Limited authority viewer unable to see image details without location field
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Triaged
|
Wishlist
|
Feilong Wang |
Bug Description
Actually, it's an improvement of bug https:/
1. OpenStack has CONF.show_
2. OpenStack also has users with viewer only authority that are not to be allowed to see the location. Viewer has these policy grants: "get_images", "get_image" to access image details, but does not have "get_image_
To allow for this, could the code be changed to put this except around the location access like this:
try:
if CONF.show_
if CONF.show_
except exception.
# log exception as warning
This would allow the 'viewer' to get list of images and image details but would not let them see the location that they are not allowed to view. TBH, I'm not really sure if it's a good idea to swallow the Forbidden exception. But obviously, it's breaking user's capability of image list.
Changed in glance: | |
assignee: | nobody → Fei Long Wang (flwang) |
Changed in glance: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |