← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #36968

[Bug 1485940] [NEW] non-admin user get error code "500" if he tries to deactivate the image hosted by admin which have visibility "public"

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Description:
non-admin user  get error code "500"  if he  tries to deactivate the image hosted by admin which have visibility "public" which is not user friendly it should raise response 403 forbidden.

Steps:
scenario was tested using tempest.
1. image was uploaded by admin user with visibility "public" using api.
2. deactivate request was generated by non-admin user using api.
3. In response header "500" was received.

Expected:
1. even if non-admin user is not allowed to deactivate image uploaded by admin user having visibility "public", response should contain "403 forbidden" to give meaning full information to user that he is not authorized to perform this act.

** Affects: glance
     Importance: Undecided
         Status: New

** Attachment added: "this is the tempest script used to reproduce bug"
   https://bugs.launchpad.net/bugs/1485940/+attachment/4446773/+files/test_image_activate_deactivate.py

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1485940

Title:
  non-admin user  get error code "500"  if he  tries to deactivate the
  image hosted by admin which have visibility "public"

Status in Glance:
  New

Bug description:
  Description:
  non-admin user  get error code "500"  if he  tries to deactivate the image hosted by admin which have visibility "public" which is not user friendly it should raise response 403 forbidden.

  Steps:
  scenario was tested using tempest.
  1. image was uploaded by admin user with visibility "public" using api.
  2. deactivate request was generated by non-admin user using api.
  3. In response header "500" was received.

  Expected:
  1. even if non-admin user is not allowed to deactivate image uploaded by admin user having visibility "public", response should contain "403 forbidden" to give meaning full information to user that he is not authorized to perform this act.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1485940/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next