From 5ebbd7867ebf061f2d4ec7f4b86b385e4bb8fcf5 Mon Sep 17 00:00:00 2001
From: Nikhil Manchanda <SlickNik@gmail.com>
Date: Wed, 16 Jul 2014 17:13:04 -0700
Subject: [PATCH] Restrict backup-list on instance to tenant

Fixed backup-list on an instance, so that we show all available backups for
the instance iff the user making the request is an admin. For a non-admin
user, we return only the backups in his particular tenant.

Change-Id: I2aff6dca053d8261bb70083bf52dac46806faabe
Closes-bug: 1295325
---
 trove/backup/models.py                    |  9 +++++++--
 trove/tests/api/mgmt/instances_actions.py | 16 +++++++++++-----
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/trove/backup/models.py b/trove/backup/models.py
index 53eaa1b134..3edb48efe1 100644
--- a/trove/backup/models.py
+++ b/trove/backup/models.py
@@ -205,8 +205,13 @@ class Backup(object):
         :return:
         """
         query = DBBackup.query()
-        query = query.filter_by(instance_id=instance_id,
-                                deleted=False)
+        if context.is_admin:
+            query = query.filter_by(instance_id=instance_id,
+                                    deleted=False)
+        else:
+            query = query.filter_by(instance_id=instance_id,
+                                    tenant_id=context.tenant,
+                                    deleted=False)
         return cls._paginate(context, query)
 
     @classmethod
diff --git a/trove/tests/api/mgmt/instances_actions.py b/trove/tests/api/mgmt/instances_actions.py
index 051a8aed4f..239f2a55d4 100644
--- a/trove/tests/api/mgmt/instances_actions.py
+++ b/trove/tests/api/mgmt/instances_actions.py
@@ -143,6 +143,8 @@ class RestartTaskStatusTests(MgmtInstanceBase):
 
         user = test_config.users.find_user(Requirements(is_admin=False))
         dbaas = create_dbaas_client(user)
+        admin = test_config.users.find_user(Requirements(is_admin=True))
+        admin_dbaas = create_dbaas_client(admin)
         result = dbaas.instances.backups(self.db_info.id)
         assert_equal(0, len(result))
 
@@ -171,15 +173,19 @@ class RestartTaskStatusTests(MgmtInstanceBase):
             instance_id=self.db_info.id,
             deleted=False)
 
-        # List the backups for this instance. There ought to be three!
+        # List the backups for this instance.
+        # There ought to be three in the admin tenant, but
+        # none in a different user's tenant.
         result = dbaas.instances.backups(self.db_info.id)
+        assert_equal(0, len(result))
+        result = admin_dbaas.instances.backups(self.db_info.id)
         assert_equal(3, len(result))
         self.backups_to_clear = result
 
         # Reset the task status.
         self.reset_task_status()
         self._reload_db_info()
-        result = dbaas.instances.backups(self.db_info.id)
+        result = admin_dbaas.instances.backups(self.db_info.id)
         assert_equal(3, len(result))
         for backup in result:
             if backup.name == 'forever_completed':
@@ -193,7 +199,7 @@ class RestartTaskStatusTests(MgmtInstanceBase):
         for backup in self.backups_to_clear:
             found_backup = backup_models.DBBackup.find_by(id=backup.id)
             found_backup.delete()
-        user = test_config.users.find_user(Requirements(is_admin=False))
-        dbaas = create_dbaas_client(user)
-        result = dbaas.instances.backups(self.db_info.id)
+        admin = test_config.users.find_user(Requirements(is_admin=True))
+        admin_dbaas = create_dbaas_client(admin)
+        result = admin_dbaas.instances.backups(self.db_info.id)
         assert_equal(0, len(result))