Reviewed: https://review.openstack.org/219547 Committed: https://git.openstack.org/cgit/openstack/murano/commit/?id=c3a68db2df1f29fd53b98f051dc2b2d858ece923 Submitter: Jenkins Branch: master commit c3a68db2df1f29fd53b98f051dc2b2d858ece923 Author: Lin Yang <lin.a.yang at intel.com> Date: Wed Sep 2 11:15:33 2015 +0800 Add tenant_id check for {env_id}/lastStatus api Previously api code does not check whether a given environment belongs to current requests tenant when call api /environments/{environment_id}/lastStatus. So added a decorator to enhance it. Change-Id: Iad7caf8284106f31989202abf736b6eebe43836a Closes-Bug: #1491218 ** Changed in: murano Status: In Progress => Fix Committed -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1491218 Title: [api] no checks of request tenant_id during querying service last status of an environment Status in murano: Fix Committed Bug description: Currently api code does not check whether a given env belongs to current requests tenant when call api /environments/{environment_id}/lastStatus. Therefore it might be possible for users from different tenants to get last services status. To manage notifications about this bug go to: https://bugs.launchpad.net/murano/+bug/1491218/+subscriptions