When one image member looks up the details of another image member, 404 is returned instead of 403.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Opinion
|
Undecided
|
Deepti Ramakrishna |
Bug Description
Suppose project1 and project2 are members of a non-public image. When user1, who belongs to project1, tries to get details of project2, we get 404 Not Found. 403 Forbidden would be more appropriate.
This bug is for the v2 api.
REPRO STEPS:
-------
$ export OS_USERNAME=user1
$ export OS_TENANT_
$ openstack token issue // returns 8eb78ce1d12e462
// project2 id: 6f2aec926def49b
// image id: e2846b31-
$ curl -g -i -X GET -H 'Content-Type: application/
EXPECTED HTTP RESPONSE CODE: 403 Forbidden
ACTUAL HTTP RESPONSE CODE: 404 Not Found
Changed in glance: | |
assignee: | nobody → Deepti Ramakrishna (dramakri) |
Changed in glance: | |
status: | In Progress → Confirmed |
status: | Confirmed → New |
Fix proposed to branch: master /review. openstack. org/178997
Review: https:/