Fix HTTP response code when refusing action

Return Forbidden(403) instead of Unauthorized(401) when refusing a requested action, because the VM is suspended or the resource is public. Unauthorized should be used only when authentication is required and has failed or has not yet been provided.

Fix HTTP response code when refusing action
Return Forbidden(403) instead of Unauthorized(401) when refusing a requested action, because the VM is suspended or the resource is public. Unauthorized should be used only when authentication is required and has failed or has not yet been provided.
148569a8 · Christos Stavrakakis · 6da592f7 · 148569a8 · 148569a8 · 148569a8
Commit 148569a8 authored Nov 06, 2012 by Christos Stavrakakis
--- a/snf-cyclades-app/synnefo/api/faults.py
+++ b/snf-cyclades-app/synnefo/api/faults.py
@@ -51,6 +51,9 @@ class Unauthorized(Fault):
 class ResizeNotAllowed(Fault):
    code = 403

+class Forbidden(Fault):
+    code = 403
+
 class ItemNotFound(Fault):
    code = 404


--- a/snf-cyclades-app/synnefo/api/networks.py
+++ b/snf-cyclades-app/synnefo/api/networks.py
@@ -44,7 +44,7 @@ from django.utils import simplejson as json
 from synnefo.api import util
 from synnefo.api.actions import network_actions
 from synnefo.api.common import method_not_allowed
-from synnefo.api.faults import (ServiceUnavailable, BadRequest, Unauthorized,
+from synnefo.api.faults import (ServiceUnavailable, BadRequest, Forbidden,
                                NetworkInUse, OverLimit)
 from synnefo.db.models import Network
 from synnefo.db.pools import EmptyPool
@@ -152,6 +152,7 @@ def create_network(request):
    #                       unauthorized (401),
    #                       badMediaType(415),
    #                       badRequest (400),
+    #                       forbidden (403)
    #                       overLimit (413)

    req = util.get_request_dict(request)
@@ -171,7 +172,7 @@ def create_network(request):
        raise BadRequest('Malformed request.')

    if net_type == 'PUBLIC_ROUTED':
-        raise Unauthorized('Can not create a public network.')
+        raise Forbidden('Can not create a public network.')

    user_networks = len(Network.objects.filter(userid=request.user_uniq,
                                               deleted=False))
@@ -239,6 +240,7 @@ def update_network_name(request, network_id):
    #                       serviceUnavailable (503),
    #                       unauthorized (401),
    #                       badRequest (400),
+    #                       forbidden (403)
    #                       badMediaType(415),
    #                       itemNotFound (404),
    #                       overLimit (413)
@@ -253,7 +255,7 @@ def update_network_name(request, network_id):

    net = util.get_network(network_id, request.user_uniq)
    if net.public:
-        raise Unauthorized('Can not rename the public network.')
+        raise Forbidden('Can not rename the public network.')
    if net.deleted:
        raise Network.DeletedError
    net.name = name
@@ -268,14 +270,14 @@ def delete_network(request, network_id):
    # Error Response Codes: computeFault (400, 500),
    #                       serviceUnavailable (503),
    #                       unauthorized (401),
+    #                       forbidden (403)
    #                       itemNotFound (404),
-    #                       unauthorized (401),
    #                       overLimit (413)

    log.info('delete_network %s', network_id)
    net = util.get_network(network_id, request.user_uniq, for_update=True)
    if net.public:
-        raise Unauthorized('Can not delete the public network.')
+        raise Forbidden('Can not delete the public network.')

    if net.deleted:
        raise Network.DeletedError
@@ -300,7 +302,7 @@ def network_action(request, network_id):

    net = util.get_network(network_id, request.user_uniq)
    if net.public:
-        raise Unauthorized('Can not modify the public network.')
+        raise Forbidden('Can not modify the public network.')
    if net.deleted:
        raise Network.DeletedError


--- a/snf-cyclades-app/synnefo/api/util.py
+++ b/snf-cyclades-app/synnefo/api/util.py
@@ -57,7 +57,7 @@ from django.db.models import Q

 from synnefo.api.faults import (Fault, BadRequest, BuildInProgress,
                                ItemNotFound, ServiceUnavailable, Unauthorized,
-                                BadMediaType)
+                                BadMediaType, Forbidden)
 from synnefo.db.models import (Flavor, VirtualMachine, VirtualMachineMetadata,
                               Network, BackendNetwork, NetworkInterface,
                               BridgePoolTable, MacPrefixPoolTable)
@@ -166,7 +166,7 @@ def get_vm(server_id, user_id, non_deleted=False, non_suspended=False):
        if non_deleted and vm.deleted:
            raise VirtualMachine.DeletedError
        if non_suspended and vm.suspended:
-            raise Unauthorized("Administratively Suspended VM")
+            raise Forbidden("Administratively Suspended VM")
        return vm
    except ValueError:
        raise BadRequest('Invalid server ID.')