Merge lp://qastaging/~rvb/maas/maas-security-model-api2 into lp://qastaging/~maas-committers/maas/trunk
Proposed by
Raphaël Badin
| Status: | Merged |
|---|---|
| Approved by: | Raphaël Badin |
| Approved revision: | no longer in the source branch. |
| Merged at revision: | 46 |
| Proposed branch: | lp://qastaging/~rvb/maas/maas-security-model-api2 |
| Merge into: | lp://qastaging/~maas-committers/maas/trunk |
| Prerequisite: | lp://qastaging/~rvb/maas/maas-templates-fixes |
| Diff against target: |
594 lines (+213/-52) 8 files modified
docs/models.rst (+2/-0) src/maas/settings.py (+4/-0) src/maasserver/api.py (+40/-9) src/maasserver/models.py (+36/-7) src/maasserver/testing/__init__.py (+24/-0) src/maasserver/tests/test_api.py (+100/-27) src/maasserver/tests/test_auth.py (+6/-8) src/maasserver/views.py (+1/-1) |
| To merge this branch: | bzr merge lp://qastaging/~rvb/maas/maas-security-model-api2 |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Gavin Panella (community) | Approve | ||
|
Review via email:
|
|||
Commit message
Apply security to the API.
Description of the change
This branch is the second (and final) branch to use the security mechanisms introduced in ~rvb/maas/
= Notes =
I've removed the admin special case in the backend and in the tests because django already enforces the fact that an admin has all the permissions.
To post a comment you must log in.
Revision history for this message
| Raphaël Badin (rvb) wrote | # |
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
Looks good :)
[1]
+ try:
...
+ except PermissionDenied:
+ return rc.FORBIDDEN
This appears in many places. Is it worth creating a decorator that
changes uncaught PermissionDenied exceptions into rc.FORBIDDEN?
[2]
There's get_visible_
ought to be renamed get_visible_nodes to match, and so that it doesn't
resemble a property.
[3]
+ :type user: django.
s/[.]$//
This is shown withing braces in the generated docs and looks funny
with a full-stop at the end.