yahoo-eng-team team mailing list archive

[Flavio Percoco <1485940@xxxxxxxxxxxxxxxxxx>]

Kilo: https://review.openstack.org/248856
Liberty: https://review.openstack.org/248855

** Also affects: glance/kilo
   Importance: Undecided
       Status: New

** Also affects: glance/liberty
   Importance: Undecided
       Status: New

** Changed in: glance/kilo
   Importance: Undecided => High

** Changed in: glance/liberty
   Importance: Undecided => High

** Changed in: glance/kilo
     Assignee: (unassigned) => Flavio Percoco (flaper87)

** Changed in: glance/liberty
     Assignee: (unassigned) => Flavio Percoco (flaper87)

** Changed in: glance/kilo
       Status: New => In Progress

** Changed in: glance/liberty
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1485940

Title:
  non-admin user  get error code "500"  if he  tries to deactivate the
  image hosted by admin which have visibility "public"

Status in Glance:
  Fix Committed
Status in Glance kilo series:
  In Progress
Status in Glance liberty series:
  In Progress

Bug description:
  Description:
  non-admin user  get error code "500"  if he  tries to deactivate the image hosted by admin which have visibility "public" which is not user friendly it should raise response 403 forbidden.

  Steps:
  scenario was tested using tempest.
  1. image was uploaded by admin user with visibility "public" using api.
  2. deactivate request was generated by non-admin user using api.
  3. In response header "500" was received.

  Expected:
  1. even if non-admin user is not allowed to deactivate image uploaded by admin user having visibility "public", response should contain "403 forbidden" to give meaning full information to user that he is not authorized to perform this act.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1485940/+subscriptions