commit 7686777023b6703230850280be895c154ef8f07d
Author: Anna Sortland <email address hidden>
Date: Thu Aug 27 15:36:11 2015 -0500
Earlier authority check for create volume API
create() API in cinder/volume/api.py does the authority check
in cinder/volume/flows/api/create_volume.py.
This creates potential for disclosing information during error checking
prior to user authorization being checked.
This fix will do authority check to create() itself, so that
it is done before proceeding with the rest of code flow.
Reviewed: https:/ /review. openstack. org/217899 /git.openstack. org/cgit/ openstack/ cinder/ commit/ ?id=7686777023b 6703230850280be 895c154ef8f07d
Committed: https:/
Submitter: Jenkins
Branch: master
commit 7686777023b6703 230850280be895c 154ef8f07d
Author: Anna Sortland <email address hidden>
Date: Thu Aug 27 15:36:11 2015 -0500
Earlier authority check for create volume API
create() API in cinder/ volume/ api.py does the authority check volume/ flows/api/ create_ volume. py.
in cinder/
This creates potential for disclosing information during error checking
prior to user authorization being checked.
This fix will do authority check to create() itself, so that
it is done before proceeding with the rest of code flow.
Change-Id: I27dbdf5f3ae4e3 d681cdbf77df107 06721254ffc
Closes-Bug: #1472031