Modify 'admin' used by fixed string
When we do "member update" on domain and project page, 'admin' role is used by fixed string in internal processing. However, since kilo we can use OPENSTACK_KEYSTONE_ADMIN_ROLES and it mean the list of roles that have administrator privileges. So this patch modify to use this setting. Change-Id: I3817b168e7ac448997f41c1a4f4b3a3606994297 Closes-Bug: #1527457
This commit is contained in:
parent
871505c130
commit
4ff448b999
@ -26,6 +26,7 @@ from horizon import workflows
|
|||||||
from openstack_dashboard import api
|
from openstack_dashboard import api
|
||||||
|
|
||||||
from openstack_dashboard.dashboards.identity.domains import constants
|
from openstack_dashboard.dashboards.identity.domains import constants
|
||||||
|
from openstack_dashboard.utils.identity import IdentityMixIn
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
@ -294,7 +295,7 @@ class UpdateDomainInfo(workflows.Step):
|
|||||||
"enabled")
|
"enabled")
|
||||||
|
|
||||||
|
|
||||||
class UpdateDomain(workflows.Workflow):
|
class UpdateDomain(workflows.Workflow, IdentityMixIn):
|
||||||
slug = "update_domain"
|
slug = "update_domain"
|
||||||
name = _("Edit Domain")
|
name = _("Edit Domain")
|
||||||
finalize_button_name = _("Save")
|
finalize_button_name = _("Save")
|
||||||
@ -352,8 +353,11 @@ class UpdateDomain(workflows.Workflow):
|
|||||||
# domain_id == request.user.domain_id
|
# domain_id == request.user.domain_id
|
||||||
is_current_domain = True
|
is_current_domain = True
|
||||||
|
|
||||||
available_admin_role_ids = [role.id for role in available_roles
|
_admin_roles = self.get_admin_roles()
|
||||||
if role.name.lower() == 'admin']
|
available_admin_role_ids = [role.id for role in
|
||||||
|
available_roles
|
||||||
|
if role.name.lower() in
|
||||||
|
_admin_roles]
|
||||||
admin_role_ids = [role for role in current_role_ids
|
admin_role_ids = [role for role in current_role_ids
|
||||||
if role in available_admin_role_ids]
|
if role in available_admin_role_ids]
|
||||||
if len(admin_role_ids):
|
if len(admin_role_ids):
|
||||||
|
@ -1778,3 +1778,8 @@ class SeleniumTests(test.SeleniumAdminTestCase):
|
|||||||
|
|
||||||
for user in users:
|
for user in users:
|
||||||
self.assertIn(user.name, members.text)
|
self.assertIn(user.name, members.text)
|
||||||
|
|
||||||
|
def test_get_admin_roles(self):
|
||||||
|
mix_in = workflows.IdentityMixIn()
|
||||||
|
admin_roles = mix_in.get_admin_roles()
|
||||||
|
self.assertEqual(['foo', 'bar', 'admin'], admin_roles)
|
||||||
|
@ -33,6 +33,7 @@ from openstack_dashboard.api import cinder
|
|||||||
from openstack_dashboard.api import keystone
|
from openstack_dashboard.api import keystone
|
||||||
from openstack_dashboard.api import nova
|
from openstack_dashboard.api import nova
|
||||||
from openstack_dashboard.usage import quotas
|
from openstack_dashboard.usage import quotas
|
||||||
|
from openstack_dashboard.utils.identity import IdentityMixIn
|
||||||
|
|
||||||
INDEX_URL = "horizon:identity:projects:index"
|
INDEX_URL = "horizon:identity:projects:index"
|
||||||
ADD_USER_URL = "horizon:identity:projects:create_user"
|
ADD_USER_URL = "horizon:identity:projects:create_user"
|
||||||
@ -572,7 +573,7 @@ class UpdateProjectInfo(workflows.Step):
|
|||||||
"enabled")
|
"enabled")
|
||||||
|
|
||||||
|
|
||||||
class UpdateProject(CommonQuotaWorkflow):
|
class UpdateProject(CommonQuotaWorkflow, IdentityMixIn):
|
||||||
slug = "update_project"
|
slug = "update_project"
|
||||||
name = _("Edit Project")
|
name = _("Edit Project")
|
||||||
finalize_button_name = _("Save")
|
finalize_button_name = _("Save")
|
||||||
@ -662,8 +663,9 @@ class UpdateProject(CommonQuotaWorkflow):
|
|||||||
available_roles, current_role_ids):
|
available_roles, current_role_ids):
|
||||||
is_current_user = user_id == request.user.id
|
is_current_user = user_id == request.user.id
|
||||||
is_current_project = project_id == request.user.tenant_id
|
is_current_project = project_id == request.user.tenant_id
|
||||||
|
_admin_roles = self.get_admin_roles()
|
||||||
available_admin_role_ids = [role.id for role in available_roles
|
available_admin_role_ids = [role.id for role in available_roles
|
||||||
if role.name.lower() == 'admin']
|
if role.name.lower() in _admin_roles]
|
||||||
admin_roles = [role for role in current_role_ids
|
admin_roles = [role for role in current_role_ids
|
||||||
if role in available_admin_role_ids]
|
if role in available_admin_role_ids]
|
||||||
if len(admin_roles):
|
if len(admin_roles):
|
||||||
|
@ -231,3 +231,4 @@ REST_API_SETTING_2 = 'bar'
|
|||||||
REST_API_SECURITY = 'SECURITY'
|
REST_API_SECURITY = 'SECURITY'
|
||||||
REST_API_REQUIRED_SETTINGS = ['REST_API_SETTING_1']
|
REST_API_REQUIRED_SETTINGS = ['REST_API_SETTING_1']
|
||||||
REST_API_ADDITIONAL_SETTINGS = ['REST_API_SETTING_2']
|
REST_API_ADDITIONAL_SETTINGS = ['REST_API_SETTING_2']
|
||||||
|
OPENSTACK_KEYSTONE_ADMIN_ROLES = ['foO', 'BAR', 'admin']
|
||||||
|
@ -18,6 +18,7 @@ import uuid
|
|||||||
|
|
||||||
from openstack_dashboard.test import helpers as test
|
from openstack_dashboard.test import helpers as test
|
||||||
from openstack_dashboard.utils import filters
|
from openstack_dashboard.utils import filters
|
||||||
|
from openstack_dashboard.utils import identity
|
||||||
from openstack_dashboard.utils import metering
|
from openstack_dashboard.utils import metering
|
||||||
|
|
||||||
|
|
||||||
@ -63,3 +64,10 @@ class UtilsMeteringTests(test.TestCase):
|
|||||||
def test_calc_date_args_invalid(self):
|
def test_calc_date_args_invalid(self):
|
||||||
self.assertRaises(
|
self.assertRaises(
|
||||||
ValueError, metering.calc_date_args, object, object, "other")
|
ValueError, metering.calc_date_args, object, object, "other")
|
||||||
|
|
||||||
|
|
||||||
|
class IdentityTests(test.BaseAdminViewTests):
|
||||||
|
def test_get_admin_roles(self):
|
||||||
|
mix_in = identity.IdentityMixIn()
|
||||||
|
admin_roles = mix_in.get_admin_roles()
|
||||||
|
self.assertEqual(['foo', 'bar', 'admin'], admin_roles)
|
||||||
|
25
openstack_dashboard/utils/identity.py
Normal file
25
openstack_dashboard/utils/identity.py
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from django.conf import settings
|
||||||
|
|
||||||
|
from horizon.utils.memoized import memoized # noqa
|
||||||
|
|
||||||
|
|
||||||
|
class IdentityMixIn(object):
|
||||||
|
@memoized
|
||||||
|
def get_admin_roles(self):
|
||||||
|
_admin_roles = [role.lower() for role in getattr(
|
||||||
|
settings,
|
||||||
|
'OPENSTACK_KEYSTONE_ADMIN_ROLES',
|
||||||
|
['admin'])]
|
||||||
|
return _admin_roles
|
Loading…
Reference in New Issue
Block a user