diff options
| author | Jenkins <jenkins@review.openstack.org> | 2012-08-12 00:34:51 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2012-08-12 00:34:51 +0000 |
| commit | 0effb5ce1dec1ebb0dfc748ac7f67d771c1281a7 (patch) | |
| tree | 80dd81c40db76344842170b1040361803999c4e1 /nova/api | |
| parent | cddfa51bd02d9171e71b498c6ff904e56c0129f8 (diff) | |
| parent | 8077486b3c15012f4dbf270cd8c9fa3f48cb3d36 (diff) | |
| download | nova-0effb5ce1dec1ebb0dfc748ac7f67d771c1281a7.tar.gz nova-0effb5ce1dec1ebb0dfc748ac7f67d771c1281a7.tar.xz nova-0effb5ce1dec1ebb0dfc748ac7f67d771c1281a7.zip | |
Merge "Default behavior should restrict admins to tenant for volumes."
Diffstat (limited to 'nova/api')
| -rw-r--r-- | nova/api/openstack/volume/snapshots.py | 6 | ||||
| -rw-r--r-- | nova/api/openstack/volume/volumes.py | 27 |
2 files changed, 31 insertions, 2 deletions
diff --git a/nova/api/openstack/volume/snapshots.py b/nova/api/openstack/volume/snapshots.py index 209f78d13..91823de79 100644 --- a/nova/api/openstack/volume/snapshots.py +++ b/nova/api/openstack/volume/snapshots.py @@ -130,7 +130,11 @@ class SnapshotsController(object): """Returns a list of snapshots, transformed through entity_maker.""" context = req.environ['nova.context'] - snapshots = self.volume_api.get_all_snapshots(context) + search_opts = {} + search_opts.update(req.GET) + + snapshots = self.volume_api.get_all_snapshots(context, + search_opts=search_opts) limited_list = common.limited(snapshots, req) res = [entity_maker(context, snapshot) for snapshot in limited_list] return {'snapshots': res} diff --git a/nova/api/openstack/volume/volumes.py b/nova/api/openstack/volume/volumes.py index 83a2b2f63..4c12638b4 100644 --- a/nova/api/openstack/volume/volumes.py +++ b/nova/api/openstack/volume/volumes.py @@ -196,9 +196,15 @@ class VolumeController(object): def _items(self, req, entity_maker): """Returns a list of volumes, transformed through entity_maker.""" + + search_opts = {} + search_opts.update(req.GET) + context = req.environ['nova.context'] + remove_invalid_options(context, + search_opts, self._get_volume_search_options()) - volumes = self.volume_api.get_all(context) + volumes = self.volume_api.get_all(context, search_opts=search_opts) limited_list = common.limited(volumes, req) res = [entity_maker(context, vol) for vol in limited_list] return {'volumes': res} @@ -253,6 +259,25 @@ class VolumeController(object): return wsgi.ResponseObject(result, headers=dict(location=location)) + def _get_volume_search_options(self): + """Return volume search options allowed by non-admin.""" + return ('name', 'status') + def create_resource(): return wsgi.Resource(VolumeController()) + + +def remove_invalid_options(context, search_options, allowed_search_options): + """Remove search options that are not valid for non-admin API/context.""" + if context.is_admin: + # Allow all options + return + # Otherwise, strip out all unknown options + unknown_options = [opt for opt in search_options + if opt not in allowed_search_options] + bad_options = ", ".join(unknown_options) + log_msg = _("Removing options '%(bad_options)s' from query") % locals() + LOG.debug(log_msg) + for opt in unknown_options: + search_options.pop(opt, None) |