From d1042fdaf94af9ed2e9ba950761523799f8c4a39 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Mon, 27 Aug 2018 16:40:21 -0400 Subject: [PATCH] Remove "Change Password" from users table for non-admin users If you're a user without administrative permissions, you will not be able to edit a password using the table inside the identity section due to the fact that it uses a different edit API which is not meant to be used for the user-side of things. This patch adds a policy change in order to hide the change password link for normal users, while keeping the functionality inside the Settings panel still intact. This change was first broken by I76eb9f95c7112bcbad75ee151f363f892298d081 Partial-Bug: 1788384 Change-Id: I7a64257ac274c9dac5705ba72a85833f8e7a1591 (cherry picked from commit 0630be639bdcab9e5ecf6ca0814dae9eb79a88e7) --- openstack_dashboard/dashboards/identity/users/tables.py | 5 ++++- .../remove-change-pw-from-users-table-ef8d45a4a95762e0.yaml | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/remove-change-pw-from-users-table-ef8d45a4a95762e0.yaml diff --git a/openstack_dashboard/dashboards/identity/users/tables.py b/openstack_dashboard/dashboards/identity/users/tables.py index 3686f042d6..edb8f7e34e 100644 --- a/openstack_dashboard/dashboards/identity/users/tables.py +++ b/openstack_dashboard/dashboards/identity/users/tables.py @@ -54,12 +54,15 @@ class EditUserLink(policy.PolicyTargetMixin, tables.LinkAction): return api.keystone.keystone_can_edit_user() -class ChangePasswordLink(tables.LinkAction): +class ChangePasswordLink(policy.PolicyTargetMixin, tables.LinkAction): name = "change_password" verbose_name = _("Change Password") url = "horizon:identity:users:change_password" classes = ("ajax-modal",) icon = "key" + policy_rules = (("identity", "identity:update_user"),) + policy_target_attrs = (("user_id", "id"), + ("target.user.domain_id", "domain_id")) def allowed(self, request, user): return api.keystone.keystone_can_edit_user() diff --git a/releasenotes/notes/remove-change-pw-from-users-table-ef8d45a4a95762e0.yaml b/releasenotes/notes/remove-change-pw-from-users-table-ef8d45a4a95762e0.yaml new file mode 100644 index 0000000000..bb24aad24f --- /dev/null +++ b/releasenotes/notes/remove-change-pw-from-users-table-ef8d45a4a95762e0.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixed a bug where non-admin users would be shown the "Change Password" + button for users listed under the Identity panel.