/control/templates.py @@ -21,7 +21,7 @@ from kimchi.control.utils import UrlSubNode -@UrlSubNode("templates", True, ['PUT', 'DELETE']) +@UrlSubNode("templates", True, ['GET', 'PUT', 'POST', 'DELETE']) class Templates(Collection): def __init__(self, model): super(Templates, self).__init__(model) diff --git a/tests/test_authorization.py b/tests/test_authorization.py index 196625e..03f8a88 100644 --- a/tests/test_authorization.py +++ b/tests/test_authorization.py @@ -61,11 +61,11 @@ def setUp(self): def test_nonroot_access(self): # Non-root users can access static host information resp = self.request('/host', '{}', 'GET') - self.assertEquals(200, resp.status) + self.assertEquals(403, resp.status) # Non-root users can access host stats resp = self.request('/host/stats', '{}', 'GET') - self.assertEquals(200, resp.status) + self.assertEquals(403, resp.status) # Non-root users can not reboot/shutdown host system resp = self.request('/host/reboot', '{}', 'POST') @@ -102,10 +102,10 @@ def test_nonroot_access(self): # Non-root users can not update or delete a template # but he can get and create a new one resp = self.request('/templates', '{}', 'GET') - self.assertEquals(200, resp.status) + self.assertEquals(403, resp.status) req = json.dumps({'name': 'test', 'cdrom': '/nonexistent.iso'}) resp = self.request('/templates', req, 'POST') - self.assertEquals(201, resp.status) + self.assertEquals(403, resp.status) resp = self.request('/templates/test', '{}', 'PUT') self.assertEquals(403, resp.status) resp = self.request('/templates/test', '{}', 'DELETE') -- 1.9.3