From 9a20caa33682bafdb71398665974e7fa32dfb75d Mon Sep 17 00:00:00 2001
From: Dmitry Galkin <galkindmitrii@gmail.com>
Date: Thu, 27 Dec 2018 15:11:16 +0000
Subject: [PATCH] Fix the child search logic during zone deletion.

This patch uses elevated context to look up the child zones
when a (parent) zone is deleted. If policy allows deleting a
zone with non-admin role - the search will not find the child
zones in another tenant and therefore parent zone gets deleted.

Change-Id: Id1a8228f287a8f8e02462017cd062607ff4bebf8
Closes-Bug: 1809906
---
 designate/central/service.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/designate/central/service.py b/designate/central/service.py
index 3407a1c08..ec249018f 100644
--- a/designate/central/service.py
+++ b/designate/central/service.py
@@ -1094,7 +1094,9 @@ class Service(service.RPCService, service.Service):
         # Prevent deletion of a zone which has child zones
         criterion = {'parent_zone_id': zone_id}
 
-        if self.storage.count_zones(context, criterion) > 0:
+        # Look for child zones across all tenants with elevated context
+        if self.storage.count_zones(context.elevated(all_tenants=True),
+                                    criterion) > 0:
             raise exceptions.ZoneHasSubZone('Please delete any subzones '
                                             'before deleting this zone')