Skip to content

Commit

Permalink
Require authz for user role list (bug 1006815)
Browse files Browse the repository at this point in the history
Change-Id: I65f25dcca3e265f44746930917434b45e64de15e
  • Loading branch information
dolph authored and apevec committed Jun 26, 2012
1 parent 24df3ad commit 14b136a
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
1 change: 1 addition & 0 deletions keystone/identity/core.py
Original file line number Diff line number Diff line change
Expand Up @@ -457,6 +457,7 @@ def get_user_roles(self, context, user_id, tenant_id=None):
not implementing them in hopes that the idea will die off.
"""
self.assert_admin(context)
if tenant_id is None:
raise exception.NotImplemented(message='User roles not supported: '
'tenant ID required')
Expand Down
11 changes: 11 additions & 0 deletions tests/test_content_types.py
Original file line number Diff line number Diff line change
Expand Up @@ -587,6 +587,17 @@ def test_service_crud_requires_auth(self):
expected_status=401)
self.assertValidErrorResponse(r)

def test_user_role_list_requires_auth(self):
"""User role list should 401 without an X-Auth-Token (bug 1006815)."""
# values here don't matter because we should 401 before they're checked
path = '/v2.0/tenants/%(tenant_id)s/users/%(user_id)s/roles' % {
'tenant_id': uuid.uuid4().hex,
'user_id': uuid.uuid4().hex,
}

r = self.admin_request(path=path, expected_status=401)
self.assertValidErrorResponse(r)


class XmlTestCase(RestfulTestCase, CoreApiTests):
xmlns = 'http://docs.openstack.org/identity/api/v2.0'
Expand Down

0 comments on commit 14b136a

Please sign in to comment.