commit 17b29e2b50d41db13f29eae86437ef91f6432c8d
Author: Mohammed Naser <email address hidden>
Date: Fri Jan 31 16:13:24 2020 +0100
share_networks: enable project_only API only
At the moment, the share_network database API which the web
API layer interacts with directly does not have any checking
for project_id which means that a user has the ability to run
operations against any other share_network if they have the ID.
This patch implements the usage of project_only in the database
query which ensures that administrators still have the behaviour
of getting any share network they want, but users can only pull
up those which are part of their context/authenticated project.
This patch also adjusts a few other tests due to the fact that
the existing tests would run a lot of inserts with a different
project_id than the context, which is not allowed in this new
API behaviour. Therefore, the instances that involved projects
different than the context were converted to elevated ones.
There was also an instance where they were being created with a
project_id that did not match the fake context, therefore the
context was adjusted accordingly as well.
Closes-Bug: #1861485
Change-Id: Id67a939a475c4ac06d546b7e095bd10f1a6d2619
(cherry picked from commit 947315f0903c823b0fdd9d99c60078814587272c)
(cherry picked from commit 496e6e1d2a074ab85f434fe2a88a6c0159696419)
Reviewed: https:/ /review. opendev. org/712164 /git.openstack. org/cgit/ openstack/ manila/ commit/ ?id=17b29e2b50d 41db13f29eae864 37ef91f6432c8d
Committed: https:/
Submitter: Zuul
Branch: stable/stein
commit 17b29e2b50d41db 13f29eae86437ef 91f6432c8d
Author: Mohammed Naser <email address hidden>
Date: Fri Jan 31 16:13:24 2020 +0100
share_networks: enable project_only API only
At the moment, the share_network database API which the web
API layer interacts with directly does not have any checking
for project_id which means that a user has the ability to run
operations against any other share_network if they have the ID.
This patch implements the usage of project_only in the database authenticated project.
query which ensures that administrators still have the behaviour
of getting any share network they want, but users can only pull
up those which are part of their context/
This patch also adjusts a few other tests due to the fact that
the existing tests would run a lot of inserts with a different
project_id than the context, which is not allowed in this new
API behaviour. Therefore, the instances that involved projects
different than the context were converted to elevated ones.
There was also an instance where they were being created with a
project_id that did not match the fake context, therefore the
context was adjusted accordingly as well.
Closes-Bug: #1861485 c06d546b7e095bd 10f1a6d2619 b0fdd9d99c60078 814587272c) 85f434fe2a88a6c 0159696419)
Change-Id: Id67a939a475c4a
(cherry picked from commit 947315f0903c823
(cherry picked from commit 496e6e1d2a074ab