review.fuel-infra Code Review - openstack-build/cinder-build.git/commit

author	Kuo-tung Kao <jelly.k@inwinstack.com>
	Tue, 28 Jul 2015 09:44:57 +0000 (17:44 +0800)
committer	Kuo-tung Kao <jelly.k@inwinstack.com>
	Fri, 14 Aug 2015 14:53:45 +0000 (14:53 +0000)
commit	b7c7bb8f951d6d5155f70887282ddb9e4fd2a3fb
tree	3c900bd32b38f246d5c0f0e7c31a1103b3046513	tree \| snapshot
parent	dde1b685fba29a2c60188de79e8539ffc991b07f	commit \| diff

Don't use context.elevated to get volume

Original Problem:
=================
Since the metadata(readonly and attached_mode) is stored in admin metadata,
normal user need `run context.elevated` to retrieves admin metadata.
The above way will bring a side effect. Normal user can also get
any volume which the user shouldn't access when the user knows the UUID.

Solution:
=========
Use context instead of context.elevated to get volume.
And add admin metadata to it.
Based on cinder-meetup-summer-2015 conclusion, we use the solution.
The solution will need extra database connection.

Change-Id: I06f21e7578b65a59c0fe4d3afe0e882ed73c4725
Closes-Bug: #1477625

cinder/tests/unit/api/v1/test_volumes.py		diff \| blob \| history
cinder/tests/unit/api/v2/stubs.py		diff \| blob \| history
cinder/tests/unit/api/v2/test_volumes.py		diff \| blob \| history
cinder/utils.py		diff \| blob \| history
cinder/volume/api.py		diff \| blob \| history