Merge "Rework hardcoded policy in admin dash"

2016-12-05 18:09:37 +00:00 · 2016-12-05 18:09:37 +00:00 · 90f43f3356
parent 40e73533fb 43e9df85ab
commit 90f43f3356
14 changed files with 25 additions and 5 deletions
--- a/horizon/base.py
+++ b/horizon/base.py
@ -150,7 +150,10 @@ class HorizonComponent(object):
        # default in the policy engine, so calling each rule individually
        if policy_check and self.policy_rules:
            for rule in self.policy_rules:
-                if policy_check((rule,), request):
+                rule_param = rule
+                if not any(isinstance(r, (list, tuple)) for r in rule):
+                    rule_param = list(rule)
+                if policy_check(rule_param, request):
                    return True
            return False

--- a/openstack_dashboard/dashboards/admin/aggregates/panel.py
+++ b/openstack_dashboard/dashboards/admin/aggregates/panel.py
@ -24,6 +24,7 @@ LOG = logging.getLogger(__name__)
 class Aggregates(horizon.Panel):
    name = _("Host Aggregates")
    slug = 'aggregates'
+    policy_rules = (("compute", "compute_extension:aggregates"),)
    permissions = ('openstack.services.compute',)

    def allowed(self, context):
--- a/openstack_dashboard/dashboards/admin/defaults/panel.py
+++ b/openstack_dashboard/dashboards/admin/defaults/panel.py
@ -20,3 +20,5 @@ import horizon
 class Defaults(horizon.Panel):
    name = _("Defaults")
    slug = 'defaults'
+    policy_rules = (("compute", "context_is_admin"),
+                    ("volume", "context_is_admin"),)
--- a/openstack_dashboard/dashboards/admin/flavors/panel.py
+++ b/openstack_dashboard/dashboards/admin/flavors/panel.py
@ -25,3 +25,4 @@ class Flavors(horizon.Panel):
    name = _("Flavors")
    slug = 'flavors'
    permissions = ('openstack.services.compute',)
+    policy_rules = (("compute", "context_is_admin"),)
--- a/openstack_dashboard/dashboards/admin/floating_ips/panel.py
+++ b/openstack_dashboard/dashboards/admin/floating_ips/panel.py
@ -23,6 +23,7 @@ class AdminFloatingIps(horizon.Panel):
    name = _("Floating IPs")
    slug = 'floating_ips'
    permissions = ('openstack.services.network', )
+    policy_rules = (("network", "context_is_admin"),)

    @staticmethod
    def can_register():
--- a/openstack_dashboard/dashboards/admin/images/panel.py
+++ b/openstack_dashboard/dashboards/admin/images/panel.py
@ -25,4 +25,5 @@ class Images(horizon.Panel):
    name = _("Images")
    slug = 'images'
    permissions = ('openstack.services.image',)
-    policy_rules = (("image", "get_images"),)
+    policy_rules = ((("image", "context_is_admin"),
+                     ("image", "get_images")),)
--- a/openstack_dashboard/dashboards/admin/info/panel.py
+++ b/openstack_dashboard/dashboards/admin/info/panel.py
@ -24,3 +24,7 @@ import horizon
 class Info(horizon.Panel):
    name = _("System Information")
    slug = 'info'
+    policy_rules = (("compute", "context_is_admin"),
+                    ("volume", "context_is_admin"),
+                    ("network", "context_is_admin"),
+                    ("orchestation", "context_is_admin"),)
--- a/openstack_dashboard/dashboards/admin/instances/panel.py
+++ b/openstack_dashboard/dashboards/admin/instances/panel.py
@ -25,4 +25,5 @@ class Instances(horizon.Panel):
    name = _("Instances")
    slug = 'instances'
    permissions = ('openstack.services.compute',)
-    policy_rules = (("compute", "compute:get_all"),)
+    policy_rules = ((("compute", "context_is_admin"),
+                     ("compute", "compute:get_all")),)
--- a/openstack_dashboard/dashboards/admin/metadata_defs/panel.py
+++ b/openstack_dashboard/dashboards/admin/metadata_defs/panel.py
@ -23,7 +23,8 @@ from openstack_dashboard.api import glance
 class MetadataDefinitions(horizon.Panel):
    name = _("Metadata Definitions")
    slug = 'metadata_defs'
-    policy_rules = (("image", "get_metadef_namespaces"),)
+    policy_rules = ((("image", "context_is_admin"),
+                     ("image", "get_metadef_namespaces")),)
    permissions = ('openstack.services.image',)

    @staticmethod
--- a/openstack_dashboard/dashboards/admin/networks/panel.py
+++ b/openstack_dashboard/dashboards/admin/networks/panel.py
@ -21,3 +21,4 @@ class Networks(horizon.Panel):
    name = _("Networks")
    slug = 'networks'
    permissions = ('openstack.services.network',)
+    policy_rules = (("network", "context_is_admin"),)
--- a/openstack_dashboard/dashboards/admin/ngflavors/panel.py
+++ b/openstack_dashboard/dashboards/admin/ngflavors/panel.py
@ -22,3 +22,4 @@ class NGFlavors(horizon.Panel):
    name = _("Flavors")
    slug = 'ngflavors'
    permissions = ('openstack.services.compute',)
+    policy_rules = (("compute", "context_is_admin"),)
--- a/openstack_dashboard/dashboards/admin/overview/panel.py
+++ b/openstack_dashboard/dashboards/admin/overview/panel.py
@ -26,7 +26,8 @@ from openstack_dashboard.dashboards.admin import dashboard
 class Overview(horizon.Panel):
    name = _("Overview")
    slug = 'overview'
-    policy_rules = (('identity', 'identity:list_projects'),)
+    policy_rules = ((('identity', 'identity:list_projects'),
+                     ('compute', 'context_is_admin')),)
    permissions = ('openstack.services.compute',)


--- a/openstack_dashboard/dashboards/admin/routers/panel.py
+++ b/openstack_dashboard/dashboards/admin/routers/panel.py
@ -22,6 +22,7 @@ class Routers(horizon.Panel):
    name = _("Routers")
    slug = 'routers'
    permissions = ('openstack.services.network',)
+    policy_rules = (("network", "context_is_admin"),)

    @staticmethod
    def can_register():
--- a/openstack_dashboard/dashboards/admin/volumes/panel.py
+++ b/openstack_dashboard/dashboards/admin/volumes/panel.py
@ -21,3 +21,4 @@ class Volumes(horizon.Panel):
    permissions = (
        ('openstack.services.volume', 'openstack.services.volumev2'),
    )
+    policy_rules = (("volume", "context_is_admin"),)