Adding ACL check when new stored key order is submitted
Addressing case when new stored key order is requested and container used in
order is marked private via ACL. In that case, only creator user of container
and user(s) with 'read' ACL on container can request new order. For new order,
existing checks are still valid. 1) order project and container project needs
to be same. 2) user need to have 'admin' or 'creator' role as defined in
orders:post policy rule.
Reviewed: https:/ /review. openstack. org/176558 /git.openstack. org/cgit/ openstack/ barbican/ commit/ ?id=7dc48c5f73b 643a8afbaf0dfa1 a9b8de1c1807f8
Committed: https:/
Submitter: Jenkins
Branch: master
commit 7dc48c5f73b643a 8afbaf0dfa1a9b8 de1c1807f8
Author: Arun Kant <email address hidden>
Date: Wed Apr 22 17:27:03 2015 -0700
Adding ACL check when new stored key order is submitted
Addressing case when new stored key order is requested and container used in
order is marked private via ACL. In that case, only creator user of container
and user(s) with 'read' ACL on container can request new order. For new order,
existing checks are still valid. 1) order project and container project needs
to be same. 2) user need to have 'admin' or 'creator' role as defined in
orders:post policy rule.
Change-Id: I6b21aec8cc62de 2ed6b1cc1ee878d 756892c414d
Closes-bug: #1446266