Restrict backup-list on instance to tenant

Fixed backup-list on an instance, so that we show all available backups for the instance iff the user making the request is an admin. For a non-admin user, we return only the backups in his particular tenant. Change-Id: I2aff6dca053d8261bb70083bf52dac46806faabe Closes-bug: 1295325
2014-07-16 17:13:04 -07:00 · 2014-07-16 17:13:04 -07:00 · 5ebbd7867e
commit 5ebbd7867e
parent 8583560e86
2 changed files with 18 additions and 7 deletions
--- a/trove/backup/models.py
+++ b/trove/backup/models.py
@ -205,8 +205,13 @@ class Backup(object):
        :return:
        """
        query = DBBackup.query()
-        query = query.filter_by(instance_id=instance_id,
-                                deleted=False)
+        if context.is_admin:
+            query = query.filter_by(instance_id=instance_id,
+                                    deleted=False)
+        else:
+            query = query.filter_by(instance_id=instance_id,
+                                    tenant_id=context.tenant,
+                                    deleted=False)
        return cls._paginate(context, query)

    @classmethod
--- a/trove/tests/api/mgmt/instances_actions.py
+++ b/trove/tests/api/mgmt/instances_actions.py
@ -143,6 +143,8 @@ class RestartTaskStatusTests(MgmtInstanceBase):

        user = test_config.users.find_user(Requirements(is_admin=False))
        dbaas = create_dbaas_client(user)
+        admin = test_config.users.find_user(Requirements(is_admin=True))
+        admin_dbaas = create_dbaas_client(admin)
        result = dbaas.instances.backups(self.db_info.id)
        assert_equal(0, len(result))

@ -171,15 +173,19 @@ class RestartTaskStatusTests(MgmtInstanceBase):
            instance_id=self.db_info.id,
            deleted=False)

-        # List the backups for this instance. There ought to be three!
+        # List the backups for this instance.
+        # There ought to be three in the admin tenant, but
+        # none in a different user's tenant.
        result = dbaas.instances.backups(self.db_info.id)
+        assert_equal(0, len(result))
+        result = admin_dbaas.instances.backups(self.db_info.id)
        assert_equal(3, len(result))
        self.backups_to_clear = result

        # Reset the task status.
        self.reset_task_status()
        self._reload_db_info()
-        result = dbaas.instances.backups(self.db_info.id)
+        result = admin_dbaas.instances.backups(self.db_info.id)
        assert_equal(3, len(result))
        for backup in result:
            if backup.name == 'forever_completed':
@ -193,7 +199,7 @@ class RestartTaskStatusTests(MgmtInstanceBase):
        for backup in self.backups_to_clear:
            found_backup = backup_models.DBBackup.find_by(id=backup.id)
            found_backup.delete()
-        user = test_config.users.find_user(Requirements(is_admin=False))
-        dbaas = create_dbaas_client(user)
-        result = dbaas.instances.backups(self.db_info.id)
+        admin = test_config.users.find_user(Requirements(is_admin=True))
+        admin_dbaas = create_dbaas_client(admin)
+        result = admin_dbaas.instances.backups(self.db_info.id)
        assert_equal(0, len(result))