shared firewall policies can't be displayed in horizon

Fix proposed to branch: master
Review: https://review.openstack.org/81715

Change abandoned by David Lyle (<email address hidden>) on branch: master
Review: https://review.openstack.org/81715
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Fix proposed to branch: master
Review: https://review.openstack.org/152410

Reviewed: https://review.openstack.org/152410
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=ca8df08bb8ed03981b7a0f9d6fedb3418b061804
Submitter: Jenkins
Branch: master

commit ca8df08bb8ed03981b7a0f9d6fedb3418b061804
Author: Zhang Hua <email address hidden>
Date: Tue Feb 3 14:39:20 2015 +0800

    Fix shared firewall policy can not be displayed in horizon

    When firewall policy is set to shared, it should be seen by any
    users just like public images.

    _model_query function of common_db_minxin.py in neutron has used
    shared and tenant_id fields restored from token to construct the
    query condition, so continuing to pass tenant_id as filters
    condition will cause sql confusion, just delete them to keep
    consistent with the approach python-neutronclient did.

    Change-Id: Id891f735509275bd79eff52385ffce40069fc460
    Closes-bug: 1294541

The above patch is not complete and it brings another regression. By this patch, when admin user is logged in, all firewall related resources from ALL tenants will be shown.

Neutron server lists both project-owned and shared resources for regular project users and the patch merged uses this behavior. However neutron-server has another context that ALL resources (including other projects) will be listed for admin users. tenant_id filter in the previous code was used to filter out resources from other tenants. I believe this behavior should be honored, and we have the workaround for network listing in api/neutron.py.

As a long term solution, neutron should support project-scoped listing for admin users. It is being discussed in API WG but it takes time before it is implemented because we need a new major version of Neutron API.

Related fix proposed to branch: master
Review: https://review.openstack.org/156061

Fix proposed to branch: master
Review: https://review.openstack.org/156062

Reviewed: https://review.openstack.org/156061
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=df03be6aa396bcaa3513fd9e5e3d31308af14df0
Submitter: Jenkins
Branch: master

commit df03be6aa396bcaa3513fd9e5e3d31308af14df0
Author: Akihiro Motoki <email address hidden>
Date: Sun Feb 15 18:23:15 2015 +0900

    Revert "Fix shared firewall policy can not be displayed in horizon"

    This reverts commit ca8df08bb8ed03981b7a0f9d6fedb3418b061804.

    The reverted commit introduced a regression that all firewall
    related resources from all projects are shown in the project panel
    if a user has admin role. It violates the design policy of the
    Project dashboard (which focuses on project-related resources).
    A fix for the original bug 1294541 is coming in the subsequent patch.

    Closes-Bug: #1422081
    Related-Bug: #1294541
    Change-Id: Ie8864b92b4ffb59681c0d18ac8b5f09f636d5fba

Reviewed: https://review.openstack.org/156062
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=9736609e538b692c2636b6a5b6b727ab180910a3
Submitter: Jenkins
Branch: master

commit 9736609e538b692c2636b6a5b6b727ab180910a3
Author: Akihiro Motoki <email address hidden>
Date: Sun Feb 15 21:48:30 2015 +0900

    List shared firewall policies/rules in Project panel

    When firewall policy/rule is set to shared, it should be seen
    by any users.

    This commit reimplements the support of shared firewall policies
    and rules with honoring Neutron listing behavior for admin role.

    Closes-bug: #1294541
    Change-Id: Ie7142b10234e720b65f6540f08c7a092939e3ea8