registry team mailing list archive

Thread
Date

[Bug 644092] Re: authorization not checked in ec2 api

To: registry@xxxxxxxxxxxxxxxxxxx
From: Soren Hansen <soren@xxxxxxxxxx>
Date: Tue, 21 Sep 2010 12:16:31 -0000
Reply-to: Bug 644092 <644092@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I think those rbac decorators all over the cloud API got me fooled into
thinking this was taken care of.

Now that I think about it, I'm not sure how they're supposed to work?
They're applied before the object(s) being accessed are even known, so
it only really checks if context.user has the given role on
context.project, right? So any checks further down should check whether
the object being accessed belongs to context.project. Is that accurate?

-- 
authorization not checked in ec2 api
https://bugs.launchpad.net/bugs/644092
You received this bug notification because you are a member of Registry
Administrators, which is subscribed to OpenStack.

Follow ups

Re: [Bug 644092] Re: authorization not checked in ec2 api
From: Michael Gundlach, 2010-09-21

References

[Bug 644092] [NEW] authorization not checked in ec2 api
From: anotherjesse, 2010-09-21