Actions
Issue #8152
closed
viewset_name stored for AccessPolicy doesn't take parent viewset into account
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 89
Quarter:
Description
Currently for the plugin viewsets like the subclasses of RepositoryVersion, which have a parent viewset, viewset_name for AccessPolicy is defined incorrectly.
At the moment all plugin RepositoryVersions will have one default policy and one viewset_name used.
It prevents each plugin to define their default policies, and to define different default policies for different types of the same resource within a plugin.
Current result (see the viewset_name)
pulp_id | 266dcffc-7c8d-4516-8216-45378b217de8
pulp_created | 2021-01-25 12:34:17.932316+00
pulp_last_updated | 2021-01-25 12:34:17.932346+00
statements | [{"action": ["list"], "effect": "allow", "principal": "authenticated"}, {"action": ["retrieve"], "effect": "allow", "condition": "has_repo_model_or_obj_perm
s:container.view_containerpushrepository", "principal": "authenticated"}, {"action": ["destroy"], "effect": "allow", "condition": "has_pushrepoversion_delete_perms", "principal": "a
uthenticated"}]
viewset_name | versions
permissions_assignment |
Expected result:
pulp_id | ea39b491-1fca-4a2f-98bc-8ad99739f3e1
pulp_created | 2021-01-25 13:20:23.815131+00
pulp_last_updated | 2021-01-25 13:20:23.815152+00
statements | [{"action": ["list"], "effect": "allow", "principal": "authenticated"}, {"action": ["retrieve"], "effect": "allow", "condition": "has_repo_param_model_or_ob
j_perms:container.view_containerpushrepository", "principal": "authenticated"}, {"action": ["destroy"], "effect": "allow", "condition": "has_pushrepoversion_delete_perms", "principa
l": "authenticated"}]
viewset_name | repositories/container/container-push/versions
permissions_assignment |
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
pulp_id | f9cbdaad-1490-4937-b8f1-5dc1550913a4
pulp_created | 2021-01-25 13:20:23.823607+00
pulp_last_updated | 2021-01-25 13:20:23.823656+00
statements | [{"action": ["list"], "effect": "allow", "principal": "authenticated"}, {"action": ["retrieve"], "effect": "allow", "condition": "has_repo_param_model_or_ob
j_perms:container.view_containerrepository", "principal": "authenticated"}, {"action": ["destroy"], "effect": "allow", "condition": "(has_repo_param_model_or_obj_perms:container.del
ete_containerrepository or has_repo_param_model_or_obj_perms:container.modify_content_containerrepository)", "principal": "authenticated"}]
viewset_name | repositories/container/container/versions
permissions_assignment |
Updated by ttereshc almost 4 years ago
- Assignee set to ttereshc
- Sprint/Milestone set to 3.10.0
- Sprint set to Sprint 89
Updated by pulpbot almost 4 years ago
- Status changed from NEW to POST
Added by ttereshc almost 4 years ago
Updated by ttereshc almost 4 years ago
- Status changed from POST to MODIFIED
Applied in changeset pulpcore|9aac9db3298122295bbe035ee67cb7a7d089be27.
Updated by pulpbot almost 4 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions
.
Take into account parent_viewset url when dealing with access policies
closes #8152 https://pulp.plan.io/issues/8152