Shifting Role Mapping to conf
* Moved to conf, and added to test settings. * Also added same rank management to each role list based on what we want the current permission model to be. Change-Id: I7f8c2f8e7b4898d8a62776629eb6c437d7c9a155
This commit is contained in:
parent
1526427f20
commit
64642435f4
|
@ -155,3 +155,20 @@ ACTION_SETTINGS:
|
|||
- 193.168.1.2
|
||||
- 193.168.1.3
|
||||
SUBNET_CIDR: 192.168.1.0/24
|
||||
|
||||
# mapping between roles and managable roles
|
||||
ROLES_MAPPING:
|
||||
admin:
|
||||
- project_owner
|
||||
- project_mod
|
||||
- heat_stack_owner
|
||||
- _member_
|
||||
project_owner:
|
||||
- project_owner
|
||||
- project_mod
|
||||
- heat_stack_owner
|
||||
- _member_
|
||||
project_mod:
|
||||
- project_mod
|
||||
- heat_stack_owner
|
||||
- _member_
|
||||
|
|
|
@ -16,6 +16,7 @@ from openstack_clients import get_keystoneclient
|
|||
from keystoneclient.openstack.common.apiclient import (
|
||||
exceptions as ks_exceptions
|
||||
)
|
||||
from django.conf import settings
|
||||
|
||||
|
||||
def get_managable_roles(user_roles):
|
||||
|
@ -23,20 +24,7 @@ def get_managable_roles(user_roles):
|
|||
Given a list of user role names, returns a list of names
|
||||
that the user is allowed to manage.
|
||||
"""
|
||||
# hardcoded mapping between roles and managable roles
|
||||
# Todo: relocate to settings file.
|
||||
manage_mapping = {
|
||||
'admin': [
|
||||
'project_owner', 'project_mod', 'Member', 'heat_stack_owner',
|
||||
'_member_'
|
||||
],
|
||||
'project_owner': [
|
||||
'project_mod', 'Member', 'heat_stack_owner', '_member_'
|
||||
],
|
||||
'project_mod': [
|
||||
'Member', 'heat_stack_owner', '_member_'
|
||||
],
|
||||
}
|
||||
manage_mapping = settings.ROLES_MAPPING
|
||||
# merge mapping lists to form a flat permitted roles list
|
||||
managable_role_names = [mrole for role_name in user_roles
|
||||
if role_name in manage_mapping
|
||||
|
|
|
@ -152,6 +152,8 @@ TASK_SETTINGS = CONFIG['TASK_SETTINGS']
|
|||
|
||||
ACTION_SETTINGS = CONFIG['ACTION_SETTINGS']
|
||||
|
||||
ROLES_MAPPING = CONFIG['ROLES_MAPPING']
|
||||
|
||||
# Dict of actions and their serializers.
|
||||
# - This is populated from the various model modules at startup:
|
||||
ACTION_CLASSES = {}
|
||||
|
|
|
@ -154,6 +154,19 @@ ACTION_SETTINGS = {
|
|||
}
|
||||
}
|
||||
|
||||
ROLES_MAPPING = {
|
||||
'admin': [
|
||||
'project_owner', 'project_mod', 'Member', 'heat_stack_owner',
|
||||
'_member_'
|
||||
],
|
||||
'project_owner': [
|
||||
'project_mod', 'Member', 'heat_stack_owner', '_member_'
|
||||
],
|
||||
'project_mod': [
|
||||
'Member', 'heat_stack_owner', '_member_'
|
||||
],
|
||||
}
|
||||
|
||||
conf_dict = {
|
||||
"SECRET_KEY": SECRET_KEY,
|
||||
"ADDITIONAL_APPS": ADDITIONAL_APPS,
|
||||
|
@ -166,5 +179,6 @@ conf_dict = {
|
|||
"TASK_SETTINGS": TASK_SETTINGS,
|
||||
"ACTION_SETTINGS": ACTION_SETTINGS,
|
||||
"TOKEN_SUBMISSION_URL": TOKEN_SUBMISSION_URL,
|
||||
"TOKEN_EXPIRE_TIME": TOKEN_EXPIRE_TIME
|
||||
"TOKEN_EXPIRE_TIME": TOKEN_EXPIRE_TIME,
|
||||
"ROLES_MAPPING": ROLES_MAPPING
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue