)]}'
{"octavia/api/v2/controllers/base.py":[{"author":{"_account_id":26647,"name":"Vadim Kuznetsov","email":"vakuznet@cisco.com","username":"vakuznet"},"change_message_id":"2557c2dd67eba4316f14453fdd33309ba0fb8c9f","unresolved":false,"context_lines":[{"line_number":237,"context_line":"                raise exceptions.PolicyForbidden()"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"            # Check authorization to list objects under this project"},{"line_number":240,"context_line":"            self._auth_validate_action(context, project_id,"},{"line_number":241,"context_line":"                                       constants.RBAC_GET_ALL)"},{"line_number":242,"context_line":"        if project_id is None:"},{"line_number":243,"context_line":"            query_filter \u003d {}"}],"source_content_type":"text/x-python","patch_set":2,"id":"9f560f44_1314924c","line":240,"updated":"2020-09-22 13:39:06.000000000","message":"return value is not checked.","commit_id":"9453701fb46f0ad23dae00b3a3792bb379978d0e"},{"author":{"_account_id":26647,"name":"Vadim Kuznetsov","email":"vakuznet@cisco.com","username":"vakuznet"},"change_message_id":"2557c2dd67eba4316f14453fdd33309ba0fb8c9f","unresolved":false,"context_lines":[{"line_number":250,"context_line":"        action \u003d \u0027{rbac_obj}{action}\u0027.format("},{"line_number":251,"context_line":"            rbac_obj\u003dself.RBAC_TYPE, action\u003daction)"},{"line_number":252,"context_line":"        target \u003d {\u0027project_id\u0027: project_id}"},{"line_number":253,"context_line":"        policy.get_enforcer().authorize(action, target, context)"},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"    def _filter_fields(self, object_list, fields):"},{"line_number":256,"context_line":"        if CONF.api_settings.allow_field_selection:"}],"source_content_type":"text/x-python","patch_set":2,"id":"9f560f44_ee2655ba","line":253,"updated":"2020-09-22 13:39:06.000000000","message":"do_raise default is false. so it will not raise PolicyNotAuthorized, but rather return results, which are not checked #L240","commit_id":"9453701fb46f0ad23dae00b3a3792bb379978d0e"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"2384c0ece478ecf073ec5c02dd705aa0868e53e9","unresolved":false,"context_lines":[{"line_number":250,"context_line":"        action \u003d \u0027{rbac_obj}{action}\u0027.format("},{"line_number":251,"context_line":"            rbac_obj\u003dself.RBAC_TYPE, action\u003daction)"},{"line_number":252,"context_line":"        target \u003d {\u0027project_id\u0027: project_id}"},{"line_number":253,"context_line":"        policy.get_enforcer().authorize(action, target, context)"},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"    def _filter_fields(self, object_list, fields):"},{"line_number":256,"context_line":"        if CONF.api_settings.allow_field_selection:"}],"source_content_type":"text/x-python","patch_set":2,"id":"9f560f44_184caa74","line":253,"in_reply_to":"9f560f44_ee2655ba","updated":"2020-09-22 15:32:15.000000000","message":"Yeah, I wondered the same on this. However, this is a custom authorize class that defaults to do_raise:\nhttps://github.com/openstack/octavia/blob/master/octavia/common/policy.py#L71\nIt\u0027s a bit odd really, but I know the authorize class had to be overriden. For code clarity, it might be good to go through and put the do_raise true in the code as documentation.","commit_id":"9453701fb46f0ad23dae00b3a3792bb379978d0e"}]}
