openstack/mistral
Code Issues Proposed changes

Merge "Allow admin to retrieve everything"

Browse Source
This commit is contained in:
Zuul
2025-10-02 08:48:13 +00:00
committed by Gerrit Code Review
parent 8be59adc38 9e856dbdf4
commit e2015bae38
1 changed files with 73 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
mistral/db/v2/sqlalchemy/api.py
View File

@@ -269,6 +269,10 @@ def _delete_all(model, **kwargs):
def _get_collection(model, insecure=False, limit=None, marker=None,
sort_keys=None, sort_dirs=None, fields=None, **filters):
# Allow admin to retrieve all objects by overwriting insecure
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
columns = (
tuple([getattr(model, f) for f in fields if hasattr(model, f)])
if fields else ()
@@ -291,6 +295,10 @@ def _get_collection(model, insecure=False, limit=None, marker=None,
def get_db_objects(model, insecure=False, **filters):
# Allow admin to retrieve all objects by overwriting insecure
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
query = b.model_query(model) if insecure else _secure_query(model)
query = db_filters.apply_filters(query, model, **filters)
@@ -298,6 +306,10 @@ def get_db_objects(model, insecure=False, **filters):
def _get_count(model, insecure=False, **filters):
# Allow admin to retrieve all objects by overwriting insecure
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
query = b.model_query(model) if insecure else _secure_query(model)
query = db_filters.apply_filters(query, model, **filters)
@@ -312,6 +324,10 @@ def _get_db_object_by_name(model, name, columns=()):
def _get_db_object_by_id(model, id, insecure=False, columns=()):
# Allow admin to retrieve all objects by overwriting insecure
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
columns = (
tuple([getattr(model, f) for f in columns if hasattr(model, f)])
if columns and isinstance(columns, list) else columns
@@ -329,6 +345,10 @@ def _get_db_object_by_id(model, id, insecure=False, columns=()):
def _get_db_object_by_name_and_namespace_or_id(model, identifier,
namespace=None, insecure=False,
columns=()):
# Allow admin to retrieve all objects by overwriting insecure
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
columns = (
tuple([getattr(model, f) for f in columns if hasattr(model, f)])
if columns and isinstance(columns, list) else columns
@@ -359,6 +379,10 @@ def _get_db_object_by_name_and_namespace_or_id(model, identifier,
def _get_db_object_by_name_and_namespace(model, name,
namespace='', insecure=False,
columns=()):
# Allow admin to retrieve all objects by overwriting insecure
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
query = (
b.model_query(model, columns=columns)
if insecure
@@ -484,13 +508,16 @@ def get_workflow_definition(identifier, namespace='', fields=(), session=None):
(WorkflowDefinition.name,)
:return: Workflow definition.
"""
ctx = context.ctx()
# Allow admin to retrieve all objects by overwriting insecure
insecure = False
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
wf_def = _get_db_object_by_name_and_namespace_or_id(
models.WorkflowDefinition,
identifier,
namespace=namespace,
insecure=ctx.is_admin,
insecure=insecure,
columns=fields
)
@@ -936,8 +963,8 @@ def delete_action_definitions(session=None, **kwargs):
@b.session_aware()
def get_action_execution(id, insecure=False, fields=(), session=None):
# Allow admin to retrieve action execution by overwriting insecure
ctx = context.ctx()
insecure = ctx.is_admin or insecure
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
a_ex = _get_db_object_by_id(models.ActionExecution, id, insecure=insecure,
columns=fields)
@@ -978,6 +1005,10 @@ def create_action_execution(values, session=None):
@b.session_aware()
def update_action_execution(id, values, insecure=False, session=None):
# Allow admin to retrieve all objects by overwriting insecure
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
a_ex = get_action_execution(id, insecure)
a_ex.update(values.copy())
@@ -1028,12 +1059,15 @@ def _get_action_executions(**kwargs):
@b.session_aware()
def get_workflow_execution(id, fields=(), session=None):
ctx = context.ctx()
# Allow admin to retrieve all objects by overwriting insecure
insecure = False
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
wf_ex = _get_db_object_by_id(
models.WorkflowExecution,
id,
insecure=ctx.is_admin,
insecure=insecure,
columns=fields
)
@@ -1095,7 +1129,10 @@ def create_or_update_workflow_execution(id, values, session=None):
@b.session_aware()
def delete_workflow_execution(id, session=None):
model = models.WorkflowExecution
insecure = context.ctx().is_admin
# Allow admin to retrieve all objects by overwriting insecure
insecure = False
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
query = b.model_query(model) if insecure else _secure_query(model)
try:
@@ -1138,7 +1175,11 @@ def delete_workflow_execution_recurse(wf_ex_id):
def _get_all_direct_subworkflows(wf_ex_id):
model = models.WorkflowExecution
insecure = context.ctx().is_admin
# Allow admin to retrieve all objects by overwriting insecure
insecure = False
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
if insecure:
query = b.model_query(model, [model.id])
else:
@@ -1168,11 +1209,13 @@ def update_workflow_execution_state(id, cur_state, state):
@b.session_aware()
def get_task_execution(id, fields=(), session=None):
# Allow admin to retrieve all tasks
ctx = context.ctx()
# Allow admin to retrieve all objects by overwriting insecure
insecure = False
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
task_ex = _get_db_object_by_id(models.TaskExecution, id,
insecure=ctx.is_admin, columns=fields)
insecure=insecure, columns=fields)
if not task_ex:
raise exc.DBEntityNotFoundError(
@@ -1623,12 +1666,15 @@ def _get_completed_root_executions_query(columns):
@b.session_aware()
def get_cron_trigger(identifier, session=None, fields=()):
ctx = context.ctx()
# Allow admin to retrieve all objects by overwriting insecure
insecure = False
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
cron_trigger = _get_db_object_by_name_and_namespace_or_id(
models.CronTrigger,
identifier,
insecure=ctx.is_admin,
insecure=insecure,
columns=fields,
)
@@ -1642,9 +1688,13 @@ def get_cron_trigger(identifier, session=None, fields=()):
@b.session_aware()
def get_cron_trigger_by_id(id, session=None, fields=()):
ctx = context.ctx()
# Allow admin to retrieve all objects by overwriting insecure
insecure = False
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
cron_trigger = _get_db_object_by_id(models.CronTrigger, id,
insecure=ctx.is_admin,
insecure=insecure,
columns=fields)
if not cron_trigger:
raise exc.DBEntityNotFoundError(
@@ -2009,6 +2059,10 @@ def _get_accepted_resources(res_type):
@b.session_aware()
def get_event_trigger(id, insecure=False, session=None, fields=()):
# Allow admin to retrieve all objects by overwriting insecure
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
event_trigger = _get_db_object_by_id(models.EventTrigger, id, insecure,
columns=fields)
@@ -2022,6 +2076,10 @@ def get_event_trigger(id, insecure=False, session=None, fields=()):
@b.session_aware()
def load_event_trigger(id, insecure=False, session=None, fields=()):
# Allow admin to retrieve all objects by overwriting insecure
if context.has_ctx():
insecure = context.ctx().is_admin or insecure
return _get_db_object_by_id(models.EventTrigger, id, insecure,
columns=fields)