From 8077486b3c15012f4dbf270cd8c9fa3f48cb3d36 Mon Sep 17 00:00:00 2001
From: jakedahn <jake@markupisart.com>
Date: Thu, 9 Aug 2012 14:28:28 -0700
Subject: Default behavior should restrict admins to tenant for volumes.

  * NOTE: This is a port from cinder to nova volumes
  * Now to view all volumes or volume snapshots across
    all tenants you need to include the all_tenants=1
    GET param in your api request.
  * Fixes remaining issues blocking bug #967882

Change-Id: I7fe15e792b62e59973c7faa2cf1c52929ae5864f
---
 nova/api/openstack/volume/snapshots.py |  6 +++++-
 nova/api/openstack/volume/volumes.py   | 27 ++++++++++++++++++++++++++-
 2 files changed, 31 insertions(+), 2 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/openstack/volume/snapshots.py b/nova/api/openstack/volume/snapshots.py
index 209f78d13..91823de79 100644
--- a/nova/api/openstack/volume/snapshots.py
+++ b/nova/api/openstack/volume/snapshots.py
@@ -130,7 +130,11 @@ class SnapshotsController(object):
         """Returns a list of snapshots, transformed through entity_maker."""
         context = req.environ['nova.context']
 
-        snapshots = self.volume_api.get_all_snapshots(context)
+        search_opts = {}
+        search_opts.update(req.GET)
+
+        snapshots = self.volume_api.get_all_snapshots(context,
+                                                      search_opts=search_opts)
         limited_list = common.limited(snapshots, req)
         res = [entity_maker(context, snapshot) for snapshot in limited_list]
         return {'snapshots': res}
diff --git a/nova/api/openstack/volume/volumes.py b/nova/api/openstack/volume/volumes.py
index 83a2b2f63..4c12638b4 100644
--- a/nova/api/openstack/volume/volumes.py
+++ b/nova/api/openstack/volume/volumes.py
@@ -196,9 +196,15 @@ class VolumeController(object):
 
     def _items(self, req, entity_maker):
         """Returns a list of volumes, transformed through entity_maker."""
+
+        search_opts = {}
+        search_opts.update(req.GET)
+
         context = req.environ['nova.context']
+        remove_invalid_options(context,
+                               search_opts, self._get_volume_search_options())
 
-        volumes = self.volume_api.get_all(context)
+        volumes = self.volume_api.get_all(context, search_opts=search_opts)
         limited_list = common.limited(volumes, req)
         res = [entity_maker(context, vol) for vol in limited_list]
         return {'volumes': res}
@@ -253,6 +259,25 @@ class VolumeController(object):
 
         return wsgi.ResponseObject(result, headers=dict(location=location))
 
+    def _get_volume_search_options(self):
+        """Return volume search options allowed by non-admin."""
+        return ('name', 'status')
+
 
 def create_resource():
     return wsgi.Resource(VolumeController())
+
+
+def remove_invalid_options(context, search_options, allowed_search_options):
+    """Remove search options that are not valid for non-admin API/context."""
+    if context.is_admin:
+        # Allow all options
+        return
+    # Otherwise, strip out all unknown options
+    unknown_options = [opt for opt in search_options
+            if opt not in allowed_search_options]
+    bad_options = ", ".join(unknown_options)
+    log_msg = _("Removing options '%(bad_options)s' from query") % locals()
+    LOG.debug(log_msg)
+    for opt in unknown_options:
+        search_options.pop(opt, None)
-- 
cgit