diff options
| author | Chris Behrens <cbehrens@codestud.com> | 2011-09-21 06:40:52 +0000 |
|---|---|---|
| committer | Chris Behrens <cbehrens@codestud.com> | 2011-09-21 06:40:52 +0000 |
| commit | 778a1d162bbb8032e319d2bc2ae99c20339e1a47 (patch) | |
| tree | b79f6bf46b9080041b246dd498dd4aa8fea78328 | |
| parent | 67a2445265c8bce704802935b83c6e1ece805332 (diff) | |
| download | nova-778a1d162bbb8032e319d2bc2ae99c20339e1a47.tar.gz nova-778a1d162bbb8032e319d2bc2ae99c20339e1a47.tar.xz nova-778a1d162bbb8032e319d2bc2ae99c20339e1a47.zip | |
floating_ip_get_by_address should check user's project_id
| -rw-r--r-- | nova/db/sqlalchemy/api.py | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index 523258841..a968e1f4b 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -532,7 +532,6 @@ def floating_ip_count_by_project(context, project_id): def floating_ip_fixed_ip_associate(context, floating_address, fixed_address): session = get_session() with session.begin(): - # TODO(devcamcar): How to ensure floating_id belongs to user? floating_ip_ref = floating_ip_get_by_address(context, floating_address, session=session) @@ -547,7 +546,6 @@ def floating_ip_fixed_ip_associate(context, floating_address, fixed_address): def floating_ip_deallocate(context, address): session = get_session() with session.begin(): - # TODO(devcamcar): How to ensure floating id belongs to user? floating_ip_ref = floating_ip_get_by_address(context, address, session=session) @@ -561,7 +559,6 @@ def floating_ip_deallocate(context, address): def floating_ip_destroy(context, address): session = get_session() with session.begin(): - # TODO(devcamcar): Ensure address belongs to user. floating_ip_ref = floating_ip_get_by_address(context, address, session=session) @@ -572,8 +569,6 @@ def floating_ip_destroy(context, address): def floating_ip_disassociate(context, address): session = get_session() with session.begin(): - # TODO(devcamcar): Ensure address belongs to user. - # Does get_floating_ip_by_address handle this? floating_ip_ref = floating_ip_get_by_address(context, address, session=session) @@ -641,15 +636,20 @@ def floating_ip_get_all_by_project(context, project_id): @require_context def floating_ip_get_by_address(context, address, session=None): - # TODO(devcamcar): Ensure the address belongs to user. if not session: session = get_session() - result = session.query(models.FloatingIp).\ + query = session.query(models.FloatingIp).\ options(joinedload_all('fixed_ip.network')).\ - filter_by(address=address).\ - filter_by(deleted=can_read_deleted(context)).\ - first() + filter_by(address=address) + + if is_admin_context(context): + query = query.filter_by(deleted=can_read_deleted(context))) + elif is_user_context(context): + query = query.filter_by(project_id=context.project_id).\ + filter_by(deleted=False) + + result = query.first() if not result: raise exception.FloatingIpNotFoundForAddress(address=address) return result |