From 4ff448b9990d74e2548b797463ea2cb34a5b8c6b Mon Sep 17 00:00:00 2001
From: kenji-ishii <ken-ishii@sx.jp.nec.com>
Date: Fri, 18 Dec 2015 22:56:28 +0900
Subject: [PATCH] Modify 'admin' used by fixed string

When we do "member update" on domain and project page,
'admin' role is used by fixed string in internal processing.
However, since kilo we can use OPENSTACK_KEYSTONE_ADMIN_ROLES
and it mean the list of roles that have administrator
privileges. So this patch modify to use this setting.

Change-Id: I3817b168e7ac448997f41c1a4f4b3a3606994297
Closes-Bug: #1527457
---
 .../dashboards/identity/domains/workflows.py  | 10 +++++---
 .../dashboards/identity/projects/tests.py     |  5 ++++
 .../dashboards/identity/projects/workflows.py |  6 +++--
 openstack_dashboard/test/settings.py          |  1 +
 openstack_dashboard/test/tests/utils.py       |  8 ++++++
 openstack_dashboard/utils/identity.py         | 25 +++++++++++++++++++
 6 files changed, 50 insertions(+), 5 deletions(-)
 create mode 100644 openstack_dashboard/utils/identity.py

diff --git a/openstack_dashboard/dashboards/identity/domains/workflows.py b/openstack_dashboard/dashboards/identity/domains/workflows.py
index e7acc05d46..f8a1bc4970 100644
--- a/openstack_dashboard/dashboards/identity/domains/workflows.py
+++ b/openstack_dashboard/dashboards/identity/domains/workflows.py
@@ -26,6 +26,7 @@ from horizon import workflows
 from openstack_dashboard import api
 
 from openstack_dashboard.dashboards.identity.domains import constants
+from openstack_dashboard.utils.identity import IdentityMixIn
 
 LOG = logging.getLogger(__name__)
 
@@ -294,7 +295,7 @@ class UpdateDomainInfo(workflows.Step):
                    "enabled")
 
 
-class UpdateDomain(workflows.Workflow):
+class UpdateDomain(workflows.Workflow, IdentityMixIn):
     slug = "update_domain"
     name = _("Edit Domain")
     finalize_button_name = _("Save")
@@ -352,8 +353,11 @@ class UpdateDomain(workflows.Workflow):
                 # domain_id == request.user.domain_id
                 is_current_domain = True
 
-                available_admin_role_ids = [role.id for role in available_roles
-                                            if role.name.lower() == 'admin']
+                _admin_roles = self.get_admin_roles()
+                available_admin_role_ids = [role.id for role in
+                                            available_roles
+                                            if role.name.lower() in
+                                            _admin_roles]
                 admin_role_ids = [role for role in current_role_ids
                                   if role in available_admin_role_ids]
                 if len(admin_role_ids):
diff --git a/openstack_dashboard/dashboards/identity/projects/tests.py b/openstack_dashboard/dashboards/identity/projects/tests.py
index f6d4f11154..2645827283 100644
--- a/openstack_dashboard/dashboards/identity/projects/tests.py
+++ b/openstack_dashboard/dashboards/identity/projects/tests.py
@@ -1778,3 +1778,8 @@ class SeleniumTests(test.SeleniumAdminTestCase):
 
         for user in users:
             self.assertIn(user.name, members.text)
+
+    def test_get_admin_roles(self):
+        mix_in = workflows.IdentityMixIn()
+        admin_roles = mix_in.get_admin_roles()
+        self.assertEqual(['foo', 'bar', 'admin'], admin_roles)
diff --git a/openstack_dashboard/dashboards/identity/projects/workflows.py b/openstack_dashboard/dashboards/identity/projects/workflows.py
index 34b461eb13..cce8bfb3eb 100644
--- a/openstack_dashboard/dashboards/identity/projects/workflows.py
+++ b/openstack_dashboard/dashboards/identity/projects/workflows.py
@@ -33,6 +33,7 @@ from openstack_dashboard.api import cinder
 from openstack_dashboard.api import keystone
 from openstack_dashboard.api import nova
 from openstack_dashboard.usage import quotas
+from openstack_dashboard.utils.identity import IdentityMixIn
 
 INDEX_URL = "horizon:identity:projects:index"
 ADD_USER_URL = "horizon:identity:projects:create_user"
@@ -572,7 +573,7 @@ class UpdateProjectInfo(workflows.Step):
                    "enabled")
 
 
-class UpdateProject(CommonQuotaWorkflow):
+class UpdateProject(CommonQuotaWorkflow, IdentityMixIn):
     slug = "update_project"
     name = _("Edit Project")
     finalize_button_name = _("Save")
@@ -662,8 +663,9 @@ class UpdateProject(CommonQuotaWorkflow):
                                      available_roles, current_role_ids):
         is_current_user = user_id == request.user.id
         is_current_project = project_id == request.user.tenant_id
+        _admin_roles = self.get_admin_roles()
         available_admin_role_ids = [role.id for role in available_roles
-                                    if role.name.lower() == 'admin']
+                                    if role.name.lower() in _admin_roles]
         admin_roles = [role for role in current_role_ids
                        if role in available_admin_role_ids]
         if len(admin_roles):
diff --git a/openstack_dashboard/test/settings.py b/openstack_dashboard/test/settings.py
index ceee269358..3ea5075685 100644
--- a/openstack_dashboard/test/settings.py
+++ b/openstack_dashboard/test/settings.py
@@ -231,3 +231,4 @@ REST_API_SETTING_2 = 'bar'
 REST_API_SECURITY = 'SECURITY'
 REST_API_REQUIRED_SETTINGS = ['REST_API_SETTING_1']
 REST_API_ADDITIONAL_SETTINGS = ['REST_API_SETTING_2']
+OPENSTACK_KEYSTONE_ADMIN_ROLES = ['foO', 'BAR', 'admin']
diff --git a/openstack_dashboard/test/tests/utils.py b/openstack_dashboard/test/tests/utils.py
index 5ab2cd6b60..f07f0986ff 100644
--- a/openstack_dashboard/test/tests/utils.py
+++ b/openstack_dashboard/test/tests/utils.py
@@ -18,6 +18,7 @@ import uuid
 
 from openstack_dashboard.test import helpers as test
 from openstack_dashboard.utils import filters
+from openstack_dashboard.utils import identity
 from openstack_dashboard.utils import metering
 
 
@@ -63,3 +64,10 @@ class UtilsMeteringTests(test.TestCase):
     def test_calc_date_args_invalid(self):
         self.assertRaises(
             ValueError, metering.calc_date_args, object, object, "other")
+
+
+class IdentityTests(test.BaseAdminViewTests):
+    def test_get_admin_roles(self):
+        mix_in = identity.IdentityMixIn()
+        admin_roles = mix_in.get_admin_roles()
+        self.assertEqual(['foo', 'bar', 'admin'], admin_roles)
diff --git a/openstack_dashboard/utils/identity.py b/openstack_dashboard/utils/identity.py
new file mode 100644
index 0000000000..654e3ff013
--- /dev/null
+++ b/openstack_dashboard/utils/identity.py
@@ -0,0 +1,25 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from django.conf import settings
+
+from horizon.utils.memoized import memoized  # noqa
+
+
+class IdentityMixIn(object):
+    @memoized
+    def get_admin_roles(self):
+        _admin_roles = [role.lower() for role in getattr(
+            settings,
+            'OPENSTACK_KEYSTONE_ADMIN_ROLES',
+            ['admin'])]
+        return _admin_roles