openstack/horizon
Code Issues Proposed changes

Merge "Don't send enable_port_security when disallowed by policy"

Browse Source
This commit is contained in:
Zuul
2025-11-12 20:37:28 +00:00
committed by Gerrit Code Review
parent bf0a13114d 4b933df52a
commit 091b3ef569
4 changed files with 33 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
openstack_dashboard/dashboards/admin/networks/ports/tests.py
View File

@@ -216,7 +216,7 @@ class NetworkPortTests(test.BaseAdminViewTests):
self.assertRedirectsNoFollow(res, redir_url)
self.assert_mock_multiple_calls_with_same_arguments(
self.mock_network_get, 2,
self.mock_network_get, 3,
mock.call(test.IsHttpRequest(), network.id))
self.mock_security_group_list.assert_called_once_with(
test.IsHttpRequest(), tenant_id='1')
@@ -284,7 +284,7 @@ class NetworkPortTests(test.BaseAdminViewTests):
self.assertRedirectsNoFollow(res, redir_url)
self.assert_mock_multiple_calls_with_same_arguments(
self.mock_network_get, 2,
self.mock_network_get, 3,
mock.call(test.IsHttpRequest(), network.id))
self._check_is_extension_supported(
{'mac-learning': 1,
@@ -363,7 +363,7 @@ class NetworkPortTests(test.BaseAdminViewTests):
self.assertRedirectsNoFollow(res, redir_url)
self.assert_mock_multiple_calls_with_same_arguments(
self.mock_network_get, 2,
self.mock_network_get, 3,
mock.call(test.IsHttpRequest(), network.id))
self._check_is_extension_supported(
{'mac-learning': 1,

4
openstack_dashboard/dashboards/project/networks/ports/tests.py
View File

@@ -624,7 +624,7 @@ class NetworkPortTests(test.TestCase):
self.assertRedirectsNoFollow(res, redir_url)
self.assert_mock_multiple_calls_with_same_arguments(
self.mock_network_get, 2,
self.mock_network_get, 3,
mock.call(test.IsHttpRequest(), network.id))
self._check_is_extension_supported({'binding': 1,
'mac-learning': 1,
@@ -769,7 +769,7 @@ class NetworkPortTests(test.TestCase):
self.assertRedirectsNoFollow(res, redir_url)
self.assert_mock_multiple_calls_with_same_arguments(
self.mock_network_get, 2,
self.mock_network_get, 3,
mock.call(test.IsHttpRequest(), network.id))
self._check_is_extension_supported({'binding': 1,
'mac-learning': 1,

20
openstack_dashboard/dashboards/project/networks/ports/workflows.py
View File

@@ -24,6 +24,7 @@ from horizon import workflows
from openstack_dashboard import api
from openstack_dashboard.dashboards.project.networks.ports import sg_base
from openstack_dashboard import policy
from openstack_dashboard.utils import filters
from openstack_dashboard.utils import settings as setting_utils
@@ -248,6 +249,25 @@ class CreatePort(workflows.Workflow):
def handle(self, request, context):
try:
params = self._construct_parameters(context)
network_id = context['network_id']
try:
network = api.neutron.network_get(self.request, network_id)
except Exception:
network = None
if (
not policy.check(
(("network", "create_port:port_security_enabled"),),
request,
{
'network_id': context['network_id'],
'tenant_id': context['target_tenant_id'],
'network:tenant_id': getattr(
network, 'tenant_id', None
),
}
) and params.get('port_security_enabled', True)
):
params.pop('port_security_enabled')
port = api.neutron.port_create(request, **params)
self.context['port_id'] = port.id
return True

8
releasenotes/notes/donot-send-enable_port_security-when-disallowed-by-policy-aa3afc4ec7258fd4.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
features:
- |
Don't send enable_port_security when disallowed by policy. When a user
creates a network port, if they don't have the rights to change port
security, they will be unable to submit the form. The solution is to not
send any value for port security when the user doesn't have the rights
to change it.