Merge "Remove an assignment from domain and project"
This commit is contained in:
commit
63a4d95ea2
|
@ -78,7 +78,14 @@ class Assignment(base.AssignmentDriverBase):
|
||||||
domain_id, project_id, inherited_to_projects):
|
domain_id, project_id, inherited_to_projects):
|
||||||
q = session.query(RoleAssignment)
|
q = session.query(RoleAssignment)
|
||||||
q = q.filter_by(actor_id=user_id or group_id)
|
q = q.filter_by(actor_id=user_id or group_id)
|
||||||
q = q.filter_by(target_id=project_id or domain_id)
|
if domain_id:
|
||||||
|
q = q.filter_by(target_id=domain_id).filter(
|
||||||
|
(RoleAssignment.type == AssignmentType.USER_DOMAIN) |
|
||||||
|
(RoleAssignment.type == AssignmentType.GROUP_DOMAIN))
|
||||||
|
else:
|
||||||
|
q = q.filter_by(target_id=project_id).filter(
|
||||||
|
(RoleAssignment.type == AssignmentType.USER_PROJECT) |
|
||||||
|
(RoleAssignment.type == AssignmentType.GROUP_PROJECT))
|
||||||
q = q.filter_by(role_id=role_id)
|
q = q.filter_by(role_id=role_id)
|
||||||
q = q.filter_by(inherited=inherited_to_projects)
|
q = q.filter_by(inherited=inherited_to_projects)
|
||||||
return q
|
return q
|
||||||
|
|
|
@ -24,7 +24,6 @@ from keystone import exception
|
||||||
from keystone.resource.backends import base as resource_base
|
from keystone.resource.backends import base as resource_base
|
||||||
from keystone.tests import unit
|
from keystone.tests import unit
|
||||||
from keystone.tests.unit import test_v3
|
from keystone.tests.unit import test_v3
|
||||||
from keystone.tests.unit import utils as test_utils
|
|
||||||
|
|
||||||
|
|
||||||
CONF = keystone.conf.CONF
|
CONF = keystone.conf.CONF
|
||||||
|
@ -1995,7 +1994,6 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
|
||||||
|
|
||||||
self._test_list_role_assignments_include_names(role)
|
self._test_list_role_assignments_include_names(role)
|
||||||
|
|
||||||
@test_utils.wip("Skipped until Bug 1754677 is resolved")
|
|
||||||
def test_remove_assignment_for_project_acting_as_domain(self):
|
def test_remove_assignment_for_project_acting_as_domain(self):
|
||||||
"""Test goal: remove assignment for project acting as domain.
|
"""Test goal: remove assignment for project acting as domain.
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- >
|
||||||
|
[`bug 1754677 <https://bugs.launchpad.net/keystone/+bug/1754677>`_]
|
||||||
|
When you setup a user with a role assignment on a domain and then a role
|
||||||
|
assignment on a project "acting as a domain", you can't actually remove them.
|
||||||
|
This fixes it by filtering the query by "type" i.e either a USER_DOMAIN or
|
||||||
|
a USER_PROJECT in role assignment table.
|
Loading…
Reference in New Issue