From 5a2932f609ba80350ac4020ae89d25c72e3a8519 Mon Sep 17 00:00:00 2001
From: He Jie Xu <hejie.xu@intel.com>
Date: Fri, 10 Jul 2015 13:44:54 +0800
Subject: [PATCH] Remove db layer hard-code permission checks for
 provider_fw_rule_*

The db calls provider_fw_rule_* is only invoked by nova internal code.
There isn't any REST API entry for them. So this patch remove the
hard-code permission for them directly.

Partially implements bp nova-api-policy-final-part

Change-Id: I2b2d5410c37fc2e777a800952b7773669abc5738
---
 nova/db/sqlalchemy/api.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
index ef4ad66ef337..75c45ca9bfd7 100644
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -4301,7 +4301,6 @@ def security_group_default_rule_list(context):
 ###################
 
 
-@require_admin_context
 def provider_fw_rule_create(context, rule):
     fw_rule_ref = models.ProviderFirewallRule()
     fw_rule_ref.update(rule)
@@ -4309,12 +4308,10 @@ def provider_fw_rule_create(context, rule):
     return fw_rule_ref
 
 
-@require_admin_context
 def provider_fw_rule_get_all(context):
     return model_query(context, models.ProviderFirewallRule).all()
 
 
-@require_admin_context
 def provider_fw_rule_destroy(context, rule_id):
     session = get_session()
     with session.begin():