openstack/horizon
Code Issues Proposed changes

Don't send enable_port_security when disallowed by policy

Browse Source 
When a user creates a network port, if they don't have the rights
to change port security, they will be unable to submit the form.
The solution is to not send any value for port security when the
user doesn't have the rights to change it.

Change-Id: I70d15b71083c3934ed48f24765b42a62daf58cf8
Signed-off-by: Dong Ma <dong.ma@vexxhost.com>
This commit is contained in:
Dong Ma
2025-10-21 11:44:15 +00:00
parent 197ab19373
commit 4b933df52a
4 changed files with 33 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
openstack_dashboard/dashboards/admin/networks/ports/tests.py
View File

@@ -216,7 +216,7 @@ class NetworkPortTests(test.BaseAdminViewTests):
self.assertRedirectsNoFollow(res, redir_url)
self.assert_mock_multiple_calls_with_same_arguments(
self.mock_network_get, 2,
self.mock_network_get, 3,
mock.call(test.IsHttpRequest(), network.id))
self.mock_security_group_list.assert_called_once_with(
test.IsHttpRequest(), tenant_id='1')
@@ -284,7 +284,7 @@ class NetworkPortTests(test.BaseAdminViewTests):
self.assertRedirectsNoFollow(res, redir_url)
self.assert_mock_multiple_calls_with_same_arguments(
self.mock_network_get, 2,
self.mock_network_get, 3,
mock.call(test.IsHttpRequest(), network.id))
self._check_is_extension_supported(
{'mac-learning': 1,
@@ -363,7 +363,7 @@ class NetworkPortTests(test.BaseAdminViewTests):
self.assertRedirectsNoFollow(res, redir_url)
self.assert_mock_multiple_calls_with_same_arguments(
self.mock_network_get, 2,
self.mock_network_get, 3,
mock.call(test.IsHttpRequest(), network.id))
self._check_is_extension_supported(
{'mac-learning': 1,

4
openstack_dashboard/dashboards/project/networks/ports/tests.py
View File

@@ -624,7 +624,7 @@ class NetworkPortTests(test.TestCase):
self.assertRedirectsNoFollow(res, redir_url)
self.assert_mock_multiple_calls_with_same_arguments(
self.mock_network_get, 2,
self.mock_network_get, 3,
mock.call(test.IsHttpRequest(), network.id))
self._check_is_extension_supported({'binding': 1,
'mac-learning': 1,
@@ -769,7 +769,7 @@ class NetworkPortTests(test.TestCase):
self.assertRedirectsNoFollow(res, redir_url)
self.assert_mock_multiple_calls_with_same_arguments(
self.mock_network_get, 2,
self.mock_network_get, 3,
mock.call(test.IsHttpRequest(), network.id))
self._check_is_extension_supported({'binding': 1,
'mac-learning': 1,

20
openstack_dashboard/dashboards/project/networks/ports/workflows.py
View File

@@ -24,6 +24,7 @@ from horizon import workflows
from openstack_dashboard import api
from openstack_dashboard.dashboards.project.networks.ports import sg_base
from openstack_dashboard import policy
from openstack_dashboard.utils import filters
from openstack_dashboard.utils import settings as setting_utils
@@ -248,6 +249,25 @@ class CreatePort(workflows.Workflow):
def handle(self, request, context):
try:
params = self._construct_parameters(context)
network_id = context['network_id']
try:
network = api.neutron.network_get(self.request, network_id)
except Exception:
network = None
if (
not policy.check(
(("network", "create_port:port_security_enabled"),),
request,
{
'network_id': context['network_id'],
'tenant_id': context['target_tenant_id'],
'network:tenant_id': getattr(
network, 'tenant_id', None
),
}
) and params.get('port_security_enabled', True)
):
params.pop('port_security_enabled')
port = api.neutron.port_create(request, **params)
self.context['port_id'] = port.id
return True

8
releasenotes/notes/donot-send-enable_port_security-when-disallowed-by-policy-aa3afc4ec7258fd4.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
features:
- |
Don't send enable_port_security when disallowed by policy. When a user
creates a network port, if they don't have the rights to change port
security, they will be unable to submit the form. The solution is to not
send any value for port security when the user doesn't have the rights
to change it.