Glance

  1. Bug #1010547
  2. Comment #7

Comment 7 for bug 1010547

Revision history for this message
Alexej Ababilov (aababilov) wrote : Re: Admin rights escalate to other tenants (was: glance allows to delete arbitrary images)

Sorry for the delay!
Would it be acceptable if admin can access any image in owner_is_tenant mode, otherwise image is modifiable only by users of its tenant.

Here is my patch (https://github.com/aababilov/glance/blob/07c7988d1f8c08aebed789a8b9b5d875cef2fb46/glance/db/simple/api.py), however I should fix unit tests as well:

def is_image_mutable(context, image):
    """Return True if the image is mutable in this context."""
    # Is admin and owner is user == image mutable
    if context.is_admin and not context.owner_is_tenant:
        return True

    # No owner == image not mutable
    if image['owner'] is None or context.owner is None:
        return False

    # Image only mutable by its owner
    return image['owner'] == context.owner

(and so on for another functions)