Comment 0 for bug 1006815

Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token

we can get the same result without a token in HTTP head.

Eg:
without a token
jason@ubuntu:~/project/keystone$ curl http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 72 100 72 0 0 308 0 --:--:-- --:--:-- --:--:-- 346
{
    "roles": [
        {
            "id": "06906f69ffd44ad0b9fc86d1c3d1bcbd",
            "name": "admin"
        }
    ]
}

with token
jason@ubuntu:~/project/keystone$ curl -H "X-Auth-Token:ecab59a3f4e2468b9934c24f8660a809" http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 72 100 72 0 0 242 0 --:--:-- --:--:-- --:--:-- 270
{
    "roles": [
        {
            "id": "06906f69ffd44ad0b9fc86d1c3d1bcbd",
            "name": "admin"
        }
    ]
}

What we expect:
without a token
jason@ubuntu:~/project/keystone$ curl http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 116 100 116 0 0 848 0 --:--:-- --:--:-- --:--:-- 1026
{
    "error": {
        "code": 401,
        "message": "The request you have made requires authentication.",
        "title": "Not Authorized"
    }
}

Attached is a diff of the changes.