commit cce2af5a48de737869d53eeafdb0532eede136d4
Author: Mark Washenberger <mark.washenberger@rackspace.com>
Date:   Wed Oct 10 20:23:24 2012 +0000

    Add a test for bug 1065187.
    
    This is done separately from the bug fix to make it easier to apply the
    fix to older branches.
    
    Change-Id: I8964da5d074aabadbdcf8c6b7ef844b616e1aca4

diff --git a/glance/tests/stubs.py b/glance/tests/stubs.py
index fecea11..92dcf90 100644
--- a/glance/tests/stubs.py
+++ b/glance/tests/stubs.py
@@ -60,7 +60,13 @@ class FakeRegistryConnection(object):
 
     def getresponse(self):
         mapper = routes.Mapper()
-        api = context.UnauthenticatedContextMiddleware(rserver.API(mapper))
+        server = rserver.API(mapper)
+        # NOTE(markwash): we need to pass through context auth information if
+        # we have it.
+        if 'X-Auth-Token' in self.req.headers:
+            api = utils.FakeAuthMiddleware(server)
+        else:
+            api = context.UnauthenticatedContextMiddleware(server)
         webob_res = self.req.get_response(api)
 
         return utils.FakeHTTPResponse(status=webob_res.status_int,
diff --git a/glance/tests/unit/v1/test_api.py b/glance/tests/unit/v1/test_api.py
index ce09aab..1a18bde 100644
--- a/glance/tests/unit/v1/test_api.py
+++ b/glance/tests/unit/v1/test_api.py
@@ -2930,6 +2930,26 @@ class TestGlanceAPI(base.IsolatedUnitTest):
         res = req.get_response(self.api)
         self.assertEquals(res.status_int, webob.exc.HTTPNotFound.code)
 
+    def test_delete_not_allowed(self):
+        # Verify we can get the image data
+        req = webob.Request.blank("/images/%s" % UUID2)
+        req.method = 'GET'
+        req.headers['X-Auth-Token'] = 'user:tenant:'
+        res = req.get_response(self.api)
+        self.assertEqual(res.status_int, 200)
+        self.assertEqual(len(res.body), 19)
+
+        # Verify we cannot delete the image
+        req.method = 'DELETE'
+        res = req.get_response(self.api)
+        self.assertEqual(res.status_int, 403)
+
+        # Verify the image data is still there
+        req.method = 'GET'
+        res = req.get_response(self.api)
+        self.assertEqual(res.status_int, 200)
+        self.assertEqual(len(res.body), 19)
+
     def test_delete_queued_image(self):
         """Delete an image in a queued state
 
diff --git a/glance/tests/utils.py b/glance/tests/utils.py
index 8054732..9971bf5 100644
--- a/glance/tests/utils.py
+++ b/glance/tests/utils.py
@@ -369,6 +369,7 @@ class FakeAuthMiddleware(wsgi.Middleware):
             'tenant': tenant,
             'roles': roles,
             'is_admin': self.is_admin,
+            'auth_tok': auth_tok,
         }
 
         req.context = context.RequestContext(**kwargs)