Remove "Change Password" from users table for non-admin users

If you're a user without administrative permissions, you will
not be able to edit a password using the table inside the identity
section due to the fact that it uses a different edit API which
is not meant to be used for the user-side of things.

This patch adds a policy change in order to hide the change password
link for normal users, while keeping the functionality inside
the Settings panel still intact.

This change was first broken by I76eb9f95c7112bcbad75ee151f363f892298d081

Partial-Bug: 1788384
Change-Id: I7a64257ac274c9dac5705ba72a85833f8e7a1591
(cherry picked from commit 0630be639b)

openstack_dashboard/dashboards/identity/users/tables.py

@@ -54,12 +54,15 @@ class EditUserLink(policy.PolicyTargetMixin, tables.LinkAction):
         return api.keystone.keystone_can_edit_user()
 
 
-class ChangePasswordLink(tables.LinkAction):
+class ChangePasswordLink(policy.PolicyTargetMixin, tables.LinkAction):
     name = "change_password"
     verbose_name = _("Change Password")
     url = "horizon:identity:users:change_password"
     classes = ("ajax-modal",)
     icon = "key"
+    policy_rules = (("identity", "identity:update_user"),)
+    policy_target_attrs = (("user_id", "id"),
+                           ("target.user.domain_id", "domain_id"))
 
     def allowed(self, request, user):
         return api.keystone.keystone_can_edit_user()

releasenotes/notes/remove-change-pw-from-users-table-ef8d45a4a95762e0.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixed a bug where non-admin users would be shown the "Change Password"
+    button for users listed under the Identity panel.