Merge "Remove db layer hard-code permission checks for network_create_safe"

nova/api/openstack/compute/contrib/os_networks.py

@@ -141,6 +141,9 @@ class NetworkController(wsgi.Controller):
     def create(self, req, body):
         context = req.environ['nova.context']
         authorize(context)
+        # NOTE(shaohe-feng): back-compatible with db layer hard-code
+        # admin permission checks.  call db API objects.Network.create
+        nova_context.require_admin_context(context)
 
         def bad(e):
             return exc.HTTPBadRequest(explanation=e)

nova/db/sqlalchemy/api.py

@@ -2785,7 +2785,6 @@ def network_count_reserved_ips(context, network_id):
                     count()
 
 
-@require_admin_context
 def network_create_safe(context, values):
     network_ref = models.Network()
     network_ref['uuid'] = str(uuid.uuid4())

nova/tests/unit/api/openstack/compute/contrib/test_networks.py

@@ -250,9 +250,9 @@ class NetworkCreateExceptionsTestV21(test.TestCase):
         fakes.stub_out_networking(self.stubs)
         fakes.stub_out_rate_limiting(self.stubs)
         self.new_network = copy.deepcopy(NEW_NETWORK)
-        self.req = fakes.HTTPRequest.blank('')
 
     def _setup(self):
+        self.req = fakes.HTTPRequest.blank('')
         self.controller = networks_v21.NetworkController(self.PassthroughAPI())
 
     def test_network_create_bad_vlan(self):
@@ -314,6 +314,7 @@ class NetworkCreateExceptionsTestV2(NetworkCreateExceptionsTestV21):
     def _setup(self):
         ext_mgr = extensions.ExtensionManager()
         ext_mgr.extensions = {'os-extended-networks': 'fake'}
+        self.req = fakes.HTTPRequest.blank('', use_admin_context=True)
 
         self.controller = networks.NetworkController(
                 self.PassthroughAPI(), ext_mgr)
@@ -534,6 +535,12 @@ class NetworksTestV2(NetworksTestV21):
             self.controller.add,
             self.non_admin_req, body={'id': uuid})
 
+    def test_network_create_with_non_admin(self):
+        self.assertRaises(
+            exception.AdminRequired,
+            self.controller.create,
+            self.non_admin_req, body=self.new_network)
+
 
 class NetworksAssociateTestV21(test.NoDBTestCase):
 

nova/tests/unit/api/openstack/compute/contrib/test_tenant_networks.py

@@ -257,6 +257,10 @@ class TenantNetworksTestV2(TenantNetworksTestV21):
     ctrlr = networks.NetworkController
     validation_error = webob.exc.HTTPBadRequest
 
+    def setUp(self):
+        super(TenantNetworksTestV2, self).setUp()
+        self.req = fakes.HTTPRequest.blank('', use_admin_context=True)
+
     def test_network_create_empty_body(self):
         self.assertRaises(webob.exc.HTTPUnprocessableEntity,
                           self.controller.create, self.req, {})