Return 401 when action is not authorized

When a user is not authorized to access to something is the API, this one return 401 instead of 400 now. Fixes bug #1232045 (cherry picked from commit b2df5f9) Change-Id: I37ef87f79cd55e095132e0865cbaa324cd76323c
openstack · Oct 3, 2013 · 8dc89d8 · 8dc89d8
1 parent 47f4a34
commit 8dc89d8
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 14 deletions.
diff --git a/ceilometer/api/controllers/v2.py b/ceilometer/api/controllers/v2.py
@@ -267,6 +267,14 @@ def _get_value_as_type(self, forced_type=None):
         return converted_value
 
 
+class ProjectNotAuthorized(Exception):
+    code = 401
+
+    def __init__(self, id):
+        super(ProjectNotAuthorized, self).__init__(
+            _("Not Authorized to access project %s") % id)
+
+
 def _sanitize_query(q, valid_keys, headers=None):
     '''Check the query to see if:
     1) the request is coming from admin - then allow full visibility
@@ -279,14 +287,7 @@ def _sanitize_query(q, valid_keys, headers=None):
         proj_q = [i for i in q if i.field == 'project_id']
         for i in proj_q:
             if auth_project != i.value or i.op != 'eq':
-                # TODO(asalkeld) in the next version of wsme (0.5b3+)
-                # activate this code to be able to return the correct
-                # status code (also update api/v2/test_acl.py).
-                #return wsme.api.Response([return_type()],
-                #                         status_code=401)
-                errstr = 'Not Authorized to access project %s %s' % (i.op,
-                                                                     i.value)
-                raise wsme.exc.ClientSideError(errstr)
+                raise ProjectNotAuthorized(i.value)
 
         if not proj_q and 'on_behalf_of' not in valid_keys:
             # The user is restricted, but they didn't specify a project

diff --git a/tests/api/v2/test_acl_scenarios.py b/tests/api/v2/test_acl_scenarios.py
@@ -194,9 +194,7 @@ def test_non_admin_wrong_project(self):
                              q=[{'field': 'project_id',
                                  'value': 'project-wrong',
                                  }])
-        #TODO(asalkeld) revert this with wsme-0.5b3+
-#        self.assertEqual(data.status_int, 401)
-        self.assertEqual(data.status_int, 400)
+        self.assertEqual(data.status_int, 401)
 
     def test_non_admin_two_projects(self):
         data = self.get_json('/meters',
@@ -210,6 +208,4 @@ def test_non_admin_two_projects(self):
                                 {'field': 'project_id',
                                  'value': 'project-naughty',
                                  }])
-        #TODO(asalkeld) revert this with wsme-0.5b3+
-#        self.assertEqual(data.status_int, 401)
-        self.assertEqual(data.status_int, 400)
+        self.assertEqual(data.status_int, 401)