openstack/deb-horizon
Code Issues Proposed changes

admin permissions depends on OPENSTACK_KEYSTONE_ADMIN_ROLES

Browse Source 
In dashboard or panel, 'openstack.roles.xxx' is used
as a permission control. 'xxx' in 'openstack.roles.xxx'
is a real role name.
At the moment, it is not addressed OPENSTACK_KEYSTONE_ADMIN_ROLES.
This patch will address it.

Change-Id: Ic7200dfdf403b63ef3210750617ae102b15c02c8
Closes-Bug: #1534409
This commit is contained in:
Kenji Ishii 2016-01-18 11:16:32 +09:00 committed by Timur Sufiev
parent fedb991435
commit cb0d1eaf46
6 changed files with 14 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openstack_dashboard/dashboards/admin/dashboard.py
View File

@ -14,7 +14,10 @@
from django.utils.translation import ugettext_lazy as _
from openstack_auth import utils
import horizon
from openstack_dashboard import settings
@ -31,7 +34,6 @@ class Admin(horizon.Dashboard):
('orchestration', 'context_is_admin'),
('telemetry', 'context_is_admin'),)
else:
permissions = ('openstack.roles.admin',)
permissions = (tuple(utils.get_admin_permissions()),)
horizon.register(Admin)

9
openstack_dashboard/dashboards/identity/domains/workflows.py
View File

@ -18,15 +18,16 @@ from django.conf import settings
from django.core.urlresolvers import reverse
from django.utils.translation import ugettext_lazy as _
from openstack_auth import utils
from horizon import exceptions
from horizon import forms
from horizon import messages
from horizon import workflows
from openstack_dashboard import api
from openstack_dashboard.dashboards.identity.domains import constants
from openstack_dashboard.utils.identity import IdentityMixIn
LOG = logging.getLogger(__name__)
@ -295,7 +296,7 @@ class UpdateDomainInfo(workflows.Step):
"enabled")
class UpdateDomain(workflows.Workflow, IdentityMixIn):
class UpdateDomain(workflows.Workflow):
slug = "update_domain"
name = _("Edit Domain")
finalize_button_name = _("Save")
@ -363,7 +364,7 @@ class UpdateDomain(workflows.Workflow, IdentityMixIn):
available_admin_role_ids = [
role.id for role in available_roles
if role.name.lower() in self.get_admin_roles()
if role.name.lower() in utils.get_admin_roles()
]
admin_role_ids = [role for role in current_role_ids
if role in available_admin_role_ids]

6
openstack_dashboard/dashboards/identity/projects/tests.py
View File

@ -1805,9 +1805,3 @@ class SeleniumTests(test.SeleniumAdminTestCase):
for user in users:
self.assertIn(user.name, members.text)
@override_settings(OPENSTACK_KEYSTONE_ADMIN_ROLES=['foO', 'BAR', 'admin'])
def test_get_admin_roles(self):
mix_in = workflows.IdentityMixIn()
admin_roles = mix_in.get_admin_roles()
self.assertEqual(['foo', 'bar', 'admin'], admin_roles)

8
openstack_dashboard/dashboards/identity/projects/workflows.py
View File

@ -22,6 +22,8 @@ from django.conf import settings
from django.core.urlresolvers import reverse
from django.utils.translation import ugettext_lazy as _
from openstack_auth import utils
from horizon import exceptions
from horizon import forms
from horizon import messages
@ -33,7 +35,7 @@ from openstack_dashboard.api import cinder
from openstack_dashboard.api import keystone
from openstack_dashboard.api import nova
from openstack_dashboard.usage import quotas
from openstack_dashboard.utils.identity import IdentityMixIn
LOG = logging.getLogger(__name__)
@ -605,7 +607,7 @@ class UpdateProjectInfo(workflows.Step):
"enabled")
class UpdateProject(CommonQuotaWorkflow, IdentityMixIn):
class UpdateProject(CommonQuotaWorkflow):
slug = "update_project"
name = _("Edit Project")
finalize_button_name = _("Save")
@ -698,7 +700,7 @@ class UpdateProject(CommonQuotaWorkflow, IdentityMixIn):
available_roles, current_role_ids):
is_current_user = user_id == request.user.id
is_current_project = project_id == request.user.tenant_id
_admin_roles = self.get_admin_roles()
_admin_roles = utils.get_admin_roles()
available_admin_role_ids = [role.id for role in available_roles
if role.name.lower() in _admin_roles]
admin_roles = [role for role in current_role_ids

10
openstack_dashboard/test/tests/utils.py
View File

@ -14,12 +14,10 @@
# under the License.
import datetime
from django.test.utils import override_settings
import uuid
from openstack_dashboard.test import helpers as test
from openstack_dashboard.utils import filters
from openstack_dashboard.utils import identity
from openstack_dashboard.utils import metering
@ -65,11 +63,3 @@ class UtilsMeteringTests(test.TestCase):
def test_calc_date_args_invalid(self):
self.assertRaises(
ValueError, metering.calc_date_args, object, object, "other")
class IdentityTests(test.BaseAdminViewTests):
@override_settings(OPENSTACK_KEYSTONE_ADMIN_ROLES=['foO', 'BAR', 'admin'])
def test_get_admin_roles(self):
mix_in = identity.IdentityMixIn()
admin_roles = mix_in.get_admin_roles()
self.assertEqual(['foo', 'bar', 'admin'], admin_roles)

25
openstack_dashboard/utils/identity.py
View File

@ -1,25 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from django.conf import settings
from horizon.utils.memoized import memoized # noqa
class IdentityMixIn(object):
@memoized
def get_admin_roles(self):
_admin_roles = [role.lower() for role in getattr(
settings,
'OPENSTACK_KEYSTONE_ADMIN_ROLES',
['admin'])]
return _admin_roles