def filter_result(self, hit, request_context):
super(ImageIndex, self).filter_result(hit, request_context)
if property_utils.is_property_protection_enabled():
source = hit['_source']
for key in list(source.keys()):
if key not in self._image_base_properties:
if not self.property_rules.check_property_rules(
key, 'read', request_context):
del source[key]
def filter_result(self, hit, request_context):
super(ImageIndex, self).filter_result(hit, request_context)
if property_utils.is_property_protection_enabled():
source = hit['_source']
for key in list(source.keys()):
if key not in self._image_base_properties:
if not self.property_rules.check_property_rules(
key, 'read', request_context):
del source[key]
def __init__(self, policy_enforcer=None):
super(ImageIndex, self).__init__()
self.policy = policy_enforcer or policy.Enforcer()
if property_utils.is_property_protection_enabled():
self.property_rules = property_utils.PropertyRules(self.policy)
self._image_base_properties = [
'checksum', 'created_at', 'container_format', 'disk_format', 'id',
'min_disk', 'min_ram', 'name', 'size', 'virtual_size', 'status',
'tags', 'updated_at', 'visibility', 'protected', 'owner',
'members']
def __init__(self, policy_enforcer=None):
super(ImageIndex, self).__init__()
self.policy = policy_enforcer or policy.Enforcer()
if property_utils.is_property_protection_enabled():
self.property_rules = property_utils.PropertyRules(self.policy)
self._image_base_properties = [
'checksum', 'created_at', 'container_format', 'disk_format', 'id',
'min_disk', 'min_ram', 'name', 'size', 'virtual_size', 'status',
'tags', 'updated_at', 'visibility', 'protected', 'owner',
'members', 'project_id']
def filter_result(self, result, request_context):
if property_utils.is_property_protection_enabled():
hits = result['hits']['hits']
for hit in hits:
if hit['_type'] == self.get_document_type():
source = hit['_source']
for key in source.keys():
if key not in self._image_base_properties:
if not self.property_rules.check_property_rules(
key, 'read', request_context):
del hit['_source'][key]
return result
def filter_result(self, hit, request_context):
super(ImageIndex, self).filter_result(hit, request_context)
source = hit['_source']
if property_utils.is_property_protection_enabled():
for key in list(source.keys()):
if key not in self._image_base_properties:
if not self.property_rules.check_property_rules(
key, 'read', request_context):
del source[key]
# Strip out the members list for non-admins or non-owners. The glance
# api leaves just the current tenant in the list for non-admins
if not (request_context.is_admin or
source['owner'] == request_context.tenant):
if source.get('members', []):
# Remove any members that don't match the current tenant
source['members'] = list(filter(
lambda m: m == request_context.tenant,
source['members']))
def filter_result(self, hit, request_context):
super(ImageIndex, self).filter_result(hit, request_context)
source = hit['_source']
if property_utils.is_property_protection_enabled():
for key in list(source.keys()):
if key not in self._image_base_properties:
if not self.property_rules.check_property_rules(
key, 'read', request_context):
del source[key]
# Strip out the members list for non-admins or non-owners. The glance
# api leaves just the current tenant in the list for non-admins
if not (request_context.is_admin
or source['owner'] == request_context.tenant):
if source.get('members', []):
# Remove any members that don't match the current tenant
source['members'] = list(
filter(lambda m: m == request_context.tenant,
source['members']))
