openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/api/v2
History
lzklibj 67abf5f9f0 RBAC: Fix port query and deletion for network owner 
Network owner should be able to get all ports and delete ports on
network as policy allowed. But current code fails to support this.

Current model query for Port is still based on tenant_id, it forgets
to check for network owner when context tenant_id is not port owner.

For port_delete action, policy will generate checking rules for port
attributes, such as:
    rule:delete_port:binding:vif_details
    rule:delete_port:binding:vif_type
This doesn't make sense, only single policy rule "rule:delete_port"
is enough to check.

This patch fixes this issue.

Co-Authored-By: Kevin Benton <kevinbenton@buttewifi.com>
Change-Id: I55328cb43207654b9bb4cfb732923982d020ab0a
Closes-Bug: #1498790
 		2016-03-15 10:11:18 +08:00
..
__init__.py Remove invalid copyright headers under API module 2014-04-02 11:09:03 -07:00
attributes.py Merge "Fix module's import order" 2016-01-23 07:46:22 +00:00
base.py RBAC: Fix port query and deletion for network owner 2016-03-15 10:11:18 +08:00
resource.py Pecan routing for agent schedulers 2016-03-08 06:35:49 +00:00
resource_helper.py Use pecan controllers for routing 2015-09-18 06:00:14 -07:00
router.py Trival: Remove unused logging import 2015-12-26 12:49:56 +08:00