Check project permissions for share replicas

Fixed the issue of returning more share replicas than we should be in a project context. Derived project id from parent share in the share replicas listing query in non-admin share replicas listing request scenarios. Change-Id: If28d97a9916ce56d7f7bf93274f5618eee01c209 Closes-Bug: #1922243 Depends-On: I69c31a33c1aad8edae2d90ad6101da1be650be85
2021-04-01 18:38:58 +02:00 · 2021-04-01 18:38:58 +02:00 · 6484de9251
commit 6484de9251
parent b7f417afdf
2 changed files with 14 additions and 0 deletions
--- a/manila/db/sqlalchemy/api.py
+++ b/manila/db/sqlalchemy/api.py
@ -1851,6 +1851,12 @@ def _share_replica_get_with_filters(context, share_id=None, replica_id=None,
    query = model_query(context, models.ShareInstance, session=session,
                        read_deleted="no")

+    if not context.is_admin:
+        query = query.join(
+            models.Share,
+            models.ShareInstance.share_id == models.Share.id).filter(
+            models.Share.project_id == context.project_id)
+
    if share_id is not None:
        query = query.filter(models.ShareInstance.share_id == share_id)

--- a/releasenotes/notes/bug-1922243-fix-project-only-replica-listing-f5f2b95ef14c3ded.yaml
+++ b/releasenotes/notes/bug-1922243-fix-project-only-replica-listing-f5f2b95ef14c3ded.yaml
@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    Fixed an issue that caused Manila to return all projects' share replicas
+    even when the user was not an administrator. Now, when the user is not an
+    administrator, only the replicas in the project perspective are going to
+    be displayed. For more details, please refer to
+    `Launchpad Bug #1922243 <https://bugs.launchpad.net/manila/+bug/1922243>`_