From de2abda3ceefc9797a933c67a557a3d48d7ab1e4 Mon Sep 17 00:00:00 2001 From: Sowmya Nethi Date: Thu, 11 Sep 2025 17:46:37 +0530 Subject: [PATCH] feat(policy): allow creator to view or delete the certificate Change-Id: Ie78493c405d6b115ffa64775e6cbd0e8a0adaf7f Signed-off-by: Sowmya Nethi --- skyline_apiserver/policy/manager/barbican.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/skyline_apiserver/policy/manager/barbican.py b/skyline_apiserver/policy/manager/barbican.py index 107489b..fed13c0 100644 --- a/skyline_apiserver/policy/manager/barbican.py +++ b/skyline_apiserver/policy/manager/barbican.py @@ -307,14 +307,14 @@ list_rules = ( ), base.APIRule( name="container:get", - check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private) or rule:container_acl_read)"), + check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private) or rule:container_acl_read or rule:creator)"), description="Retrieves a single container.", scope_types=["project"], operations=[Operation(method="GET", path="/v1/containers/{container-id}")], ), base.APIRule( name="container:delete", - check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private))"), + check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private) or rule:creator)"), description="Deletes a container.", scope_types=["project"], operations=[Operation(method="DELETE", path="/v1/containers/{uuid}")],