horizon/openstack_dashboard/conf
David Lyle 6bfeee5baf Adding policy check in quota call
The default policy for server_list API in nova has changed. This
exposed a problem in the way Horizon was calling server_list when
reading quota values. The call was always made with
all_tenants=True, which is only something admin should be able to
do. Instead of ignoring the privilege problem in the API as in the
past, there is a pre-emptive policy check that makes the call fail.

The fix in Horizon is to only pass in all_tenants=True when the
user has the appropriate privilege level. nova_policy.json has been
updated with the appropriate default and the permission check has
been added.

Removing passing in all_tenants=True at all was contemplated, but
when setting quota values on projects in the identity dashboard,
the administrator level user needs to read quota values from a
project that they are not currently scoped to.

This fixes the error on the network topology screen that was the
motivation for the original bug report.

Closes-Bug: #1468551
Change-Id: I4255c57f81a13cac121596c99eea4ac629ed9ca7
2015-06-25 22:04:50 +00:00
..
ceilometer_policy.json Adding policy support for ceilometer 2015-02-06 17:00:27 -07:00
cinder_policy.json New admin volume panel to manage/unmanage volumes. 2015-02-03 17:28:51 -08:00
glance_policy.json Base Glance Metadata Definitions Admin UI 2014-12-17 16:10:53 -07:00
heat_policy.json Add "Preview Stack" action to Stacks table 2015-03-13 15:35:47 +03:00
keystone_policy.json Sync keystone policy file 2014-07-22 21:42:12 -07:00
neutron_policy.json Add HA mode support for Neutron router 2014-09-26 17:08:26 +09:00
nova_policy.json Adding policy check in quota call 2015-06-25 22:04:50 +00:00