else:
usage = False
- # With hierarchical projects, only the admin of the current project or
- # the root project has privilege to perform quota show operations.
- target_project = self._get_project(context, target_project_id)
- context_project = self._get_project(context, context.project_id,
- subtree_as_ids=True)
+ try:
+ # With hierarchical projects, only the admin of the current project
+ # or the root project has privilege to perform quota show
+ # operations.
+ target_project = self._get_project(context, target_project_id)
+ context_project = self._get_project(context, context.project_id,
+ subtree_as_ids=True)
+
+ self._authorize_show(context_project, target_project)
+ parent_project_id = target_project.parent_id
+ except exceptions.Forbidden:
+ # NOTE(e0ne): Keystone API v2 requires admin permissions for
+ # project_get method. We ignore Forbidden exception for
+ # non-admin users.
+ parent_project_id = target_project_id
- self._authorize_show(context_project, target_project)
try:
sqlalchemy_api.authorize_project_context(context,
target_project_id)
raise webob.exc.HTTPForbidden()
quotas = self._get_quotas(context, target_project_id, usage,
- parent_project_id=target_project.parent_id)
+ parent_project_id=parent_project_id)
return self._format_quota_set(target_project_id, quotas)
@wsgi.serializers(xml=QuotaTemplate)
parent_id = target_project.parent_id
if parent_id:
- # Get the children of the project which the token is scoped to in
- # order to know if the target_project is in its hierarchy.
+ # Get the children of the project which the token is scoped to
+ # in order to know if the target_project is in its hierarchy.
context_project = self._get_project(context,
context.project_id,
subtree_as_ids=True)
def defaults(self, req, id):
context = req.environ['cinder.context']
authorize_show(context)
- project = self._get_project(context, context.project_id)
+ try:
+ project = self._get_project(context, context.project_id)
+ parent_id = project.parent_id
+ except exceptions.Forbidden:
+ # NOTE(e0ne): Keystone API v2 requires admin permissions for
+ # project_get method. We ignore Forbidden exception for
+ # non-admin users.
+ parent_id = context.project_id
+
return self._format_quota_set(id, QUOTAS.get_defaults(
- context, parent_project_id=project.parent_id))
+ context, parent_project_id=parent_id))
@wsgi.serializers(xml=QuotaTemplate)
def delete(self, req, id):
Code Review / openstack-build / cinder-build.git / commitdiff