registry team mailing list archive

[Michael Gundlach <644092@xxxxxxxxxxxxxxxxxx>]

On Tue, Sep 21, 2010 at 8:16 AM, Soren Hansen <soren@xxxxxxxxxx> wrote:

> Now that I think about it, I'm not sure how they're supposed to work?
> They're applied before the object(s) being accessed are even known, so
> it only really checks if context.user has the given role on
> context.project, right? So any checks further down should check whether
> the object being accessed belongs to context.project. Is that accurate?
>

Yep, that's accurate.  The conversion from Tornado to eventlet (as of yet
unmerged to trunk) moves all that into an "Authorization" middleware.  It
might help clarify the code if that were renamed to "MethodAuthentication"
and we do data authentication somewhere else.


Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse@xxxxxxxxxxxxx, and delete the original message.
Your cooperation is appreciated.

-- 
authorization not checked in ec2 api
https://bugs.launchpad.net/bugs/644092
You received this bug notification because you are a member of Registry
Administrators, which is subscribed to OpenStack.