Sorry for the delay!
Would it be acceptable if admin can access any image in owner_is_tenant mode, otherwise image is modifiable only by users of its tenant.
def is_image_mutable(context, image):
"""Return True if the image is mutable in this context."""
# Is admin and owner is user == image mutable
if context.is_admin and not context.owner_is_tenant:
return True
# No owner == image not mutable
if image['owner'] is None or context.owner is None:
return False
# Image only mutable by its owner
return image['owner'] == context.owner
Sorry for the delay!
Would it be acceptable if admin can access any image in owner_is_tenant mode, otherwise image is modifiable only by users of its tenant.
Here is my patch (https:/ /github. com/aababilov/ glance/ blob/07c7988d1f 8c08aebed789a8b 9b5d875cef2fb46 /glance/ db/simple/ api.py), however I should fix unit tests as well:
def is_image_ mutable( context, image): owner_is_ tenant:
"""Return True if the image is mutable in this context."""
# Is admin and owner is user == image mutable
if context.is_admin and not context.
return True
# No owner == image not mutable
if image['owner'] is None or context.owner is None:
return False
# Image only mutable by its owner
return image['owner'] == context.owner
(and so on for another functions)