From cb0d1eaf4670530c34cf00ad2d63fcbb985ea377 Mon Sep 17 00:00:00 2001 From: Kenji Ishii Date: Mon, 18 Jan 2016 11:16:32 +0900 Subject: [PATCH] admin permissions depends on OPENSTACK_KEYSTONE_ADMIN_ROLES In dashboard or panel, 'openstack.roles.xxx' is used as a permission control. 'xxx' in 'openstack.roles.xxx' is a real role name. At the moment, it is not addressed OPENSTACK_KEYSTONE_ADMIN_ROLES. This patch will address it. Change-Id: Ic7200dfdf403b63ef3210750617ae102b15c02c8 Closes-Bug: #1534409 --- .../dashboards/admin/dashboard.py | 6 +++-- .../dashboards/identity/domains/workflows.py | 9 ++++--- .../dashboards/identity/projects/tests.py | 6 ----- .../dashboards/identity/projects/workflows.py | 8 +++--- openstack_dashboard/test/tests/utils.py | 10 -------- openstack_dashboard/utils/identity.py | 25 ------------------- 6 files changed, 14 insertions(+), 50 deletions(-) delete mode 100644 openstack_dashboard/utils/identity.py diff --git a/openstack_dashboard/dashboards/admin/dashboard.py b/openstack_dashboard/dashboards/admin/dashboard.py index 3e8c7bb20c..cb936fb52b 100644 --- a/openstack_dashboard/dashboards/admin/dashboard.py +++ b/openstack_dashboard/dashboards/admin/dashboard.py @@ -14,7 +14,10 @@ from django.utils.translation import ugettext_lazy as _ +from openstack_auth import utils + import horizon + from openstack_dashboard import settings @@ -31,7 +34,6 @@ class Admin(horizon.Dashboard): ('orchestration', 'context_is_admin'), ('telemetry', 'context_is_admin'),) else: - permissions = ('openstack.roles.admin',) - + permissions = (tuple(utils.get_admin_permissions()),) horizon.register(Admin) diff --git a/openstack_dashboard/dashboards/identity/domains/workflows.py b/openstack_dashboard/dashboards/identity/domains/workflows.py index 230ede4243..d3f3e3453b 100644 --- a/openstack_dashboard/dashboards/identity/domains/workflows.py +++ b/openstack_dashboard/dashboards/identity/domains/workflows.py @@ -18,15 +18,16 @@ from django.conf import settings from django.core.urlresolvers import reverse from django.utils.translation import ugettext_lazy as _ +from openstack_auth import utils + from horizon import exceptions from horizon import forms from horizon import messages from horizon import workflows from openstack_dashboard import api - from openstack_dashboard.dashboards.identity.domains import constants -from openstack_dashboard.utils.identity import IdentityMixIn + LOG = logging.getLogger(__name__) @@ -295,7 +296,7 @@ class UpdateDomainInfo(workflows.Step): "enabled") -class UpdateDomain(workflows.Workflow, IdentityMixIn): +class UpdateDomain(workflows.Workflow): slug = "update_domain" name = _("Edit Domain") finalize_button_name = _("Save") @@ -363,7 +364,7 @@ class UpdateDomain(workflows.Workflow, IdentityMixIn): available_admin_role_ids = [ role.id for role in available_roles - if role.name.lower() in self.get_admin_roles() + if role.name.lower() in utils.get_admin_roles() ] admin_role_ids = [role for role in current_role_ids if role in available_admin_role_ids] diff --git a/openstack_dashboard/dashboards/identity/projects/tests.py b/openstack_dashboard/dashboards/identity/projects/tests.py index b321b810f6..69f0e46da9 100644 --- a/openstack_dashboard/dashboards/identity/projects/tests.py +++ b/openstack_dashboard/dashboards/identity/projects/tests.py @@ -1805,9 +1805,3 @@ class SeleniumTests(test.SeleniumAdminTestCase): for user in users: self.assertIn(user.name, members.text) - - @override_settings(OPENSTACK_KEYSTONE_ADMIN_ROLES=['foO', 'BAR', 'admin']) - def test_get_admin_roles(self): - mix_in = workflows.IdentityMixIn() - admin_roles = mix_in.get_admin_roles() - self.assertEqual(['foo', 'bar', 'admin'], admin_roles) diff --git a/openstack_dashboard/dashboards/identity/projects/workflows.py b/openstack_dashboard/dashboards/identity/projects/workflows.py index edbe833bc5..238f39ae95 100644 --- a/openstack_dashboard/dashboards/identity/projects/workflows.py +++ b/openstack_dashboard/dashboards/identity/projects/workflows.py @@ -22,6 +22,8 @@ from django.conf import settings from django.core.urlresolvers import reverse from django.utils.translation import ugettext_lazy as _ +from openstack_auth import utils + from horizon import exceptions from horizon import forms from horizon import messages @@ -33,7 +35,7 @@ from openstack_dashboard.api import cinder from openstack_dashboard.api import keystone from openstack_dashboard.api import nova from openstack_dashboard.usage import quotas -from openstack_dashboard.utils.identity import IdentityMixIn + LOG = logging.getLogger(__name__) @@ -605,7 +607,7 @@ class UpdateProjectInfo(workflows.Step): "enabled") -class UpdateProject(CommonQuotaWorkflow, IdentityMixIn): +class UpdateProject(CommonQuotaWorkflow): slug = "update_project" name = _("Edit Project") finalize_button_name = _("Save") @@ -698,7 +700,7 @@ class UpdateProject(CommonQuotaWorkflow, IdentityMixIn): available_roles, current_role_ids): is_current_user = user_id == request.user.id is_current_project = project_id == request.user.tenant_id - _admin_roles = self.get_admin_roles() + _admin_roles = utils.get_admin_roles() available_admin_role_ids = [role.id for role in available_roles if role.name.lower() in _admin_roles] admin_roles = [role for role in current_role_ids diff --git a/openstack_dashboard/test/tests/utils.py b/openstack_dashboard/test/tests/utils.py index 176c6dff68..5ab2cd6b60 100644 --- a/openstack_dashboard/test/tests/utils.py +++ b/openstack_dashboard/test/tests/utils.py @@ -14,12 +14,10 @@ # under the License. import datetime -from django.test.utils import override_settings import uuid from openstack_dashboard.test import helpers as test from openstack_dashboard.utils import filters -from openstack_dashboard.utils import identity from openstack_dashboard.utils import metering @@ -65,11 +63,3 @@ class UtilsMeteringTests(test.TestCase): def test_calc_date_args_invalid(self): self.assertRaises( ValueError, metering.calc_date_args, object, object, "other") - - -class IdentityTests(test.BaseAdminViewTests): - @override_settings(OPENSTACK_KEYSTONE_ADMIN_ROLES=['foO', 'BAR', 'admin']) - def test_get_admin_roles(self): - mix_in = identity.IdentityMixIn() - admin_roles = mix_in.get_admin_roles() - self.assertEqual(['foo', 'bar', 'admin'], admin_roles) diff --git a/openstack_dashboard/utils/identity.py b/openstack_dashboard/utils/identity.py deleted file mode 100644 index 654e3ff013..0000000000 --- a/openstack_dashboard/utils/identity.py +++ /dev/null @@ -1,25 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from django.conf import settings - -from horizon.utils.memoized import memoized # noqa - - -class IdentityMixIn(object): - @memoized - def get_admin_roles(self): - _admin_roles = [role.lower() for role in getattr( - settings, - 'OPENSTACK_KEYSTONE_ADMIN_ROLES', - ['admin'])] - return _admin_roles