<div dir="ltr">Hi Kun,<div><br></div><div style>Yes, ACLs are the answer.</div><div style><br></div><div style>Based on our earlier conversation I assume you want to give the 'tester3' user access to a container. To do this you'll need to authenticate as the 'test' user (admin user) and use his token to issue a command line this,<br>
</div><div style><br></div><div style>$ curl -X POST -H 'X-Auth-Token: [token]' -H ''X-Container-Read: tester3' <a href="http://127.0.0.1:8080/v1/AUTH_test/[container">http://127.0.0.1:8080/v1/AUTH_test/[container</a> name]</div>
<div style><br></div><div style>Following this the tester3 user will have read access to the container given in [container name].</div><div style><br></div><div style>Note: It's not possible to grant users read/write access at the account level, only the container level.</div>
<div style><br></div><div style>Adrian</div><div style><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 20 February 2013 19:55, Kun Huang <span dir="ltr"><<a href="mailto:Academicgareth@gmail.com" target="_blank">Academicgareth@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, Adrian<div><br></div><div>I think ACL is that answer...</div><div>I just have read <a href="http://programmerthoughts.com/openstack/swift-permissions/" target="_blank">http://programmerthoughts.com/openstack/swift-permissions/</a></div>
<div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Feb 21, 2013 at 1:54 AM, Kun Huang <span dir="ltr"><<a href="mailto:Academicgareth@gmail.com" target="_blank">Academicgareth@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, Adrian<div>It seems not correct.</div><div><br></div><div>1st,</div><div><img src="cid:ii_13cf8b4118660c8c" alt="Inline image 1" width="799" height="301"><br>
</div><div><br>
</div><div>2nd, </div><pre style="margin-top:0px;margin-bottom:0px;padding:0px;border:0px"><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<br> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">def</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,0,0);font-weight:bold">authorize</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">self</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px">):</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">"""</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)"> Returns None if the request is authorized to continue or a standard</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)"> WSGI response callable if not.</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)"> """</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<br></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">try</span><span style="margin:0px;padding:0px;border:0px">:</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px">version</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px">account</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px">container</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px">obj</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">=</span> <span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">split_path</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px;color:rgb(0,153,153)">1</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(0,153,153)">4</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">True</span><span style="margin:0px;padding:0px;border:0px">)</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">except</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,0,0);font-weight:bold">ValueError</span><span style="margin:0px;padding:0px;border:0px">:</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">self</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">logger</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">increment</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'errors'</span><span style="margin:0px;padding:0px;border:0px">)</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">return</span> <span style="margin:0px;padding:0px;border:0px">HTTPNotFound</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px">request</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">=</span><span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px">)</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">if</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">not</span> <span style="margin:0px;padding:0px;border:0px">account</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">or</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">not</span> <span style="margin:0px;padding:0px;border:0px">account</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">startswith</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">self</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">reseller_prefix</span><span style="margin:0px;padding:0px;border:0px">):</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">return</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">self</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">denied_response</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px">)</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px">user_groups</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">=</span> <span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">remote_user</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">or</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">''</span><span style="margin:0px;padding:0px;border:0px">)</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">split</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">','</span><span style="margin:0px;padding:0px;border:0px">)</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">if</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'.reseller_admin'</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">in</span> <span style="margin:0px;padding:0px;border:0px">user_groups</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">and</span> \</div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px">account</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">!=</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">self</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">reseller_prefix</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">and</span> \</div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px">account</span><span style="margin:0px;padding:0px;border:0px">[</span><span style="margin:0px;padding:0px;border:0px;color:rgb(0,134,179)">len</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">self</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">reseller_prefix</span><span style="margin:0px;padding:0px;border:0px">)]</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">!=</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'.'</span><span style="margin:0px;padding:0px;border:0px">:</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">environ</span><span style="margin:0px;padding:0px;border:0px">[</span><span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'swift_owner'</span><span style="margin:0px;padding:0px;border:0px">]</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">=</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">True</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">return</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">None</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">if</span> <span style="margin:0px;padding:0px;border:0px">account</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">in</span> <span style="margin:0px;padding:0px;border:0px">user_groups</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">and</span> \</div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">method</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">not</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">in</span> <span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'DELETE'</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'PUT'</span><span style="margin:0px;padding:0px;border:0px">)</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">or</span> <span style="margin:0px;padding:0px;border:0px">container</span><span style="margin:0px;padding:0px;border:0px">):</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,136);font-style:italic"># If the user is admin for the account and is not trying to do an</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,136);font-style:italic"># account DELETE or PUT...</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">environ</span><span style="margin:0px;padding:0px;border:0px">[</span><span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'swift_owner'</span><span style="margin:0px;padding:0px;border:0px">]</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">=</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">True</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">return</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">None</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">if</span> <span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">environ</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">get</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'swift_sync_key'</span><span style="margin:0px;padding:0px;border:0px">)</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">and</span> <span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">environ</span><span style="margin:0px;padding:0px;border:0px">[</span><span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'swift_sync_key'</span><span style="margin:0px;padding:0px;border:0px">]</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">==</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">headers</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">get</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'x-container-sync-key'</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">None</span><span style="margin:0px;padding:0px;border:0px">))</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">and</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'x-timestamp'</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">in</span> <span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">headers</span><span style="margin:0px;padding:0px;border:0px">):</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">return</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">None</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">if</span> <span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">method</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">==</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'OPTIONS'</span><span style="margin:0px;padding:0px;border:0px">:</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,136);font-style:italic">#allow OPTIONS requests to proceed as normal</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">return</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">None</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px">referrers</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px">groups</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">=</span> <span style="margin:0px;padding:0px;border:0px">parse_acl</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px;color:rgb(0,134,179)">getattr</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'acl'</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">None</span><span style="margin:0px;padding:0px;border:0px">))</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">if</span> <span style="margin:0px;padding:0px;border:0px">referrer_allowed</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">referer</span><span style="margin:0px;padding:0px;border:0px">,</span> <span style="margin:0px;padding:0px;border:0px">referrers</span><span style="margin:0px;padding:0px;border:0px">):</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">if</span> <span style="margin:0px;padding:0px;border:0px">obj</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">or</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(221,17,68)">'.rlistings'</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">in</span> <span style="margin:0px;padding:0px;border:0px">groups</span><span style="margin:0px;padding:0px;border:0px">:</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">return</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">None</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">return</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">self</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">denied_response</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px">)</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">if</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">not</span> <span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">remote_user</span><span style="margin:0px;padding:0px;border:0px">:</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">return</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">self</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">denied_response</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px">)</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">for</span> <span style="margin:0px;padding:0px;border:0px">user_group</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">in</span> <span style="margin:0px;padding:0px;border:0px">user_groups</span><span style="margin:0px;padding:0px;border:0px">:</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">if</span> <span style="margin:0px;padding:0px;border:0px">user_group</span> <span style="margin:0px;padding:0px;border:0px;font-weight:bold">in</span> <span style="margin:0px;padding:0px;border:0px">groups</span><span style="margin:0px;padding:0px;border:0px">:</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">return</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">None</span></div><div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px;font-weight:bold">return</span> <span style="margin:0px;padding:0px;border:0px;color:rgb(153,153,153)">self</span><span style="margin:0px;padding:0px;border:0px;font-weight:bold">.</span><span style="margin:0px;padding:0px;border:0px">denied_response</span><span style="margin:0px;padding:0px;border:0px">(</span><span style="margin:0px;padding:0px;border:0px">req</span><span style="margin:0px;padding:0px;border:0px">)</span></div>
<div style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px;margin:0px;padding:0px 0px 0px 10px;border:0px">
<span style="margin:0px;padding:0px;border:0px"><br></span></div><div style="margin:0px;padding:0px 0px 0px 10px;border:0px"><font color="#333333" face="Consolas, Liberation Mono, Courier, monospace"><span style="line-height:17.77777862548828px">Target codes is here. No "</span></font>X-Container-Read<span style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px">" header has ever been checked.</span></div>
<div style="margin:0px;padding:0px 0px 0px 10px;border:0px"><span style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px"><br>
</span></div><div style="margin:0px;padding:0px 0px 0px 10px;border:0px"><span style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12.222222328186035px;line-height:17.77777862548828px">3rd, in </span><a href="http://docs.openstack.org/folsom/openstack-object-storage/admin/content/authentication-and-access-permissions.html" style="font-family:arial" target="_blank">http://docs.openstack.org/folsom/openstack-object-storage/admin/content/authentication-and-access-permissions.html</a>,</div>
<div style="margin:0px;padding:0px 0px 0px 10px;border:0px"><br></div><div style="margin:0px;padding:0px 0px 0px 10px;border:0px"><span style="font-size:13.63636302947998px;white-space:normal;font-family:Verdana,Geneva,sans-serif">"""Generally speaking, </span><span style="font-family:Verdana,Geneva,sans-serif;font-size:13.63636302947998px;white-space:normal"><font color="#ff0000">each user has their own storage account and has full access to that account</font></span><span style="font-size:13.63636302947998px;white-space:normal;font-family:Verdana,Geneva,sans-serif">. Users must authenticate with their credentials as described above, but once authenticated they can create/delete containers and objects within that account. </span><span style="font-family:Verdana,Geneva,sans-serif;font-size:13.63636302947998px;white-space:normal"><font color="#ff0000">The only way a user can access the content from another account is if they share an API access key</font></span><span style="font-size:13.63636302947998px;white-space:normal;font-family:Verdana,Geneva,sans-serif"> or a session token provided by your authentication system."""</span><br>
</div><div style="margin:0px;padding:0px 0px 0px 10px;border:0px"><span style="font-size:13.63636302947998px;white-space:normal;font-family:Verdana,Geneva,sans-serif"><br></span></div>
<div style="margin:0px;padding:0px 0px 0px 10px;border:0px"><font color="#000000" face="Verdana, Geneva, sans-serif"><span style="font-size:14px;white-space:normal">Does this paragraph tell us tester3(user) has access control for test(account), but not other accounts?</span></font></div>
</pre></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 20, 2013 at 8:16 PM, Adrian Smith <span dir="ltr"><<a href="mailto:adrian@17od.com" target="_blank">adrian@17od.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Unless tester3 is given explicit permissions he can't do anything.<br>
<br>
To be of any use the 'test' user (who is an admin) would need to grant<br>
'test3' read/write access to a container. Permissions are granted<br>
using the X-Container-Read and X-Container-Write headers on<br>
containers, <a href="http://docs.openstack.org/folsom/openstack-object-storage/admin/content/authentication-and-access-permissions.html" target="_blank">http://docs.openstack.org/folsom/openstack-object-storage/admin/content/authentication-and-access-permissions.html</a>.<br>
<br>
Adrian<br>
<br>
On 20 February 2013 05:34, Kun Huang <<a href="mailto:Academicgareth@gmail.com" target="_blank">Academicgareth@gmail.com</a>> wrote:<br>
</div><div><div>> In tempauth of SAIO, what's the meaning of<br>
><br>
> user_test_tester3 = testing3<br>
><br>
> not account is test<br>
> tester3 is a user of that account, but tester3 is not admin or reseller<br>
> admin.<br>
> Could testers get(GET,HEAD) information from account:test?<br>
><br>
> In the current code, the answer is no.<br>
><br>
> I'm not sure what can tester3 do in this case?<br>
><br>
</div></div><div><div>> _______________________________________________<br>
> Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
> Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
> Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
> More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>