Allow non-admins to define "external" extra-routes
Currently non-admin users can create extra-routes when the nexthop is on
router-interfaces subnets but not on external-network subnet. Indeed
user permissions are used to get router ports in order to validate
nexthops BUT non-admin users don't "see" router port on its external
network.
This change uses an elevated context instead of user context to enable
non-admins to create "external" extra-routes.
Reviewed: https:/ /review. openstack. org/273278 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=3d5d378769f 0715e3254ac00b6 f091a6f9f6960b
Committed: https:/
Submitter: Jenkins
Branch: master
commit 3d5d378769f0715 e3254ac00b6f091 a6f9f6960b
Author: Cedric Brandily <email address hidden>
Date: Wed Jan 27 23:58:18 2016 +0100
Allow non-admins to define "external" extra-routes
Currently non-admin users can create extra-routes when the nexthop is on interfaces subnets but not on external-network subnet. Indeed
router-
user permissions are used to get router ports in order to validate
nexthops BUT non-admin users don't "see" router port on its external
network.
This change uses an elevated context instead of user context to enable
non-admins to create "external" extra-routes.
APIImpact 41a3589e8cb7151 b77ab679124
Closes-Bug: #1538767
Change-Id: I08b1d8586a4cd2