openstack
/
horizon
Code Issues Proposed changes

Fix unauthorized exception in users panel 

If a member role user login and use admin to get keystoneclient,
but he is not a super user, then a notAuthorized exceptions will be raised,
it seems to be unreasonable.

The following actions will throw unauthorized exception.

Go to Users panel, Click user name , Click Change Password,
Submit Change Password form.

Change-Id: I4f6486b92f023ad0daecfff51e3a1ed16b0e78c0
Closes-Bug: #1684475
This commit is contained in:
wei.ying 2017-04-20 16:07:37 +08:00
parent eed14eefb7
commit 5d8c8fb85b
3 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openstack_dashboard/dashboards/identity/users/forms.py
View File

@ -314,7 +314,7 @@ class ChangePasswordForm(PasswordMixin, forms.SelfHandlingForm):
try:
response = api.keystone.user_update_password(
request, user_id, password)
request, user_id, password, admin=False)
if user_id == request.user.id:
return utils.logout_with_message(
request,

14
openstack_dashboard/dashboards/identity/users/tests.py
View File

@ -564,10 +564,11 @@ class UsersViewTests(test.BaseAdminViewTests):
test_password = 'normalpwd'
api.keystone.user_get(IsA(http.HttpRequest), '1',
admin=True).AndReturn(user)
admin=False).AndReturn(user)
api.keystone.user_update_password(IsA(http.HttpRequest),
user.id,
test_password).AndReturn(None)
test_password,
admin=False).AndReturn(None)
self.mox.ReplayAll()
@ -590,7 +591,7 @@ class UsersViewTests(test.BaseAdminViewTests):
admin_password = 'secret'
api.keystone.user_get(IsA(http.HttpRequest), '1',
admin=True).AndReturn(user)
admin=False).AndReturn(user)
api.keystone.user_verify_admin_password(
IsA(http.HttpRequest), admin_password).AndReturn(None)
@ -613,7 +614,7 @@ class UsersViewTests(test.BaseAdminViewTests):
user = self.users.get(id="1")
api.keystone.user_get(IsA(http.HttpRequest), '1',
admin=True).AndReturn(user)
admin=False).AndReturn(user)
self.mox.ReplayAll()
@ -634,7 +635,7 @@ class UsersViewTests(test.BaseAdminViewTests):
user = self.users.get(id="1")
api.keystone.user_get(IsA(http.HttpRequest), '1',
admin=True).AndReturn(user)
admin=False).AndReturn(user)
self.mox.ReplayAll()
@ -862,7 +863,8 @@ class UsersViewTests(test.BaseAdminViewTests):
tenant = self.tenants.get(id=user.project_id)
api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain)
api.keystone.user_get(IsA(http.HttpRequest), '1').AndReturn(user)
api.keystone.user_get(IsA(http.HttpRequest), '1', admin=False) \
.AndReturn(user)
api.keystone.tenant_get(IsA(http.HttpRequest), user.project_id) \
.AndReturn(tenant)
self.mox.ReplayAll()

7
openstack_dashboard/dashboards/identity/users/views.py
View File

@ -82,7 +82,8 @@ class IndexView(tables.DataTableView):
self.request):
try:
user = api.keystone.user_get(self.request,
self.request.user.id)
self.request.user.id,
admin=False)
users.append(user)
except Exception:
exceptions.handle(self.request,
@ -249,7 +250,7 @@ class DetailView(views.HorizonTemplateView):
def get_data(self):
try:
user_id = self.kwargs['user_id']
user = api.keystone.user_get(self.request, user_id)
user = api.keystone.user_get(self.request, user_id, admin=False)
except Exception:
redirect = self.get_redirect_url()
exceptions.handle(self.request,
@ -279,7 +280,7 @@ class ChangePasswordView(forms.ModalFormView):
def get_object(self):
try:
return api.keystone.user_get(self.request, self.kwargs['user_id'],
admin=True)
admin=False)
except Exception:
redirect = reverse("horizon:identity:users:index")
exceptions.handle(self.request,