commit 0a9611962d0fb6bdffa9c65c9021ff96972eda90
Author: Alexander Tivelkov <email address hidden>
Date: Fri Aug 28 19:10:04 2015 +0300
Fixed non-owner write-access to artifacts
There was no check for write-access priviledges during all the
mutating operations with artifacts (updates, patches, deletes,
actiovations etc), so any user who has an access to an artifact could
modify it. Because of this, non-owners could modify public artifacts
which was a major security issue.
Now this is addressed and an appropriate set of tests added to
prevent possible regressions.
Reviewed: https:/ /review. openstack. org/218379 /git.openstack. org/cgit/ openstack/ glance/ commit/ ?id=0a9611962d0 fb6bdffa9c65c90 21ff96972eda90
Committed: https:/
Submitter: Jenkins
Branch: master
commit 0a9611962d0fb6b dffa9c65c9021ff 96972eda90
Author: Alexander Tivelkov <email address hidden>
Date: Fri Aug 28 19:10:04 2015 +0300
Fixed non-owner write-access to artifacts
There was no check for write-access priviledges during all the
mutating operations with artifacts (updates, patches, deletes,
actiovations etc), so any user who has an access to an artifact could
modify it. Because of this, non-owners could modify public artifacts
which was a major security issue.
Now this is addressed and an appropriate set of tests added to
prevent possible regressions.
FastTrack 9ababed2ba9b975 59ef5ea6d6c
Change-Id: I2f4c2d70b74ae3
Closes-bug: #1489902