def filter_result(self, hit, request_context): super(ImageIndex, self).filter_result(hit, request_context) if property_utils.is_property_protection_enabled(): source = hit['_source'] for key in list(source.keys()): if key not in self._image_base_properties: if not self.property_rules.check_property_rules( key, 'read', request_context): del source[key]
def __init__(self, policy_enforcer=None): super(ImageIndex, self).__init__() self.policy = policy_enforcer or policy.Enforcer() if property_utils.is_property_protection_enabled(): self.property_rules = property_utils.PropertyRules(self.policy) self._image_base_properties = [ 'checksum', 'created_at', 'container_format', 'disk_format', 'id', 'min_disk', 'min_ram', 'name', 'size', 'virtual_size', 'status', 'tags', 'updated_at', 'visibility', 'protected', 'owner', 'members']
def __init__(self, policy_enforcer=None): super(ImageIndex, self).__init__() self.policy = policy_enforcer or policy.Enforcer() if property_utils.is_property_protection_enabled(): self.property_rules = property_utils.PropertyRules(self.policy) self._image_base_properties = [ 'checksum', 'created_at', 'container_format', 'disk_format', 'id', 'min_disk', 'min_ram', 'name', 'size', 'virtual_size', 'status', 'tags', 'updated_at', 'visibility', 'protected', 'owner', 'members', 'project_id']
def filter_result(self, result, request_context): if property_utils.is_property_protection_enabled(): hits = result['hits']['hits'] for hit in hits: if hit['_type'] == self.get_document_type(): source = hit['_source'] for key in source.keys(): if key not in self._image_base_properties: if not self.property_rules.check_property_rules( key, 'read', request_context): del hit['_source'][key] return result
def filter_result(self, hit, request_context): super(ImageIndex, self).filter_result(hit, request_context) source = hit['_source'] if property_utils.is_property_protection_enabled(): for key in list(source.keys()): if key not in self._image_base_properties: if not self.property_rules.check_property_rules( key, 'read', request_context): del source[key] # Strip out the members list for non-admins or non-owners. The glance # api leaves just the current tenant in the list for non-admins if not (request_context.is_admin or source['owner'] == request_context.tenant): if source.get('members', []): # Remove any members that don't match the current tenant source['members'] = list(filter( lambda m: m == request_context.tenant, source['members']))
def filter_result(self, hit, request_context): super(ImageIndex, self).filter_result(hit, request_context) source = hit['_source'] if property_utils.is_property_protection_enabled(): for key in list(source.keys()): if key not in self._image_base_properties: if not self.property_rules.check_property_rules( key, 'read', request_context): del source[key] # Strip out the members list for non-admins or non-owners. The glance # api leaves just the current tenant in the list for non-admins if not (request_context.is_admin or source['owner'] == request_context.tenant): if source.get('members', []): # Remove any members that don't match the current tenant source['members'] = list( filter(lambda m: m == request_context.tenant, source['members']))