From 9577735242b28f7f662ed569fcc20fc714356e69 Mon Sep 17 00:00:00 2001 From: Thomas Bachman Date: Wed, 30 Aug 2023 21:59:29 +0000 Subject: [PATCH] Fix policy.json The order of the admin_owner_or_network_owner alias in the policy.json file can trigger DB queries for the network resource in order to complete the policy checks, even in cases where those checw aren't needed. This changes the order of the policy rule to ensure that checks for the tenant ID owner are made before looking at the tenant ID of the network. Change-Id: Ic3a7c99ff69c652bd1df4d43a98f298da876b4ba --- etc/policy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/policy.json b/etc/policy.json index b63b6646f..263efe1c7 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -4,7 +4,7 @@ "admin_or_owner": "rule:context_is_admin or rule:owner", "context_is_advsvc": "role:advsvc", "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", - "admin_owner_or_network_owner": "rule:admin_or_network_owner or rule:owner", + "admin_owner_or_network_owner": "rule:owner or rule:admin_or_network_owner", "admin_only": "rule:context_is_admin", "regular_user": "", "shared": "field:networks:shared=True",