← Back to team overview

registry team mailing list archive

[Bug 644092] Re: authorization not checked in ec2 api

 

Soren wrote:

"Now that I think about it, I'm not sure how they're supposed to work?
They're applied before the object(s) being accessed are even known, so
it only really checks if context.user has the given role on
context.project, right? So any checks further down should check whether
the object being accessed belongs to context.project. Is that accurate?"

This is what I am proposing.  That the datalayer should check to see if
the project is allowed to access the object.

-- 
authorization not checked in ec2 api
https://bugs.launchpad.net/bugs/644092
You received this bug notification because you are a member of Registry
Administrators, which is subscribed to OpenStack.



Follow ups

References