commit 87799bbb13d7fa26bafefd16947216810183bb3b
Author: Mohammed Naser <email address hidden>
Date: Fri Jan 31 16:13:24 2020 +0100
share_networks: enable project_only API only
At the moment, the share_network database API which the web
API layer interacts with directly does not have any checking
for project_id which means that a user has the ability to run
operations against any other share_network if they have the ID.
This patch implements the usage of project_only in the database
query which ensures that administrators still have the behaviour
of getting any share network they want, but users can only pull
up those which are part of their context/authenticated project.
This patch also adjusts a few other tests due to the fact that
the existing tests would run a lot of inserts with a different
project_id than the context, which is not allowed in this new
API behaviour. Therefore, the instances that involved projects
different than the context were converted to elevated ones.
There was also an instance where they were being created with a
project_id that did not match the fake context, therefore the
context was adjusted accordingly as well.
Closes-Bug: #1861485
Change-Id: Id67a939a475c4ac06d546b7e095bd10f1a6d2619
(cherry picked from commit 947315f0903c823b0fdd9d99c60078814587272c)
(cherry picked from commit 496e6e1d2a074ab85f434fe2a88a6c0159696419)
(cherry picked from commit 039ab2b020e4ca13fa723b6cb931f921944894ee)
(cherry picked from commit 496bb1473ea1ad8143bfb65d1727166de543affc)
(cherry picked from commit c3b92b030aa3c0eda2549947df9b752c7393849e)
Signed-off-by: Goutham Pacha Ravi <email address hidden>
Reviewed: https:/ /review. opendev. org/712167 /git.openstack. org/cgit/ openstack/ manila/ commit/ ?id=87799bbb13d 7fa26bafefd1694 7216810183bb3b
Committed: https:/
Submitter: Zuul
Branch: stable/pike
commit 87799bbb13d7fa2 6bafefd16947216 810183bb3b
Author: Mohammed Naser <email address hidden>
Date: Fri Jan 31 16:13:24 2020 +0100
share_networks: enable project_only API only
At the moment, the share_network database API which the web
API layer interacts with directly does not have any checking
for project_id which means that a user has the ability to run
operations against any other share_network if they have the ID.
This patch implements the usage of project_only in the database authenticated project.
query which ensures that administrators still have the behaviour
of getting any share network they want, but users can only pull
up those which are part of their context/
This patch also adjusts a few other tests due to the fact that
the existing tests would run a lot of inserts with a different
project_id than the context, which is not allowed in this new
API behaviour. Therefore, the instances that involved projects
different than the context were converted to elevated ones.
There was also an instance where they were being created with a
project_id that did not match the fake context, therefore the
context was adjusted accordingly as well.
Closes-Bug: #1861485 c06d546b7e095bd 10f1a6d2619 b0fdd9d99c60078 814587272c) 85f434fe2a88a6c 0159696419) 3fa723b6cb931f9 21944894ee) 143bfb65d172716 6de543affc) da2549947df9b75 2c7393849e)
Change-Id: Id67a939a475c4a
(cherry picked from commit 947315f0903c823
(cherry picked from commit 496e6e1d2a074ab
(cherry picked from commit 039ab2b020e4ca1
(cherry picked from commit 496bb1473ea1ad8
(cherry picked from commit c3b92b030aa3c0e
Signed-off-by: Goutham Pacha Ravi <email address hidden>