diff options
| author | jakedahn <jake@markupisart.com> | 2012-08-09 14:28:28 -0700 |
|---|---|---|
| committer | jakedahn <jake@markupisart.com> | 2012-08-10 13:43:15 -0700 |
| commit | 8077486b3c15012f4dbf270cd8c9fa3f48cb3d36 (patch) | |
| tree | c8b4fc51bf5526c6db73e01f52eb9d3fcc324446 /nova/volume | |
| parent | 2ef345534afe2d1640dd1d7ad42454d477ca2a94 (diff) | |
Default behavior should restrict admins to tenant for volumes.
* NOTE: This is a port from cinder to nova volumes
* Now to view all volumes or volume snapshots across
all tenants you need to include the all_tenants=1
GET param in your api request.
* Fixes remaining issues blocking bug #967882
Change-Id: I7fe15e792b62e59973c7faa2cf1c52929ae5864f
Diffstat (limited to 'nova/volume')
| -rw-r--r-- | nova/volume/api.py | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/nova/volume/api.py b/nova/volume/api.py index a9ebeda28..d98c8d6eb 100644 --- a/nova/volume/api.py +++ b/nova/volume/api.py @@ -201,14 +201,19 @@ class API(base.Base): check_policy(context, 'get', volume) return volume - def get_all(self, context, search_opts={}): + def get_all(self, context, search_opts=None): check_policy(context, 'get_all') - if context.is_admin: + + if search_opts is None: + search_opts = {} + + if (context.is_admin and 'all_tenants' in search_opts): + # Need to remove all_tenants to pass the filtering below. + del search_opts['all_tenants'] volumes = self.db.volume_get_all(context) else: volumes = self.db.volume_get_all_by_project(context, - context.project_id) - + context.project_id) if search_opts: LOG.debug(_("Searching by: %s") % str(search_opts)) @@ -247,11 +252,18 @@ class API(base.Base): rv = self.db.snapshot_get(context, snapshot_id) return dict(rv.iteritems()) - def get_all_snapshots(self, context): + def get_all_snapshots(self, context, search_opts=None): check_policy(context, 'get_all_snapshots') - if context.is_admin: + + search_opts = search_opts or {} + + if (context.is_admin and 'all_tenants' in search_opts): + # Need to remove all_tenants to pass the filtering below. + del search_opts['all_tenants'] return self.db.snapshot_get_all(context) - return self.db.snapshot_get_all_by_project(context, context.project_id) + else: + return self.db.snapshot_get_all_by_project(context, + context.project_id) @wrap_check_policy def check_attach(self, context, volume): |