diff options
| author | Ziad Sawalha <ziad.sawalha@rackspace.com> | 2011-07-08 14:04:51 -0700 |
|---|---|---|
| committer | Ziad Sawalha <ziad.sawalha@rackspace.com> | 2011-07-08 14:04:51 -0700 |
| commit | 9528697d2fcfbe9b7ba1d445280d10dc4c8e1e8d (patch) | |
| tree | d4c309dc3c904bb40f361e70facc4a5572a7eb4a | |
| parent | 7f2451beccd1bdc17c98d4b271096faafc823af1 (diff) | |
| parent | 4497aadce3537e122042bae7760dbc2ee634d030 (diff) | |
| download | keystone-9528697d2fcfbe9b7ba1d445280d10dc4c8e1e8d.tar.gz keystone-9528697d2fcfbe9b7ba1d445280d10dc4c8e1e8d.tar.xz keystone-9528697d2fcfbe9b7ba1d445280d10dc4c8e1e8d.zip | |
Merge pull request #81 from xtoddx/master
Many-to-many users to tenants
| -rwxr-xr-x | keystone/backends/sqlalchemy/api/user.py | 38 | ||||
| -rwxr-xr-x | keystone/backends/sqlalchemy/models.py | 1 |
2 files changed, 26 insertions, 13 deletions
diff --git a/keystone/backends/sqlalchemy/api/user.py b/keystone/backends/sqlalchemy/api/user.py index fcdc74f7..304ba204 100755 --- a/keystone/backends/sqlalchemy/api/user.py +++ b/keystone/backends/sqlalchemy/api/user.py @@ -355,28 +355,40 @@ class UserAPI(BaseUserAPI): def users_get_by_tenant_get_page(self, tenant_id, marker, limit, session=None): + # This is broken. If a user has more than one role per project + # shit hits the fan because we're limiting the wrong model. + # Also the user lookup is nasty and potentially injectiable. if not session: session = get_session() - user = aliased(models.User) + user = aliased(models.UserRoleAssociation) if marker: - return session.query(user).\ - filter("tenant_id = :tenant_id").\ - params(tenant_id='%s' % tenant_id).\ - filter("id>=:marker").params( - marker='%s' % marker).order_by( - "id").limit(limit).all() + rv = session.query(user).\ + filter("tenant_id = :tenant_id").\ + params(tenant_id='%s' % tenant_id).\ + filter("id>=:marker").\ + params(marker='%s' % marker).\ + order_by("id").\ + limit(limit).\ + all() else: - return session.query(user).\ - filter("tenant_id = :tenant_id").\ - params(tenant_id='%s' % tenant_id).order_by( - "id").limit(limit).all() + rv = session.query(user).\ + filter("tenant_id = :tenant_id").\ + params(tenant_id='%s' % tenant_id).\ + order_by("id").\ + limit(limit).\ + all() + user_ids = set([assoc.user_id for assoc in rv]) + users = session.query(models.User).\ + filter("id in ('%s')" % "','".join(user_ids)).\ + all() + return users def users_get_by_tenant_get_page_markers(self, tenant_id, marker, limit, \ session=None): if not session: session = get_session() - user = aliased(models.User) + user = aliased(models.UserRoleAssociation) first = session.query(user).\ filter(user.tenant_id == tenant_id).\ order_by(user.id).first() @@ -431,4 +443,4 @@ class UserAPI(BaseUserAPI): group.id).all() def get(): - return UserAPI()
\ No newline at end of file + return UserAPI() diff --git a/keystone/backends/sqlalchemy/models.py b/keystone/backends/sqlalchemy/models.py index 16bc7a75..f2ca7dc0 100755 --- a/keystone/backends/sqlalchemy/models.py +++ b/keystone/backends/sqlalchemy/models.py @@ -92,6 +92,7 @@ class UserRoleAssociation(Base, KeystoneBase): tenant_id = Column(String(255), ForeignKey('tenants.id')) __table_args__ = (UniqueConstraint("user_id", "role_id", "tenant_id"), {}) + user = relationship('User') class Endpoints(Base, KeystoneBase): __tablename__ = 'endpoints' |