Commit 06552cee authored by Sofia Papagiannaki's avatar Sofia Papagiannaki
Browse files

pithos: Weaken X-Object-Public exposure requirement

commit:8a0c7040367761cd5d5383ac53dfe1c0161c1d02
has restricted the X-Object-Public exposure
in container detailed list requests
only to the object owner and if public parameter is supplied.
Now we have weaken this requirement so this information
is returned only to the object owner regardless of
the public parameter existence.
The pithos api guide has been updated also appropriately.
parent 0496e302
......@@ -583,7 +583,8 @@ x_object_version_timestamp The object's version timestamp
x_object_modified_by The user that committed the object's version
x_object_sharing Object permissions (optional)
x_object_allowed_to Allowed actions on object (optional)
x_object_public Object's publicly accessible URI (optional)
x_object_public Object's publicly accessible URI (optional: present if the object is public and the request user is the object owner)
========================== ======================================
Sharing metadata and last modification timestamp will only be returned if there is no ``until`` parameter defined.
......@@ -787,7 +788,7 @@ X-Object-Manifest Object parts prefix in ``<container>/<object>`` form
X-Object-Sharing Object permissions (optional)
X-Object-Shared-By Object inheriting permissions (optional)
X-Object-Allowed-To Allowed actions on object (optional)
X-Object-Public Object's publicly accessible URI (optional)
X-Object-Public Object's publicly accessible URI (optional: present if the object is public and the request user is the object owner)
X-Object-Meta-* Optional user defined metadata
========================== ===============================
......@@ -884,7 +885,7 @@ X-Object-Manifest Object parts prefix in ``<container>/<object>`` form
X-Object-Sharing Object permissions (optional)
X-Object-Shared-By Object inheriting permissions (optional)
X-Object-Allowed-To Allowed actions on object (optional)
X-Object-Public Object's publicly accessible URI (optional)
X-Object-Public Object's publicly accessible URI (optional: present if the object is public and the request user is the object owner)
X-Object-Meta-* Optional user defined metadata
========================== ===============================
......
......@@ -702,7 +702,9 @@ def object_list(request, v_account, v_container):
request.backend.get_object_permissions(
request.user_uniq, v_account, v_container, object)
if public_granted:
if request.user_uniq == v_account:
# Bring public information only if the request user
# is the object owner
for k, v in request.backend.list_object_public(
request.user_uniq, v_account,
v_container, prefix).iteritems():
......@@ -744,7 +746,9 @@ def object_list(request, v_account, v_container):
update_sharing_meta(request, permissions, v_account,
v_container, meta['name'], meta)
public_url = object_public.get(meta['name'], None)
if public_granted:
if request.user_uniq == v_account:
# Return public information only if the request user
# is the object owner
update_public_meta(public_url, meta)
object_meta.append(printable_header_dict(meta))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment