Pecan: no authZ check on DELETE operations
Bug #1520180 reported by
Salvatore Orlando
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Salvatore Orlando |
Bug Description
Authorization checks are completely skipped on DELETE operations both in the 'before' and in the 'after' hooks.
This does not look great, and should be fixed.
Changed in neutron: | |
status: | New → In Progress |
Changed in neutron: | |
importance: | Undecided → High |
Changed in neutron: | |
milestone: | mitaka-1 → mitaka-2 |
To post a comment you must log in.
AISI, all request was authz check in policy hook. can you provide more detail where no authz check?