Merge "Remove an assignment from domain and project"
This commit is contained in:
commit
63a4d95ea2
|
@ -78,7 +78,14 @@ class Assignment(base.AssignmentDriverBase):
|
|||
domain_id, project_id, inherited_to_projects):
|
||||
q = session.query(RoleAssignment)
|
||||
q = q.filter_by(actor_id=user_id or group_id)
|
||||
q = q.filter_by(target_id=project_id or domain_id)
|
||||
if domain_id:
|
||||
q = q.filter_by(target_id=domain_id).filter(
|
||||
(RoleAssignment.type == AssignmentType.USER_DOMAIN) |
|
||||
(RoleAssignment.type == AssignmentType.GROUP_DOMAIN))
|
||||
else:
|
||||
q = q.filter_by(target_id=project_id).filter(
|
||||
(RoleAssignment.type == AssignmentType.USER_PROJECT) |
|
||||
(RoleAssignment.type == AssignmentType.GROUP_PROJECT))
|
||||
q = q.filter_by(role_id=role_id)
|
||||
q = q.filter_by(inherited=inherited_to_projects)
|
||||
return q
|
||||
|
|
|
@ -24,7 +24,6 @@ from keystone import exception
|
|||
from keystone.resource.backends import base as resource_base
|
||||
from keystone.tests import unit
|
||||
from keystone.tests.unit import test_v3
|
||||
from keystone.tests.unit import utils as test_utils
|
||||
|
||||
|
||||
CONF = keystone.conf.CONF
|
||||
|
@ -1995,7 +1994,6 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
|
|||
|
||||
self._test_list_role_assignments_include_names(role)
|
||||
|
||||
@test_utils.wip("Skipped until Bug 1754677 is resolved")
|
||||
def test_remove_assignment_for_project_acting_as_domain(self):
|
||||
"""Test goal: remove assignment for project acting as domain.
|
||||
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
fixes:
|
||||
- >
|
||||
[`bug 1754677 <https://bugs.launchpad.net/keystone/+bug/1754677>`_]
|
||||
When you setup a user with a role assignment on a domain and then a role
|
||||
assignment on a project "acting as a domain", you can't actually remove them.
|
||||
This fixes it by filtering the query by "type" i.e either a USER_DOMAIN or
|
||||
a USER_PROJECT in role assignment table.
|
Loading…
Reference in New Issue