diff --git a/openstack_dashboard/dashboards/identity/domains/workflows.py b/openstack_dashboard/dashboards/identity/domains/workflows.py index e7acc05d46..f8a1bc4970 100644 --- a/openstack_dashboard/dashboards/identity/domains/workflows.py +++ b/openstack_dashboard/dashboards/identity/domains/workflows.py @@ -26,6 +26,7 @@ from horizon import workflows from openstack_dashboard import api from openstack_dashboard.dashboards.identity.domains import constants +from openstack_dashboard.utils.identity import IdentityMixIn LOG = logging.getLogger(__name__) @@ -294,7 +295,7 @@ class UpdateDomainInfo(workflows.Step): "enabled") -class UpdateDomain(workflows.Workflow): +class UpdateDomain(workflows.Workflow, IdentityMixIn): slug = "update_domain" name = _("Edit Domain") finalize_button_name = _("Save") @@ -352,8 +353,11 @@ class UpdateDomain(workflows.Workflow): # domain_id == request.user.domain_id is_current_domain = True - available_admin_role_ids = [role.id for role in available_roles - if role.name.lower() == 'admin'] + _admin_roles = self.get_admin_roles() + available_admin_role_ids = [role.id for role in + available_roles + if role.name.lower() in + _admin_roles] admin_role_ids = [role for role in current_role_ids if role in available_admin_role_ids] if len(admin_role_ids): diff --git a/openstack_dashboard/dashboards/identity/projects/tests.py b/openstack_dashboard/dashboards/identity/projects/tests.py index f6d4f11154..2645827283 100644 --- a/openstack_dashboard/dashboards/identity/projects/tests.py +++ b/openstack_dashboard/dashboards/identity/projects/tests.py @@ -1778,3 +1778,8 @@ class SeleniumTests(test.SeleniumAdminTestCase): for user in users: self.assertIn(user.name, members.text) + + def test_get_admin_roles(self): + mix_in = workflows.IdentityMixIn() + admin_roles = mix_in.get_admin_roles() + self.assertEqual(['foo', 'bar', 'admin'], admin_roles) diff --git a/openstack_dashboard/dashboards/identity/projects/workflows.py b/openstack_dashboard/dashboards/identity/projects/workflows.py index 34b461eb13..cce8bfb3eb 100644 --- a/openstack_dashboard/dashboards/identity/projects/workflows.py +++ b/openstack_dashboard/dashboards/identity/projects/workflows.py @@ -33,6 +33,7 @@ from openstack_dashboard.api import cinder from openstack_dashboard.api import keystone from openstack_dashboard.api import nova from openstack_dashboard.usage import quotas +from openstack_dashboard.utils.identity import IdentityMixIn INDEX_URL = "horizon:identity:projects:index" ADD_USER_URL = "horizon:identity:projects:create_user" @@ -572,7 +573,7 @@ class UpdateProjectInfo(workflows.Step): "enabled") -class UpdateProject(CommonQuotaWorkflow): +class UpdateProject(CommonQuotaWorkflow, IdentityMixIn): slug = "update_project" name = _("Edit Project") finalize_button_name = _("Save") @@ -662,8 +663,9 @@ class UpdateProject(CommonQuotaWorkflow): available_roles, current_role_ids): is_current_user = user_id == request.user.id is_current_project = project_id == request.user.tenant_id + _admin_roles = self.get_admin_roles() available_admin_role_ids = [role.id for role in available_roles - if role.name.lower() == 'admin'] + if role.name.lower() in _admin_roles] admin_roles = [role for role in current_role_ids if role in available_admin_role_ids] if len(admin_roles): diff --git a/openstack_dashboard/test/settings.py b/openstack_dashboard/test/settings.py index ceee269358..3ea5075685 100644 --- a/openstack_dashboard/test/settings.py +++ b/openstack_dashboard/test/settings.py @@ -231,3 +231,4 @@ REST_API_SETTING_2 = 'bar' REST_API_SECURITY = 'SECURITY' REST_API_REQUIRED_SETTINGS = ['REST_API_SETTING_1'] REST_API_ADDITIONAL_SETTINGS = ['REST_API_SETTING_2'] +OPENSTACK_KEYSTONE_ADMIN_ROLES = ['foO', 'BAR', 'admin'] diff --git a/openstack_dashboard/test/tests/utils.py b/openstack_dashboard/test/tests/utils.py index 5ab2cd6b60..f07f0986ff 100644 --- a/openstack_dashboard/test/tests/utils.py +++ b/openstack_dashboard/test/tests/utils.py @@ -18,6 +18,7 @@ import uuid from openstack_dashboard.test import helpers as test from openstack_dashboard.utils import filters +from openstack_dashboard.utils import identity from openstack_dashboard.utils import metering @@ -63,3 +64,10 @@ class UtilsMeteringTests(test.TestCase): def test_calc_date_args_invalid(self): self.assertRaises( ValueError, metering.calc_date_args, object, object, "other") + + +class IdentityTests(test.BaseAdminViewTests): + def test_get_admin_roles(self): + mix_in = identity.IdentityMixIn() + admin_roles = mix_in.get_admin_roles() + self.assertEqual(['foo', 'bar', 'admin'], admin_roles) diff --git a/openstack_dashboard/utils/identity.py b/openstack_dashboard/utils/identity.py new file mode 100644 index 0000000000..654e3ff013 --- /dev/null +++ b/openstack_dashboard/utils/identity.py @@ -0,0 +1,25 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from django.conf import settings + +from horizon.utils.memoized import memoized # noqa + + +class IdentityMixIn(object): + @memoized + def get_admin_roles(self): + _admin_roles = [role.lower() for role in getattr( + settings, + 'OPENSTACK_KEYSTONE_ADMIN_ROLES', + ['admin'])] + return _admin_roles