commit d16b5f0ea41419bdf4eb4e66ce4551571ee6acec
Author: Mohammed Naser <email address hidden>
Date: Fri Jan 31 16:13:24 2020 +0100
share_networks: enable project_only API only
At the moment, the share_network database API which the web
API layer interacts with directly does not have any checking
for project_id which means that a user has the ability to run
operations against any other share_network if they have the ID.
This patch implements the usage of project_only in the database
query which ensures that administrators still have the behaviour
of getting any share network they want, but users can only pull
up those which are part of their context/authenticated project.
This patch also adjusts a few other tests due to the fact that
the existing tests would run a lot of inserts with a different
project_id than the context, which is not allowed in this new
API behaviour. Therefore, the instances that involved projects
different than the context were converted to elevated ones.
There was also an instance where they were being created with a
project_id that did not match the fake context, therefore the
context was adjusted accordingly as well.
Closes-Bug: #1861485
Change-Id: Id67a939a475c4ac06d546b7e095bd10f1a6d2619
(cherry picked from commit 947315f0903c823b0fdd9d99c60078814587272c)
(cherry picked from commit 496e6e1d2a074ab85f434fe2a88a6c0159696419)
(cherry picked from commit 17b29e2b50d41db13f29eae86437ef91f6432c8d)
Signed-off-by: Goutham Pacha Ravi <email address hidden>
Reviewed: https:/ /review. opendev. org/712165 /git.openstack. org/cgit/ openstack/ manila/ commit/ ?id=d16b5f0ea41 419bdf4eb4e66ce 4551571ee6acec
Committed: https:/
Submitter: Zuul
Branch: stable/rocky
commit d16b5f0ea41419b df4eb4e66ce4551 571ee6acec
Author: Mohammed Naser <email address hidden>
Date: Fri Jan 31 16:13:24 2020 +0100
share_networks: enable project_only API only
At the moment, the share_network database API which the web
API layer interacts with directly does not have any checking
for project_id which means that a user has the ability to run
operations against any other share_network if they have the ID.
This patch implements the usage of project_only in the database authenticated project.
query which ensures that administrators still have the behaviour
of getting any share network they want, but users can only pull
up those which are part of their context/
This patch also adjusts a few other tests due to the fact that
the existing tests would run a lot of inserts with a different
project_id than the context, which is not allowed in this new
API behaviour. Therefore, the instances that involved projects
different than the context were converted to elevated ones.
There was also an instance where they were being created with a
project_id that did not match the fake context, therefore the
context was adjusted accordingly as well.
Closes-Bug: #1861485 c06d546b7e095bd 10f1a6d2619 b0fdd9d99c60078 814587272c) 85f434fe2a88a6c 0159696419) 13f29eae86437ef 91f6432c8d)
Change-Id: Id67a939a475c4a
(cherry picked from commit 947315f0903c823
(cherry picked from commit 496e6e1d2a074ab
(cherry picked from commit 17b29e2b50d41db
Signed-off-by: Goutham Pacha Ravi <email address hidden>