manila

History

Mohammed Naser 87799bbb13 share_networks: enable project_only API only At the moment, the share_network database API which the web API layer interacts with directly does not have any checking for project_id which means that a user has the ability to run operations against any other share_network if they have the ID. This patch implements the usage of project_only in the database query which ensures that administrators still have the behaviour of getting any share network they want, but users can only pull up those which are part of their context/authenticated project. This patch also adjusts a few other tests due to the fact that the existing tests would run a lot of inserts with a different project_id than the context, which is not allowed in this new API behaviour. Therefore, the instances that involved projects different than the context were converted to elevated ones. There was also an instance where they were being created with a project_id that did not match the fake context, therefore the context was adjusted accordingly as well. Closes-Bug: #1861485 Change-Id: Id67a939a475c4ac06d546b7e095bd10f1a6d2619 (cherry picked from commit `947315f090`) (cherry picked from commit `496e6e1d2a`) (cherry picked from commit `039ab2b020`) (cherry picked from commit `496bb1473e`) (cherry picked from commit `c3b92b030a`) Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>	2020-03-10 13:53:30 -07:00
..
notes	share_networks: enable project_only API only	2020-03-10 13:53:30 -07:00
source	doc migration: openstackdocstheme completion	2017-08-25 13:54:48 -04:00

Mohammed Naser 87799bbb13 share_networks: enable project_only API only

At the moment, the share_network database API which the web
API layer interacts with directly does not have any checking
for project_id which means that a user has the ability to run
operations against any other share_network if they have the ID.

This patch implements the usage of project_only in the database
query which ensures that administrators still have the behaviour
of getting any share network they want, but users can only pull
up those which are part of their context/authenticated project.

This patch also adjusts a few other tests due to the fact that
the existing tests would run a lot of inserts with a different
project_id than the context, which is not allowed in this new
API behaviour.  Therefore, the instances that involved projects
different than the context were converted to elevated ones.

There was also an instance where they were being created with a
project_id that did not match the fake context, therefore the
context was adjusted accordingly as well.

Closes-Bug: #1861485
Change-Id: Id67a939a475c4ac06d546b7e095bd10f1a6d2619
(cherry picked from commit 947315f090)
(cherry picked from commit 496e6e1d2a)
(cherry picked from commit 039ab2b020)
(cherry picked from commit 496bb1473e)
(cherry picked from commit c3b92b030a)
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>

2020-03-10 13:53:30 -07:00

notes share_networks: enable project_only API only 2020-03-10 13:53:30 -07:00

source doc migration: openstackdocstheme completion 2017-08-25 13:54:48 -04:00