Bug 1041745

Summary: [RFE][glance]: Authorization checks should not be in the database layer
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: low Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/glance/+spec/refactoring-remove-authz-from-db
Whiteboard: upstream_milestone_none upstream_status_not-started upstream_definition_approved
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 16:57:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 19:08:44 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/glance/+spec/refactoring-remove-authz-from-db.

Description:

Glance currently performs authorization checks in the database layer drivers. This approach has caused bugs in the past, increases the complexity of implementing drivers, and makes understanding the code more difficult. By adopting a query interface that supports Specification pattern arguments, we can make fairly simple db drivers and move all authorization constraints into a layer in the domain.

Specification URL (additional information):

None