Fix unauthorized exception in users panel
If a member role user login and use admin to get keystoneclient, but he is not a super user, then a notAuthorized exceptions will be raised, it seems to be unreasonable. The following actions will throw unauthorized exception. Go to Users panel, Click user name , Click Change Password, Submit Change Password form. Change-Id: I4f6486b92f023ad0daecfff51e3a1ed16b0e78c0 Closes-Bug: #1684475
This commit is contained in:
parent
eed14eefb7
commit
5d8c8fb85b
@ -314,7 +314,7 @@ class ChangePasswordForm(PasswordMixin, forms.SelfHandlingForm):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
response = api.keystone.user_update_password(
|
response = api.keystone.user_update_password(
|
||||||
request, user_id, password)
|
request, user_id, password, admin=False)
|
||||||
if user_id == request.user.id:
|
if user_id == request.user.id:
|
||||||
return utils.logout_with_message(
|
return utils.logout_with_message(
|
||||||
request,
|
request,
|
||||||
|
@ -564,10 +564,11 @@ class UsersViewTests(test.BaseAdminViewTests):
|
|||||||
test_password = 'normalpwd'
|
test_password = 'normalpwd'
|
||||||
|
|
||||||
api.keystone.user_get(IsA(http.HttpRequest), '1',
|
api.keystone.user_get(IsA(http.HttpRequest), '1',
|
||||||
admin=True).AndReturn(user)
|
admin=False).AndReturn(user)
|
||||||
api.keystone.user_update_password(IsA(http.HttpRequest),
|
api.keystone.user_update_password(IsA(http.HttpRequest),
|
||||||
user.id,
|
user.id,
|
||||||
test_password).AndReturn(None)
|
test_password,
|
||||||
|
admin=False).AndReturn(None)
|
||||||
|
|
||||||
self.mox.ReplayAll()
|
self.mox.ReplayAll()
|
||||||
|
|
||||||
@ -590,7 +591,7 @@ class UsersViewTests(test.BaseAdminViewTests):
|
|||||||
admin_password = 'secret'
|
admin_password = 'secret'
|
||||||
|
|
||||||
api.keystone.user_get(IsA(http.HttpRequest), '1',
|
api.keystone.user_get(IsA(http.HttpRequest), '1',
|
||||||
admin=True).AndReturn(user)
|
admin=False).AndReturn(user)
|
||||||
api.keystone.user_verify_admin_password(
|
api.keystone.user_verify_admin_password(
|
||||||
IsA(http.HttpRequest), admin_password).AndReturn(None)
|
IsA(http.HttpRequest), admin_password).AndReturn(None)
|
||||||
|
|
||||||
@ -613,7 +614,7 @@ class UsersViewTests(test.BaseAdminViewTests):
|
|||||||
user = self.users.get(id="1")
|
user = self.users.get(id="1")
|
||||||
|
|
||||||
api.keystone.user_get(IsA(http.HttpRequest), '1',
|
api.keystone.user_get(IsA(http.HttpRequest), '1',
|
||||||
admin=True).AndReturn(user)
|
admin=False).AndReturn(user)
|
||||||
|
|
||||||
self.mox.ReplayAll()
|
self.mox.ReplayAll()
|
||||||
|
|
||||||
@ -634,7 +635,7 @@ class UsersViewTests(test.BaseAdminViewTests):
|
|||||||
user = self.users.get(id="1")
|
user = self.users.get(id="1")
|
||||||
|
|
||||||
api.keystone.user_get(IsA(http.HttpRequest), '1',
|
api.keystone.user_get(IsA(http.HttpRequest), '1',
|
||||||
admin=True).AndReturn(user)
|
admin=False).AndReturn(user)
|
||||||
|
|
||||||
self.mox.ReplayAll()
|
self.mox.ReplayAll()
|
||||||
|
|
||||||
@ -862,7 +863,8 @@ class UsersViewTests(test.BaseAdminViewTests):
|
|||||||
tenant = self.tenants.get(id=user.project_id)
|
tenant = self.tenants.get(id=user.project_id)
|
||||||
|
|
||||||
api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
|
api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
|
||||||
api.keystone.user_get(IsA(http.HttpRequest), '1').AndReturn(user)
|
api.keystone.user_get(IsA(http.HttpRequest), '1', admin=False) \
|
||||||
|
.AndReturn(user)
|
||||||
api.keystone.tenant_get(IsA(http.HttpRequest), user.project_id) \
|
api.keystone.tenant_get(IsA(http.HttpRequest), user.project_id) \
|
||||||
.AndReturn(tenant)
|
.AndReturn(tenant)
|
||||||
self.mox.ReplayAll()
|
self.mox.ReplayAll()
|
||||||
|
@ -82,7 +82,8 @@ class IndexView(tables.DataTableView):
|
|||||||
self.request):
|
self.request):
|
||||||
try:
|
try:
|
||||||
user = api.keystone.user_get(self.request,
|
user = api.keystone.user_get(self.request,
|
||||||
self.request.user.id)
|
self.request.user.id,
|
||||||
|
admin=False)
|
||||||
users.append(user)
|
users.append(user)
|
||||||
except Exception:
|
except Exception:
|
||||||
exceptions.handle(self.request,
|
exceptions.handle(self.request,
|
||||||
@ -249,7 +250,7 @@ class DetailView(views.HorizonTemplateView):
|
|||||||
def get_data(self):
|
def get_data(self):
|
||||||
try:
|
try:
|
||||||
user_id = self.kwargs['user_id']
|
user_id = self.kwargs['user_id']
|
||||||
user = api.keystone.user_get(self.request, user_id)
|
user = api.keystone.user_get(self.request, user_id, admin=False)
|
||||||
except Exception:
|
except Exception:
|
||||||
redirect = self.get_redirect_url()
|
redirect = self.get_redirect_url()
|
||||||
exceptions.handle(self.request,
|
exceptions.handle(self.request,
|
||||||
@ -279,7 +280,7 @@ class ChangePasswordView(forms.ModalFormView):
|
|||||||
def get_object(self):
|
def get_object(self):
|
||||||
try:
|
try:
|
||||||
return api.keystone.user_get(self.request, self.kwargs['user_id'],
|
return api.keystone.user_get(self.request, self.kwargs['user_id'],
|
||||||
admin=True)
|
admin=False)
|
||||||
except Exception:
|
except Exception:
|
||||||
redirect = reverse("horizon:identity:users:index")
|
redirect = reverse("horizon:identity:users:index")
|
||||||
exceptions.handle(self.request,
|
exceptions.handle(self.request,
|
||||||
|
Loading…
Reference in New Issue
Block a user