| 2021-04-08 07:03:59 |
haixin |
description |
Description
===========
1: when get share networks list, if specified "security_service_id" and "project_id" in search_ops, will go to
function share_network_get_all_by_security_service(), It doesn't care if the user is admin,
this will lead to Non-admin user get share networks in other project.
2: we can put "created_since", "created_before" search opts into database to Increase query speed
3: we can integrate the database query interface
Steps to reproduce
==================
A chronological list of steps which will help reproduce the issue you hit:
* in project A create an share network net_A, which security_service_id is id1 belong to project A.
* in project B create an share network net_B, which security_service_id is id2 belong to project B.
* then admin to query share networks list with security_service_id=id1 and project_id= B_id in
search opts.
Expected result
===============
the query resule is None
Actual result
=============
you will get net_A |
Description
===========
1: when get share networks list, if specified "security_service_id" and "project_id" in search_ops, will go to
function share_network_get_all_by_security_service(), It doesn't care if the user is admin,
this will lead to Non-admin user get share networks in other project.
2: we can put "created_since", "created_before" search opts into database to Increase query speed
3: we can integrate the database query interface
Steps to reproduce
==================
A chronological list of steps which will help reproduce the issue you hit:
* in project A(id=A_id) create an share network net_A, which security_service_id is id1 belong to project A.
* in project B(id=B_id) create an share network net_B, which security_service_id is id2 belong to project B.
* then admin to query share networks list with security_service_id=id1 and project_id= B_id in
search opts.
Expected result
===============
the query resule is None
Actual result
=============
you will get net_A |
|
