Merge "Prevent admin role leak in context.elevated"

2014-11-25 15:11:45 +00:00 · 2014-11-25 15:11:45 +00:00 · 795091ecec
parent a7517b18fb 06e2319806
commit 795091ecec
2 changed files with 12 additions and 1 deletions
--- a/nova/context.py
+++ b/nova/context.py
@ -179,7 +179,7 @@ class RequestContext(object):

    def elevated(self, read_deleted=None, overwrite=False):
        """Return a version of this context with admin flag set."""
-        context = copy.copy(self)
+        context = copy.deepcopy(self)
        context.is_admin = True

        if 'admin' not in context.roles:
--- a/nova/tests/unit/test_context.py
+++ b/nova/tests/unit/test_context.py
@ -18,6 +18,17 @@ from nova import test

 class ContextTestCase(test.NoDBTestCase):

+    def test_request_context_elevated(self):
+        user_ctxt = context.RequestContext('111',
+                                           '222',
+                                           admin=False)
+        self.assertFalse(user_ctxt.is_admin)
+        admin_ctxt = user_ctxt.elevated()
+        self.assertTrue(admin_ctxt.is_admin)
+        self.assertIn('admin', admin_ctxt.roles)
+        self.assertFalse(user_ctxt.is_admin)
+        self.assertNotIn('admin', user_ctxt.roles)
+
    def test_request_context_sets_is_admin(self):
        ctxt = context.RequestContext('111',
                                      '222',