Filtering images by user_id now

2 files changed, 50 insertions, 5 deletions

diff --git a/nova/image/glance.py b/nova/image/glance.py
index b7bb88002..ec6e9e094 100644
--- a/nova/image/glance.py
+++ b/nova/image/glance.py
@@ -52,15 +52,28 @@ class GlanceImageService(service.BaseImageService):
         """
         Calls out to Glance for a list of images available
         """
-        return self.client.get_images()
+        # NOTE(sirp): We need to use get_images_detailed and not get_images
+        # here because we need `is_public` and properties included so we can
+        # filter by user
+        filtered = []
+        image_metas = self.client.get_images_detailed()
+        for image_meta in image_metas:
+            if self._is_image_available(context, image_meta):
+                meta = utils.subset_dict(image_meta, ('id', 'name'))
+                filtered.append(meta)
+        return filtered
 
     def detail(self, context):
         """
         Calls out to Glance for a list of detailed image information
         """
+        filtered = []
         image_metas = self.client.get_images_detailed()
-        translate = self._translate_to_base
-        return [translate(image_meta) for image_meta in image_metas]
+        for image_meta in image_metas:
+            if self._is_image_available(context, image_meta):
+                meta = self._translate_to_base(image_meta)
+                filtered.append(meta)
+        return filtered
 
     def show(self, context, image_id):
         """
@@ -145,3 +158,30 @@ class GlanceImageService(service.BaseImageService):
         Clears out all images
         """
         pass
+
+    @staticmethod
+    def _is_image_available(context, image_meta):
+        """
+        Images are always available if they are public or if the user is an
+        admin.
+
+        Otherwise, we filter by project_id (if present) and then fall-back to
+        images owned by user.
+        """
+        # FIXME(sirp): We should be filtering by user_id on the Glance side
+        # for security; however, we can't do that until we get authn/authz
+        # sorted out. Until then, filtering in Nova.
+        if image_meta['is_public'] or context.is_admin:
+            return True
+
+        properties = image_meta['properties']
+
+        if context.project_id and ('project_id' in properties):
+            return str(properties['project_id']) == str(project_id)
+
+        try:
+            user_id = properties['user_id']
+        except KeyError:
+            return False
+
+        return (str(user_id) == str(context.user_id))
diff --git a/nova/image/local.py b/nova/image/local.py
index 609d6c42a..1fb6e1f13 100644
--- a/nova/image/local.py
+++ b/nova/image/local.py
@@ -24,6 +24,7 @@ from nova import exception
 from nova import flags
 from nova import log as logging
 from nova.image import service
+from nova import utils
 
 
 FLAGS = flags.FLAGS
@@ -63,8 +64,12 @@ class LocalImageService(service.BaseImageService):
         return images
 
     def index(self, context):
-        return [dict(image_id=i['id'], name=i.get('name'))
-                for i in self.detail(context)]
+        filtered = []
+        image_metas = self.detail(context)
+        for image_meta in image_metas:
+            meta = utils.subset_dict(image_meta, ('id', 'name'))
+            filtered.append(meta)
+        return filtered
 
     def detail(self, context):
         images = []