openstack/deb-horizon
Code Issues Proposed changes

admin permissions depends on OPENSTACK_KEYSTONE_ADMIN_ROLES

Browse Source 
In dashboard or panel, 'openstack.roles.xxx' is used
as a permission control. 'xxx' in 'openstack.roles.xxx'
is a real role name.
At the moment, it is not addressed OPENSTACK_KEYSTONE_ADMIN_ROLES.
This patch will address it.

Change-Id: Ic7200dfdf403b63ef3210750617ae102b15c02c8
Closes-Bug: #1534409
This commit is contained in:
Kenji Ishii 2016-01-18 11:16:32 +09:00 committed by Timur Sufiev
parent fedb991435
commit cb0d1eaf46
6 changed files with 14 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openstack_dashboard/dashboards/admin/dashboard.py
View File

@ -14,7 +14,10 @@
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from openstack_auth import utils
import horizon import horizon
from openstack_dashboard import settings from openstack_dashboard import settings
@ -31,7 +34,6 @@ class Admin(horizon.Dashboard):
('orchestration', 'context_is_admin'), ('orchestration', 'context_is_admin'),
('telemetry', 'context_is_admin'),) ('telemetry', 'context_is_admin'),)
else: else:
permissions = ('openstack.roles.admin',) permissions = (tuple(utils.get_admin_permissions()),)
horizon.register(Admin) horizon.register(Admin)

9
openstack_dashboard/dashboards/identity/domains/workflows.py
View File

@ -18,15 +18,16 @@ from django.conf import settings
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from openstack_auth import utils
from horizon import exceptions from horizon import exceptions
from horizon import forms from horizon import forms
from horizon import messages from horizon import messages
from horizon import workflows from horizon import workflows
from openstack_dashboard import api from openstack_dashboard import api
from openstack_dashboard.dashboards.identity.domains import constants from openstack_dashboard.dashboards.identity.domains import constants
from openstack_dashboard.utils.identity import IdentityMixIn
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -295,7 +296,7 @@ class UpdateDomainInfo(workflows.Step):
"enabled") "enabled")
class UpdateDomain(workflows.Workflow, IdentityMixIn): class UpdateDomain(workflows.Workflow):
slug = "update_domain" slug = "update_domain"
name = _("Edit Domain") name = _("Edit Domain")
finalize_button_name = _("Save") finalize_button_name = _("Save")
@ -363,7 +364,7 @@ class UpdateDomain(workflows.Workflow, IdentityMixIn):
available_admin_role_ids = [ available_admin_role_ids = [
role.id for role in available_roles role.id for role in available_roles
if role.name.lower() in self.get_admin_roles() if role.name.lower() in utils.get_admin_roles()
] ]
admin_role_ids = [role for role in current_role_ids admin_role_ids = [role for role in current_role_ids
if role in available_admin_role_ids] if role in available_admin_role_ids]

6
openstack_dashboard/dashboards/identity/projects/tests.py
View File

@ -1805,9 +1805,3 @@ class SeleniumTests(test.SeleniumAdminTestCase):
for user in users: for user in users:
self.assertIn(user.name, members.text) self.assertIn(user.name, members.text)
@override_settings(OPENSTACK_KEYSTONE_ADMIN_ROLES=['foO', 'BAR', 'admin'])
def test_get_admin_roles(self):
mix_in = workflows.IdentityMixIn()
admin_roles = mix_in.get_admin_roles()
self.assertEqual(['foo', 'bar', 'admin'], admin_roles)

8
openstack_dashboard/dashboards/identity/projects/workflows.py
View File

@ -22,6 +22,8 @@ from django.conf import settings
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from openstack_auth import utils
from horizon import exceptions from horizon import exceptions
from horizon import forms from horizon import forms
from horizon import messages from horizon import messages
@ -33,7 +35,7 @@ from openstack_dashboard.api import cinder
from openstack_dashboard.api import keystone from openstack_dashboard.api import keystone
from openstack_dashboard.api import nova from openstack_dashboard.api import nova
from openstack_dashboard.usage import quotas from openstack_dashboard.usage import quotas
from openstack_dashboard.utils.identity import IdentityMixIn
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -605,7 +607,7 @@ class UpdateProjectInfo(workflows.Step):
"enabled") "enabled")
class UpdateProject(CommonQuotaWorkflow, IdentityMixIn): class UpdateProject(CommonQuotaWorkflow):
slug = "update_project" slug = "update_project"
name = _("Edit Project") name = _("Edit Project")
finalize_button_name = _("Save") finalize_button_name = _("Save")
@ -698,7 +700,7 @@ class UpdateProject(CommonQuotaWorkflow, IdentityMixIn):
available_roles, current_role_ids): available_roles, current_role_ids):
is_current_user = user_id == request.user.id is_current_user = user_id == request.user.id
is_current_project = project_id == request.user.tenant_id is_current_project = project_id == request.user.tenant_id
_admin_roles = self.get_admin_roles() _admin_roles = utils.get_admin_roles()
available_admin_role_ids = [role.id for role in available_roles available_admin_role_ids = [role.id for role in available_roles
if role.name.lower() in _admin_roles] if role.name.lower() in _admin_roles]
admin_roles = [role for role in current_role_ids admin_roles = [role for role in current_role_ids

10
openstack_dashboard/test/tests/utils.py
View File

@ -14,12 +14,10 @@
# under the License. # under the License.
import datetime import datetime
from django.test.utils import override_settings
import uuid import uuid
from openstack_dashboard.test import helpers as test from openstack_dashboard.test import helpers as test
from openstack_dashboard.utils import filters from openstack_dashboard.utils import filters
from openstack_dashboard.utils import identity
from openstack_dashboard.utils import metering from openstack_dashboard.utils import metering
@ -65,11 +63,3 @@ class UtilsMeteringTests(test.TestCase):
def test_calc_date_args_invalid(self): def test_calc_date_args_invalid(self):
self.assertRaises( self.assertRaises(
ValueError, metering.calc_date_args, object, object, "other") ValueError, metering.calc_date_args, object, object, "other")
class IdentityTests(test.BaseAdminViewTests):
@override_settings(OPENSTACK_KEYSTONE_ADMIN_ROLES=['foO', 'BAR', 'admin'])
def test_get_admin_roles(self):
mix_in = identity.IdentityMixIn()
admin_roles = mix_in.get_admin_roles()
self.assertEqual(['foo', 'bar', 'admin'], admin_roles)

25
openstack_dashboard/utils/identity.py
View File

@ -1,25 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from django.conf import settings
from horizon.utils.memoized import memoized # noqa
class IdentityMixIn(object):
@memoized
def get_admin_roles(self):
_admin_roles = [role.lower() for role in getattr(
settings,
'OPENSTACK_KEYSTONE_ADMIN_ROLES',
['admin'])]
return _admin_roles