yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1261104] Re: trustee not able to perform role operations

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 22 Jan 2014 15:47:27 -0000
Reply-to: Bug 1261104 <1261104@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => icehouse-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1261104

Title:
  trustee not able to perform role operations

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  There is a conditional in the trust controller that is issued for all
  role based operations (get/list/check) roles

  _admin_trustor_trustee_only(context, trust, user_id):
      if (user_id != trust.get('trustor_user_id') and  user_id != trust.get('trustor_user_id') and context['is_admin']):
         raise exception.Forbidden()

  There are two checks for matching trustor, when one should be trustee.
  Also the admin check is pointless, since it should be just trustee or trustor.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1261104/+subscriptions

References

[Bug 1261104] [NEW] trustee not able to perform role operations
From: Steve Martinelli, 2013-12-15