Prevent user from disabling her current project

Disabling user's current project is like shooting yourself in the foot
- once it's done, it's irreversible in the current tenant because it's
no longer possible to edit any Project/User/etc. Thus it is forbidden
both when using Edit Project modal or when inline-editing the
corresponding cell at Projects table.

Closes-Bug: #1398331
Change-Id: Iacca383f1d982a9b16c41c9f945fdcdde9f803a1

openstack_dashboard/dashboards/identity/projects/tables.py

@@ -181,9 +181,12 @@ class UpdateRow(tables.Row):
 
 class UpdateCell(tables.UpdateAction):
     def allowed(self, request, project, cell):
-        return api.keystone.keystone_can_edit_project() and \
-            policy.check((("identity", "identity:update_project"),),
-                         request)
+        policy_rule = (("identity", "identity:update_project"),)
+        return (
+            (cell.column.name != 'enabled' or
+             request.user.token.project['id'] != cell.datum.id) and
+            api.keystone.keystone_can_edit_project() and
+            policy.check(policy_rule, request))
 
     def update_cell(self, request, datum, project_id,
                     cell_name, new_cell_value):

openstack_dashboard/dashboards/identity/projects/workflows.py

@@ -506,6 +506,14 @@ class CreateProject(workflows.Workflow):
 class UpdateProjectInfoAction(CreateProjectInfoAction):
     enabled = forms.BooleanField(required=False, label=_("Enabled"))
 
+    def __init__(self, request, initial, *args, **kwargs):
+        super(UpdateProjectInfoAction, self).__init__(
+            request, initial, *args, **kwargs)
+        if initial['project_id'] == request.user.token.project['id']:
+            self.fields['enabled'].widget.attrs['disabled'] = True
+            self.fields['enabled'].help_text = _(
+                'You cannot disable your current project')
+
     class Meta:
         name = _("Project Information")
         slug = 'update_info'