From: Aaron Rosen <arosen@nicira.com>
Date: Sat, 16 Feb 2013 21:01:29 +0000 (-0800)
Subject: Unable to update port as non-admin nvp plugin
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=cbb3a5366b4f720eee8f17218035efd349348d8d;p=openstack-build%2Fneutron-build.git

Unable to update port as non-admin nvp plugin

The port security patch to the nvp plugin broken the ability to update a port
as a non admin user. This patch fixes that and adds a unit test for updating
a port as a non-admin user since there was not one before.

Fixes bug 1127514

Change-Id: I9ac44a8eef14e5beeee020a901615e067ed50fbe
---

diff --git a/quantum/plugins/nicira/nicira_nvp_plugin/QuantumPlugin.py b/quantum/plugins/nicira/nicira_nvp_plugin/QuantumPlugin.py
index dbbfe5c75..8f20610e5 100644
--- a/quantum/plugins/nicira/nicira_nvp_plugin/QuantumPlugin.py
+++ b/quantum/plugins/nicira/nicira_nvp_plugin/QuantumPlugin.py
@@ -1150,8 +1150,10 @@ class NvpPluginV2(db_base_plugin_v2.QuantumDbPluginV2,
         return port_data
 
     def update_port(self, context, id, port):
-        self._enforce_set_auth(context, port,
-                               self.port_security_enabled_update)
+        if attr.is_attr_set(port['port'].get(psec.PORTSECURITY)):
+            self._enforce_set_auth(context, port,
+                                   self.port_security_enabled_update)
+        tenant_id = self._get_tenant_id_for_create(context, port)
         delete_security_groups = self._check_update_deletes_security_groups(
             port)
         has_security_groups = self._check_update_has_security_groups(port)
@@ -1161,7 +1163,6 @@ class NvpPluginV2(db_base_plugin_v2.QuantumDbPluginV2,
                 context, id, port)
             # copy values over
             ret_port.update(port['port'])
-            tenant_id = self._get_tenant_id_for_create(context, ret_port)
 
             # TODO(salvatore-orlando): We might need transaction management
             # but the change for metadata support should not be too disruptive
diff --git a/quantum/tests/unit/test_db_plugin.py b/quantum/tests/unit/test_db_plugin.py
index a2c86e2a5..48a85da2b 100644
--- a/quantum/tests/unit/test_db_plugin.py
+++ b/quantum/tests/unit/test_db_plugin.py
@@ -835,6 +835,20 @@ fixed_ips=ip_address%%3D%s&fixed_ips=ip_address%%3D%s&fixed_ips=subnet_id%%3D%s
             self.assertEqual(res['port']['admin_state_up'],
                              data['port']['admin_state_up'])
 
+    def test_update_port_not_admin(self):
+        res = self._create_network(self.fmt, 'net1', True,
+                                   tenant_id='not_admin',
+                                   set_context=True)
+        net1 = self.deserialize(self.fmt, res)
+        res = self._create_port(self.fmt, net1['network']['id'],
+                                tenant_id='not_admin', set_context=True)
+        port = self.deserialize(self.fmt, res)
+        data = {'port': {'admin_state_up': False}}
+        quantum_context = context.Context('', 'not_admin')
+        port = self._update('ports', port['port']['id'], data,
+                            quantum_context=quantum_context)
+        self.assertEqual(port['port']['admin_state_up'], False)
+
     def test_update_device_id_null(self):
         with self.port() as port:
             data = {'port': {'device_id': None}}