Browse Source

Don't load user role assignment or groups tabs for non-admins

As a non admin user, navigate to Identity -> Users. Then click on the
username of your user to go to the detail page.

Only the allowed Overview tab is visible.

The view shows three tabs: Overview, Role assignments, Groups. Click on
either Role assignments or Groups. An error will appear, showing that
the API call is unauthorised, and the table content will fail to load.

This change fixes the issue by conditionally loading the tabs based on
policy.

Closes-Bug: #1920214
Change-Id: Ic8b723e6fd423b96a4f5eff54f9392cee534ed9e
changes/71/781771/1
Mark Goddard 5 months ago
parent
commit
60cf320315
  1. 8
      openstack_dashboard/dashboards/identity/users/tabs.py

8
openstack_dashboard/dashboards/identity/users/tabs.py

@ -90,6 +90,10 @@ class RoleAssignmentsTab(tabs.TableTab):
template_name = "horizon/common/_detail_table.html"
preload = False
def allowed(self, request):
return policy.check((("identity", "identity:list_role_assignments"),),
self.request)
def get_roleassignmentstable_data(self):
user = self.tab_group.kwargs['user']
@ -136,6 +140,10 @@ class GroupsTab(tabs.TableTab):
template_name = "horizon/common/_detail_table.html"
preload = False
def allowed(self, request):
return policy.check((("identity", "identity:list_groups"),),
self.request)
def get_groupstable_data(self):
user_groups = []
user = self.tab_group.kwargs['user']

Loading…
Cancel
Save