Merge "Rework hardcoded policy in admin dash"
This commit is contained in:
commit
90f43f3356
|
@ -150,7 +150,10 @@ class HorizonComponent(object):
|
|||
# default in the policy engine, so calling each rule individually
|
||||
if policy_check and self.policy_rules:
|
||||
for rule in self.policy_rules:
|
||||
if policy_check((rule,), request):
|
||||
rule_param = rule
|
||||
if not any(isinstance(r, (list, tuple)) for r in rule):
|
||||
rule_param = list(rule)
|
||||
if policy_check(rule_param, request):
|
||||
return True
|
||||
return False
|
||||
|
||||
|
|
|
@ -24,6 +24,7 @@ LOG = logging.getLogger(__name__)
|
|||
class Aggregates(horizon.Panel):
|
||||
name = _("Host Aggregates")
|
||||
slug = 'aggregates'
|
||||
policy_rules = (("compute", "compute_extension:aggregates"),)
|
||||
permissions = ('openstack.services.compute',)
|
||||
|
||||
def allowed(self, context):
|
||||
|
|
|
@ -20,3 +20,5 @@ import horizon
|
|||
class Defaults(horizon.Panel):
|
||||
name = _("Defaults")
|
||||
slug = 'defaults'
|
||||
policy_rules = (("compute", "context_is_admin"),
|
||||
("volume", "context_is_admin"),)
|
||||
|
|
|
@ -25,3 +25,4 @@ class Flavors(horizon.Panel):
|
|||
name = _("Flavors")
|
||||
slug = 'flavors'
|
||||
permissions = ('openstack.services.compute',)
|
||||
policy_rules = (("compute", "context_is_admin"),)
|
||||
|
|
|
@ -23,6 +23,7 @@ class AdminFloatingIps(horizon.Panel):
|
|||
name = _("Floating IPs")
|
||||
slug = 'floating_ips'
|
||||
permissions = ('openstack.services.network', )
|
||||
policy_rules = (("network", "context_is_admin"),)
|
||||
|
||||
@staticmethod
|
||||
def can_register():
|
||||
|
|
|
@ -25,4 +25,5 @@ class Images(horizon.Panel):
|
|||
name = _("Images")
|
||||
slug = 'images'
|
||||
permissions = ('openstack.services.image',)
|
||||
policy_rules = (("image", "get_images"),)
|
||||
policy_rules = ((("image", "context_is_admin"),
|
||||
("image", "get_images")),)
|
||||
|
|
|
@ -24,3 +24,7 @@ import horizon
|
|||
class Info(horizon.Panel):
|
||||
name = _("System Information")
|
||||
slug = 'info'
|
||||
policy_rules = (("compute", "context_is_admin"),
|
||||
("volume", "context_is_admin"),
|
||||
("network", "context_is_admin"),
|
||||
("orchestation", "context_is_admin"),)
|
||||
|
|
|
@ -25,4 +25,5 @@ class Instances(horizon.Panel):
|
|||
name = _("Instances")
|
||||
slug = 'instances'
|
||||
permissions = ('openstack.services.compute',)
|
||||
policy_rules = (("compute", "compute:get_all"),)
|
||||
policy_rules = ((("compute", "context_is_admin"),
|
||||
("compute", "compute:get_all")),)
|
||||
|
|
|
@ -23,7 +23,8 @@ from openstack_dashboard.api import glance
|
|||
class MetadataDefinitions(horizon.Panel):
|
||||
name = _("Metadata Definitions")
|
||||
slug = 'metadata_defs'
|
||||
policy_rules = (("image", "get_metadef_namespaces"),)
|
||||
policy_rules = ((("image", "context_is_admin"),
|
||||
("image", "get_metadef_namespaces")),)
|
||||
permissions = ('openstack.services.image',)
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -21,3 +21,4 @@ class Networks(horizon.Panel):
|
|||
name = _("Networks")
|
||||
slug = 'networks'
|
||||
permissions = ('openstack.services.network',)
|
||||
policy_rules = (("network", "context_is_admin"),)
|
||||
|
|
|
@ -22,3 +22,4 @@ class NGFlavors(horizon.Panel):
|
|||
name = _("Flavors")
|
||||
slug = 'ngflavors'
|
||||
permissions = ('openstack.services.compute',)
|
||||
policy_rules = (("compute", "context_is_admin"),)
|
||||
|
|
|
@ -26,7 +26,8 @@ from openstack_dashboard.dashboards.admin import dashboard
|
|||
class Overview(horizon.Panel):
|
||||
name = _("Overview")
|
||||
slug = 'overview'
|
||||
policy_rules = (('identity', 'identity:list_projects'),)
|
||||
policy_rules = ((('identity', 'identity:list_projects'),
|
||||
('compute', 'context_is_admin')),)
|
||||
permissions = ('openstack.services.compute',)
|
||||
|
||||
|
||||
|
|
|
@ -22,6 +22,7 @@ class Routers(horizon.Panel):
|
|||
name = _("Routers")
|
||||
slug = 'routers'
|
||||
permissions = ('openstack.services.network',)
|
||||
policy_rules = (("network", "context_is_admin"),)
|
||||
|
||||
@staticmethod
|
||||
def can_register():
|
||||
|
|
|
@ -21,3 +21,4 @@ class Volumes(horizon.Panel):
|
|||
permissions = (
|
||||
('openstack.services.volume', 'openstack.services.volumev2'),
|
||||
)
|
||||
policy_rules = (("volume", "context_is_admin"),)
|
||||
|
|
Loading…
Reference in New Issue