Don't check context.system_scope to check project scope
During first attempt of the Secure RBAC implementation [1] to
function model_query_scope_is_project() there was added check
which was checking if context.system_scope is "all" in case when
scope enforcement was enabled. It was like that because that meant
that it is SYSTEM_* persona context (e.g. SYSTEM_ADMIN).
This is not needed now as later it was agreed to have only one ADMIN
user which will still behave like old, "legacy" ADMIN user.
Reviewed: https:/ /review. opendev. org/c/openstack /neutron- lib/+/874397 /opendev. org/openstack/ neutron- lib/commit/ 0dadfca1ffe72f9 526617c596cf76e e6f7a3fd78
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/wallaby
commit 0dadfca1ffe72f9 526617c596cf76e e6f7a3fd78
Author: Slawek Kaplonski <email address hidden>
Date: Thu Nov 10 16:05:11 2022 +0100
Don't check context. system_ scope to check project scope
During first attempt of the Secure RBAC implementation [1] to scope_is_ project( ) there was added check system_ scope is "all" in case when
function model_query_
which was checking if context.
scope enforcement was enabled. It was like that because that meant
that it is SYSTEM_* persona context (e.g. SYSTEM_ADMIN).
This is not needed now as later it was agreed to have only one ADMIN
user which will still behave like old, "legacy" ADMIN user.
[1] https:/ /review. opendev. org/c/openstack /neutron- lib/+/781075
Conflicts:
neutron_ lib/db/ utils.py
neutron_ lib/tests/ unit/db/ test_utils. py
Closes-bug: #1996150 b6b4d06434f74cb e9d933a07a4 563596612208e60 14dee2ed88)
Change-Id: If3a97c4d3a0f4c
(cherry picked from commit 91759b17ea5d4d6