Glance

non-admin user get error code "500" if he tries to deactivate the image hosted by admin which have visibility "public"

Bug #1485940 reported by Piyush Pathak
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
High
Niall Bunting
Glance mitaka-1 "m1"
Kilo
In Progress
High
Flavio Percoco
Liberty
In Progress
High
Flavio Percoco

Bug Description

Description:
non-admin user get error code "500" if he tries to deactivate the image hosted by admin which have visibility "public" which is not user friendly it should raise response 403 forbidden.

Steps:
scenario was tested using tempest.
1. image was uploaded by admin user with visibility "public" using api.
2. deactivate request was generated by non-admin user using api.
3. In response header "500" was received.

Expected:
1. even if non-admin user is not allowed to deactivate image uploaded by admin user having visibility "public", response should contain "403 forbidden" to give meaning full information to user that he is not authorized to perform this act.

Revision history for this message
Piyush Pathak (cyperxprt) wrote :
Niall Bunting (niall-bunting)
Changed in glance:
assignee: nobody → Niall Bunting (niall-bunting)
status: New → Confirmed
OpenStack Infra (hudson-openstack)
Changed in glance:
status: Confirmed → In Progress
Louis Taylor (kragniz)
Changed in glance:
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/215656
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=15c08d822af0e4f2c488433210fe240a282b6d86
Submitter: Jenkins
Branch: master

commit 15c08d822af0e4f2c488433210fe240a282b6d86
Author: NiallBunting <email address hidden>
Date: Fri Aug 21 14:19:20 2015 +0000

    Cause forbidden when deactivating image(non-admin)

    If a user tries to deactivate an image that is hosted by the admin that
    has public visiblity, it will currently return a 500 error. This changes
    that behaviour to return a Forbidden.

    Closes-Bug: 1485940
    Change-Id: Id7f645fc599e57f6c0842bba2b7a2f3db52784ae

Changed in glance:
status: In Progress → Fix Committed
Erno Kuvaja (jokke)
Changed in glance:
importance: Low → High
Revision history for this message
Flavio Percoco (flaper87) wrote :

Kilo: https://review.openstack.org/248856
Liberty: https://review.openstack.org/248855

Flavio Percoco (flaper87)
Changed in glance:
milestone: none → mitaka-1
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/glance 12.0.0.0b1

This issue was fixed in the openstack/glance 12.0.0.0b1 development milestone.

Doug Hellmann (doug-hellmann)
Changed in glance:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on glance (stable/liberty)

Change abandoned by Flavio Percoco (<email address hidden>) on branch: stable/liberty
Review: https://review.openstack.org/248855

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on glance (stable/kilo)

Change abandoned by Dave Walker (<email address hidden>) on branch: stable/kilo
Review: https://review.openstack.org/248856
Reason: Kilo is now approaching EOL. We are in freeze pending the final release and no freeze exception has been raised. Therefore I am abandoning this change, if it is required in the release - please restore and raise a request. Thanks

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.