Remove "Change Password" from users table for non-admin users

If you're a user without administrative permissions, you will not be able to edit a password using the table inside the identity section due to the fact that it uses a different edit API which is not meant to be used for the user-side of things. This patch adds a policy change in order to hide the change password link for normal users, while keeping the functionality inside the Settings panel still intact. This change was first broken by I76eb9f95c7112bcbad75ee151f363f892298d081 Partial-Bug: 1788384 Change-Id: I7a64257ac274c9dac5705ba72a85833f8e7a1591
2018-08-27 16:40:21 -04:00 · 2018-08-27 16:40:21 -04:00 · 0630be639b
commit 0630be639b
parent 7899b04888
2 changed files with 9 additions and 1 deletions
--- a/openstack_dashboard/dashboards/identity/users/tables.py
+++ b/openstack_dashboard/dashboards/identity/users/tables.py
@ -54,12 +54,15 @@ class EditUserLink(policy.PolicyTargetMixin, tables.LinkAction):
        return api.keystone.keystone_can_edit_user()


-class ChangePasswordLink(tables.LinkAction):
+class ChangePasswordLink(policy.PolicyTargetMixin, tables.LinkAction):
    name = "change_password"
    verbose_name = _("Change Password")
    url = "horizon:identity:users:change_password"
    classes = ("ajax-modal",)
    icon = "key"
+    policy_rules = (("identity", "identity:update_user"),)
+    policy_target_attrs = (("user_id", "id"),
+                           ("target.user.domain_id", "domain_id"))

    def allowed(self, request, user):
        return api.keystone.keystone_can_edit_user()
--- a/releasenotes/notes/remove-change-pw-from-users-table-ef8d45a4a95762e0.yaml
+++ b/releasenotes/notes/remove-change-pw-from-users-table-ef8d45a4a95762e0.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixed a bug where non-admin users would be shown the "Change Password"
+    button for users listed under the Identity panel.