Don't load user role assignment or groups tabs for non-admins

As a non admin user, navigate to Identity -> Users. Then click on the
username of your user to go to the detail page.

Only the allowed Overview tab is visible.

The view shows three tabs: Overview, Role assignments, Groups. Click on
either Role assignments or Groups. An error will appear, showing that
the API call is unauthorised, and the table content will fail to load.

This change fixes the issue by conditionally loading the tabs based on
policy.

Closes-Bug: #1920214
Change-Id: Ic8b723e6fd423b96a4f5eff54f9392cee534ed9e
This commit is contained in:
Mark Goddard 2021-03-19 15:05:31 +00:00
parent 7db8cd46ad
commit 60cf320315
1 changed files with 8 additions and 0 deletions

View File

@ -90,6 +90,10 @@ class RoleAssignmentsTab(tabs.TableTab):
template_name = "horizon/common/_detail_table.html"
preload = False
def allowed(self, request):
return policy.check((("identity", "identity:list_role_assignments"),),
self.request)
def get_roleassignmentstable_data(self):
user = self.tab_group.kwargs['user']
@ -136,6 +140,10 @@ class GroupsTab(tabs.TableTab):
template_name = "horizon/common/_detail_table.html"
preload = False
def allowed(self, request):
return policy.check((("identity", "identity:list_groups"),),
self.request)
def get_groupstable_data(self):
user_groups = []
user = self.tab_group.kwargs['user']