Merge "Honor volume:get policy"
This commit is contained in:
commit
13ba71df27
|
@ -4,7 +4,7 @@
|
|||
"admin_or_owner": [["is_admin:True"], ["project_id:%(project_id)s"]],
|
||||
|
||||
"volume:create": [],
|
||||
"volume:get": [],
|
||||
"volume:get": [["rule:admin_or_owner"]],
|
||||
"volume:get_all": [],
|
||||
"volume:get_volume_metadata": [],
|
||||
"volume:delete_volume_metadata": [],
|
||||
|
|
|
@ -282,15 +282,19 @@ class API(base.Base):
|
|||
self.db.volume_update(context, volume['id'], fields)
|
||||
|
||||
def get(self, context, volume_id, viewable_admin_meta=False):
|
||||
old_ctxt = context.deepcopy()
|
||||
if viewable_admin_meta:
|
||||
ctxt = context.elevated()
|
||||
else:
|
||||
ctxt = context
|
||||
rv = self.db.volume_get(ctxt, volume_id)
|
||||
volume = dict(rv.iteritems())
|
||||
if not context.is_admin and volume['project_id'] != context.project_id:
|
||||
try:
|
||||
check_policy(old_ctxt, 'get', volume)
|
||||
except exception.PolicyNotAuthorized:
|
||||
# raise VolumeNotFound instead to make sure Cinder behaves
|
||||
# as it used to
|
||||
raise exception.VolumeNotFound(volume_id=volume_id)
|
||||
check_policy(context, 'get', volume)
|
||||
return volume
|
||||
|
||||
def get_all(self, context, marker=None, limit=None, sort_key='created_at',
|
||||
|
|
Loading…
Reference in New Issue