User with member role in project should also

be able to access contrial_cluster and its endpoints resources. frontend depednds on this to decide to display setup wizard. Marked as partial fix, as this fix is temporary. Permanant fix is to implment global access with global share table. Change-Id: I2fe5db92dd9f8f1b126c0010e9510f56ae7417dd Partial-Bug: 1787949
Juniper · Oct 12, 2018 · 7e0149e · 7e0149e
1 parent d78352e
commit 7e0149e
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/pkg/db/basedb/query_builder.go b/pkg/db/basedb/query_builder.go
@@ -21,6 +21,9 @@ const (
 	POSTGRES = "postgres"
 )
 
+//TODO(ijohnson) remove when global share table is supported.
+var globalResources = []string{"contrail_cluster", "endpoint"}
+
 // QueryBuilder builds list query.
 type QueryBuilder struct {
 	Dialect
@@ -271,7 +274,8 @@ func (qb *QueryBuilder) buildAuthQuery(ctx *queryContext) {
 	spec := ctx.spec
 	where := []string{}
 
-	if !auth.IsAdmin() {
+	//TODO(ijohnson) support global share table
+	if !auth.IsAdmin() && !common.ContainsString(globalResources, qb.Table) {
 		ctx.values = append(ctx.values, auth.ProjectID())
 		where = append(where, qb.Quote(qb.TableAlias, "owner")+" = "+qb.Placeholder(len(ctx.values)))
 		if spec.Shared {