From d5edb080b080bc5d5221f8586fc6ffdca7ab8b67 Mon Sep 17 00:00:00 2001
From: Slawek Kaplonski <skaplons@redhat.com>
Date: Fri, 21 Jun 2019 13:09:05 +0200
Subject: [PATCH] Treat networks shared by RBAC in same way as shared with all
 tenants

In patch [1] handle of networks with "shared" flag set to True was
fixed and it is now possible to use "rule:shared" in API policy in
actions related e.g. to ports or subnets.
But network can be shared with some specific tenant only by doing it
with RBAC mechanism and in such case it didn't work with [1] only.
It was like that because context.get_admin_context() was used to get
network so this returned network had got shared=False set even if
request comes from tenant for which network was shared through RBAC.

Now network will be always get with context which have got set proper
tenant_id so "shared" flag will be set properly even in case if it's
shared through RBAC.

[1] https://review.opendev.org/#/c/652636/

Change-Id: I38615c0d18bb5a1f22f3e7865ce24615a540aa9a
Closes-Bug: #1833455
---
 neutron/policy.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/neutron/policy.py b/neutron/policy.py
index 8b4f0bac02a..4be1eaeaa21 100644
--- a/neutron/policy.py
+++ b/neutron/policy.py
@@ -380,9 +380,11 @@ class FieldCheck(policy.Check):
                           "%(target_dict)s",
                           {'field': self.field, 'target_dict': target_dict})
                 return
+            project_id = target_dict.get('project_id')
+            ctx = (context.Context(tenant_id=project_id) if project_id
+                   else context.get_admin_context())
             plugin = directory.get_plugin()
-            network = plugin.get_network(
-                context.get_admin_context(), target_network_id)
+            network = plugin.get_network(ctx, target_network_id)
             target_value = network.get(self.field)
         if target_value is None:
             LOG.debug("Unable to find requested field: %(field)s in target: "