Merge "Make non-admin's VIM accessible for admin"

2019-08-21 02:55:48 +00:00 · 2019-08-21 02:55:48 +00:00 · 6bcdfa6220
parent 3a198b0ba6 f43264a420
commit 6bcdfa6220
2 changed files with 3 additions and 6 deletions
--- a/tacker/db/db_base.py
+++ b/tacker/db/db_base.py
@ -90,11 +90,6 @@ class CommonDbMixin(object):
                                (model.shared == sql.true()))
            else:
                query_filter = (model.tenant_id == context.tenant_id)
-        elif context.is_admin and hasattr(model, 'tenant_id'):
-            # NOTE(Lijiale) One tenant can not access other tenant's Vim,
-            # NOTE(Lijiale) even though this tenant has admin role.
-            if hasattr(model, 'shared'):
-                query_filter = (model.tenant_id == context.tenant_id)

        # Execute query hooks registered from mixins and plugins
        for _name, hooks in iteritems(self._model_query_hooks.get(model, {})):
--- a/tacker/db/nfvo/nfvo_db_plugin.py
+++ b/tacker/db/nfvo/nfvo_db_plugin.py
@ -201,7 +201,9 @@ class NfvoPluginDb(nfvo.NFVOPluginBase, db_base.CommonDbMixin):

    def _get_default_vim(self, context):
        query = self._model_query(context, nfvo_db.Vim)
-        return query.filter(nfvo_db.Vim.is_default == sql.true()).one()
+        return query.filter(
+            nfvo_db.Vim.tenant_id == context.tenant_id).filter(
+            nfvo_db.Vim.is_default == sql.true()).one()

    def get_default_vim(self, context):
        vim_db = self._get_default_vim(context)