)]}'
{"nova/policies/flavor_access.py":[{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"9738c61c38c432cbfb934d8b75f4a54b2dc57c10","unresolved":false,"context_lines":[{"line_number":65,"context_line":"        scope_types\u003d[\u0027system\u0027]),"},{"line_number":66,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":67,"context_line":"        name\u003dBASE_POLICY_NAME,"},{"line_number":68,"context_line":"        check_str\u003dbase.SYSTEM_READER,"},{"line_number":69,"context_line":"        description\u003d\"\"\"List flavor access information"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"Allows access to the full list of tenants that have access"}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_f5a19baa","line":68,"updated":"2020-03-19 17:58:27.000000000","message":"You know... I think this probably should be anyone that has access to the flavor... although I can see the agrument for keeping it simple and making it admin only.\n\nI guess the idea was its open to everyone, and you need to know the uuid to find out the information.","commit_id":"51abb44ee7125f52f4c7be47473402107b1f7e05"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"62566f26c5d575167f279e66ccccb10a463e33bf","unresolved":false,"context_lines":[{"line_number":65,"context_line":"        scope_types\u003d[\u0027system\u0027]),"},{"line_number":66,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":67,"context_line":"        name\u003dBASE_POLICY_NAME,"},{"line_number":68,"context_line":"        check_str\u003dbase.SYSTEM_READER,"},{"line_number":69,"context_line":"        description\u003d\"\"\"List flavor access information"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"Allows access to the full list of tenants that have access"}],"source_content_type":"text/x-python","patch_set":3,"id":"df33271e_d234644d","line":68,"in_reply_to":"1fa4df85_943f0024","updated":"2020-03-27 01:02:19.000000000","message":"but against whom to check the context.project_id ? It should be against the tenants who has access to flavor which is nothing but this API. \n\nor keeping it @ and anyone who does not have access to flavor will get 404 which does not leak any info.","commit_id":"51abb44ee7125f52f4c7be47473402107b1f7e05"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"d10b9f2ea9323f887dc173107a3d7203fc4a27af","unresolved":false,"context_lines":[{"line_number":65,"context_line":"        scope_types\u003d[\u0027system\u0027]),"},{"line_number":66,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":67,"context_line":"        name\u003dBASE_POLICY_NAME,"},{"line_number":68,"context_line":"        check_str\u003dbase.SYSTEM_READER,"},{"line_number":69,"context_line":"        description\u003d\"\"\"List flavor access information"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"Allows access to the full list of tenants that have access"}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_943f0024","line":68,"in_reply_to":"1fa4df85_f5799bfb","updated":"2020-03-20 09:21:41.000000000","message":"It might be easier to only check the context.project_id if this rule fails. Just do a 404 you don\u0027t either pass this rule or have access to the flavor? Keeps it simpler maybe?","commit_id":"51abb44ee7125f52f4c7be47473402107b1f7e05"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"318b2b9fe5a095d62202882695a78f324780a768","unresolved":false,"context_lines":[{"line_number":65,"context_line":"        scope_types\u003d[\u0027system\u0027]),"},{"line_number":66,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":67,"context_line":"        name\u003dBASE_POLICY_NAME,"},{"line_number":68,"context_line":"        check_str\u003dbase.SYSTEM_READER,"},{"line_number":69,"context_line":"        description\u003d\"\"\"List flavor access information"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"Allows access to the full list of tenants that have access"}],"source_content_type":"text/x-python","patch_set":3,"id":"1fa4df85_f5799bfb","line":68,"in_reply_to":"1fa4df85_f5a19baa","updated":"2020-03-19 18:10:40.000000000","message":"Yeah, we can open it to all who have access to flavor. As it has multiple owner concepts, we need to add some extra logic for this API. \n\n- verify the context.can() with all the tenants who have access to it as target against the requested context tenant. it will loop. oslo policy does not support multiple owner concept I think.\n\nlet me try that.","commit_id":"51abb44ee7125f52f4c7be47473402107b1f7e05"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"bcafca81150631384acfcb3dfdb3230c869cf889","unresolved":false,"context_lines":[{"line_number":65,"context_line":"        scope_types\u003d[\u0027system\u0027]),"},{"line_number":66,"context_line":"    policy.DocumentedRuleDefault("},{"line_number":67,"context_line":"        name\u003dBASE_POLICY_NAME,"},{"line_number":68,"context_line":"        check_str\u003dbase.SYSTEM_READER,"},{"line_number":69,"context_line":"        description\u003d\"\"\"List flavor access information"},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"Allows access to the full list of tenants that have access"}],"source_content_type":"text/x-python","patch_set":3,"id":"df33271e_74e7ed13","line":68,"in_reply_to":"df33271e_d234644d","updated":"2020-03-27 10:28:54.000000000","message":"Yeah, I like 404 for anyone without access to the flavor. \n\nMaybe it should have the same permissions as list flavors, except for that extra check that triggers a 404 if you don\u0027t have access to the flavor?","commit_id":"51abb44ee7125f52f4c7be47473402107b1f7e05"}]}