Make the describe-resource API calls user-aware

Fixes #143

The stack retrieval DB calls were already fixed in previous commits but
there was still one query (resource_get_by_physical_resource_id) that
would return any resource, not just the ones owned the user.

Change-Id: Ie02ff1e8ba6ea8da2c3d0c7f0a87c32452824fc6
changes/00/200/2
Tomas Sedovic 10 years ago
parent d5d13120e4
commit 970c333d4e
  1. 5
      heat/db/sqlalchemy/api.py

@ -102,6 +102,9 @@ def resource_get_by_physical_resource_id(context, physical_resource_id):
result = (model_query(context, models.Resource)
.filter_by(nova_instance=physical_resource_id)
.first())
if (result is not None and context is not None and
result.stack.username != context.username):
return None
return result
@ -231,7 +234,7 @@ def event_get_all_by_user(context):
filter_by(username=context.username).all()
results = []
for stack in stacks:
results.extend(model_query(context, models.Event).\
results.extend(model_query(context, models.Event).
filter_by(stack_id=stack.id).all())
return results

Loading…
Cancel
Save