When putting the object that has a versioned container we are using a pre-authed request to move it before checking whether the user is authorised. On Deletes it's fine because we we attempt to auth before doing anything.
There are 2 ways we can solve this:
1. We could either do the same for the PUT object. that is authenticate before we do anything. Or;
2. just make sure we use make_subrequest rather then make_pre_authed_request, and the former copies the swift.authorize and so it gets authed at the proxy.
The 2nd option however means there would be a change in version_writes behaviour. The 2nd option would mean when giving someone the ACL to write a container that gets versioned, the user also needs an ACL on the versions_container also.
Because of that, he is a patch for option 1 with updated unit and functional tests. Like the DELETE method, this patch checks to see that the user has writes the container before pre-auth requesting to move the object in the container.
When putting the object that has a versioned container we are using a pre-authed request to move it before checking whether the user is authorised. On Deletes it's fine because we we attempt to auth before doing anything.
There are 2 ways we can solve this:
1. We could either do the same for the PUT object. that is authenticate before we do anything. Or; authed_ request, and the former copies the swift.authorize and so it gets authed at the proxy.
2. just make sure we use make_subrequest rather then make_pre_
The 2nd option however means there would be a change in version_writes behaviour. The 2nd option would mean when giving someone the ACL to write a container that gets versioned, the user also needs an ACL on the versions_container also.
Because of that, he is a patch for option 1 with updated unit and functional tests. Like the DELETE method, this patch checks to see that the user has writes the container before pre-auth requesting to move the object in the container.