[Kimchi-devel] [PATCH 1/5] authorization: Update authorization rules per API

alinefm at linux.vnet.ibm.com alinefm at linux.vnet.ibm.com
Wed Jul 16 21:52:28 UTC 2014 

From: Aline Manera <alinefm at linux.vnet.ibm.com>

Each API must specify which requests methods are exclusive for the admin
role.

Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
---
 src/kimchi/control/debugreports.py   | 2 +-
 src/kimchi/control/host.py           | 2 +-
 src/kimchi/control/interfaces.py     | 2 +-
 src/kimchi/control/networks.py       | 2 +-
 src/kimchi/control/storagepools.py   | 2 +-
 src/kimchi/control/storageservers.py | 2 +-
 src/kimchi/control/templates.py      | 2 +-
 tests/test_authorization.py          | 8 ++++----
 8 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/kimchi/control/debugreports.py b/src/kimchi/control/debugreports.py
index 444cb07..d651eb1 100644
--- a/src/kimchi/control/debugreports.py
+++ b/src/kimchi/control/debugreports.py
@@ -22,7 +22,7 @@
 from kimchi.control.utils import UrlSubNode
 
 
- at UrlSubNode("debugreports", True, ['GET', 'PUT', 'POST'])
+ at UrlSubNode("debugreports", True, ['GET', 'PUT', 'POST', 'DELETE'])
 class DebugReports(AsyncCollection):
     def __init__(self, model):
         super(DebugReports, self).__init__(model)
diff --git a/src/kimchi/control/host.py b/src/kimchi/control/host.py
index ebf1bed..9158565 100644
--- a/src/kimchi/control/host.py
+++ b/src/kimchi/control/host.py
@@ -25,7 +25,7 @@
 from kimchi.template import render
 
 
- at UrlSubNode("host", True, ['POST'])
+ at UrlSubNode("host", True, ['GET', 'PUT', 'POST', 'DELETE'])
 class Host(Resource):
     def __init__(self, model, id=None):
         super(Host, self).__init__(model, id)
diff --git a/src/kimchi/control/interfaces.py b/src/kimchi/control/interfaces.py
index 3f353a9..6ae688d 100644
--- a/src/kimchi/control/interfaces.py
+++ b/src/kimchi/control/interfaces.py
@@ -21,7 +21,7 @@
 from kimchi.control.utils import UrlSubNode
 
 
- at UrlSubNode("interfaces")
+ at UrlSubNode("interfaces", True, ['GET'])
 class Interfaces(Collection):
     def __init__(self, model):
         super(Interfaces, self).__init__(model)
diff --git a/src/kimchi/control/networks.py b/src/kimchi/control/networks.py
index b905891..431a01f 100644
--- a/src/kimchi/control/networks.py
+++ b/src/kimchi/control/networks.py
@@ -21,7 +21,7 @@
 from kimchi.control.utils import UrlSubNode
 
 
- at UrlSubNode("networks", True, ['POST', 'DELETE'])
+ at UrlSubNode("networks", True, ['PUT', 'POST', 'DELETE'])
 class Networks(Collection):
     def __init__(self, model):
         super(Networks, self).__init__(model)
diff --git a/src/kimchi/control/storagepools.py b/src/kimchi/control/storagepools.py
index b75bca0..2adaa30 100644
--- a/src/kimchi/control/storagepools.py
+++ b/src/kimchi/control/storagepools.py
@@ -28,7 +28,7 @@
 from kimchi.control.utils import UrlSubNode
 
 
- at UrlSubNode("storagepools", True, ['POST', 'DELETE'])
+ at UrlSubNode("storagepools", True, ['PUT', 'POST', 'DELETE'])
 class StoragePools(Collection):
     def __init__(self, model):
         super(StoragePools, self).__init__(model)
diff --git a/src/kimchi/control/storageservers.py b/src/kimchi/control/storageservers.py
index 515120f..068f9ae 100644
--- a/src/kimchi/control/storageservers.py
+++ b/src/kimchi/control/storageservers.py
@@ -22,7 +22,7 @@
 from kimchi.control.utils import get_class_name, model_fn, UrlSubNode
 
 
- at UrlSubNode("storageservers", True)
+ at UrlSubNode("storageservers", True, ['GET'])
 class StorageServers(Collection):
     def __init__(self, model):
         super(StorageServers, self).__init__(model)
diff --git a/src/kimchi/control/templates.py b/src/kimchi/control/templates.py
index a535960..7a203a5 100644
--- a/src/kimchi/control/templates.py
+++ b/src/kimchi/control/templates.py
@@ -21,7 +21,7 @@
 from kimchi.control.utils import UrlSubNode
 
 
- at UrlSubNode("templates", True, ['PUT', 'DELETE'])
+ at UrlSubNode("templates", True, ['GET', 'PUT', 'POST', 'DELETE'])
 class Templates(Collection):
     def __init__(self, model):
         super(Templates, self).__init__(model)
diff --git a/tests/test_authorization.py b/tests/test_authorization.py
index 196625e..03f8a88 100644
--- a/tests/test_authorization.py
+++ b/tests/test_authorization.py
@@ -61,11 +61,11 @@ def setUp(self):
     def test_nonroot_access(self):
         # Non-root users can access static host information
         resp = self.request('/host', '{}', 'GET')
-        self.assertEquals(200, resp.status)
+        self.assertEquals(403, resp.status)
 
         # Non-root users can access host stats
         resp = self.request('/host/stats', '{}', 'GET')
-        self.assertEquals(200, resp.status)
+        self.assertEquals(403, resp.status)
 
         # Non-root users can not reboot/shutdown host system
         resp = self.request('/host/reboot', '{}', 'POST')
@@ -102,10 +102,10 @@ def test_nonroot_access(self):
         # Non-root users can not update or delete a template
         # but he can get and create a new one
         resp = self.request('/templates', '{}', 'GET')
-        self.assertEquals(200, resp.status)
+        self.assertEquals(403, resp.status)
         req = json.dumps({'name': 'test', 'cdrom': '/nonexistent.iso'})
         resp = self.request('/templates', req, 'POST')
-        self.assertEquals(201, resp.status)
+        self.assertEquals(403, resp.status)
         resp = self.request('/templates/test', '{}', 'PUT')
         self.assertEquals(403, resp.status)
         resp = self.request('/templates/test', '{}', 'DELETE')
-- 
1.9.3

More information about the Kimchi-devel mailing list