Comment 1 for bug 1443512

Using the latest devstack, I did some tests on this senario.

1. user demo create an image, the image by default is 'private'

2. issue command to set private, success. (no changes)
curl -i -X PATCH -H 'Content-Type: application/openstack-images-v2.1-json-patch' -H 'X-Auth-Token: e1b9454607e54f74b0439931e469cf68' -d '[{"op": "add", "path": "/visibility", "value": "private"}]' http://devstack:9292/v2/images/3ce7864a-ebb7-426d-afc0-a7d756529a16

3. issue command to set 'public', failed with 403. (No permission to set public)

4. swtich to user admin, change the image property to 'public', success

5. switch back to user demo, change image property to 'private', success.

This behavior is reasonable to me, since demo is the owner of the image, he should have the permission of setting it to 'private'.

Could you clarify your test?
1). the detailed steps and setup of test
2). Why do you think this is a bug? maybe we have misunderstanding of the V2 PATCH method?