Merge "feat(policy): allow creator to view or delete the certificate"

2025-09-28 12:51:43 +00:00
parent fa58028c2d de2abda3ce
commit 2b6a71ea9d
1 changed files with 2 additions and 2 deletions
--- a/skyline_apiserver/policy/manager/barbican.py
+++ b/skyline_apiserver/policy/manager/barbican.py
@@ -307,14 +307,14 @@ list_rules = (
    ),
    base.APIRule(
        name="container:get",
-        check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and  rule:container_is_not_private) or rule:container_acl_read)"),
+        check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and  rule:container_is_not_private) or rule:container_acl_read or rule:creator)"),
        description="Retrieves a single container.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/v1/containers/{container-id}")],
    ),
    base.APIRule(
        name="container:delete",
-        check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and  rule:container_is_not_private))"),
+        check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and  rule:container_is_not_private) or rule:creator)"),
        description="Deletes a container.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/v1/containers/{uuid}")],