Using rbac policy for environments panel

Using rbac policy for environments panel and table action. Change-Id: Ia67477f72501f9fc05b94624a8b3f4d9d52d8bdb Depends-On: I3e6aec8e1cbe57cb80e6d1b8df012f5047aad511 Partially-Implements: blueprint murano-dashboard-rbac
2016-07-31 21:52:16 +08:00 · 2016-07-31 21:52:16 +08:00 · 8af6b385dd
parent 8b86508090
commit 8af6b385dd
3 changed files with 29 additions and 2 deletions
--- a/muranodashboard/environments/panel.py
+++ b/muranodashboard/environments/panel.py
@ -21,6 +21,7 @@ from muranodashboard import dashboard
 class Environments(horizon.Panel):
    name = _("Environments")
    slug = 'environments'
+    policy_rules = (("murano", "list_environments"),)


 dashboard.Murano.register(Environments)
--- a/muranodashboard/environments/tables.py
+++ b/muranodashboard/environments/tables.py
@ -25,6 +25,7 @@ from horizon import messages
 from horizon import tables
 from horizon.utils import filters
 from muranoclient.common import exceptions as exc
+from openstack_dashboard import policy
 from oslo_log import log as logging

 from muranodashboard import api as api_utils
@ -34,7 +35,6 @@ from muranodashboard.environments import api
 from muranodashboard.environments import consts
 from muranodashboard.packages import consts as pkg_consts

-
 LOG = logging.getLogger(__name__)


@ -89,6 +89,7 @@ class CreateEnvironment(tables.LinkAction):
    classes = ('btn-launch', 'add_env')
    redirect_url = "horizon:project:murano:environments"
    icon = 'plus'
+    policy_rules = (("murano", "create_environment"),)

    def allowed(self, request, datum):
        return True if self.table.data else False
@ -104,8 +105,9 @@ class CreateEnvironment(tables.LinkAction):
            exceptions.handle(request, msg, redirect=redirect)


-class DeleteEnvironment(tables.DeleteAction):
+class DeleteEnvironment(policy.PolicyTargetMixin, tables.DeleteAction):
    redirect_url = "horizon:project:murano:environments"
+    policy_rules = (("murano", "delete_environment"),)

    @staticmethod
    def action_present(count):
@ -148,6 +150,7 @@ class AbandonEnvironment(tables.DeleteAction):
                  "this environment will have to be released manually.")
    name = 'abandon'
    redirect_url = "horizon:project:murano:environments"
+    policy_rules = (("murano", "delete_environment"),)

    @staticmethod
    def action_present(count):
@ -398,6 +401,10 @@ class UpdateServiceRow(tables.Row):


 class UpdateName(tables.UpdateAction):
+    def allowed(self, request, environment, cell):
+        policy_rule = (("murano", "update_environment"),)
+        return policy.check(policy_rule, request)
+
    def update_cell(self, request, datum, obj_id, cell_name, new_cell_value):
        try:
            if not new_cell_value or new_cell_value.isspace():
@ -439,6 +446,21 @@ class EnvironmentsTable(tables.DataTable):
                           status_choices=consts.STATUS_CHOICES,
                           display_choices=consts.STATUS_DISPLAY_CHOICES)

+    def get_env_detail_link(self, environment):
+        # NOTE: using the policy check for show_environment
+        if policy.check((("murano", "show_environment"),),
+                        self.request, target={"environment": environment}):
+            return reverse("horizon:murano:environments:services",
+                           args=(environment.id,))
+        return None
+
+    def __init__(self, request, data=None, needs_form_wrapper=None, **kwargs):
+        super(EnvironmentsTable,
+              self).__init__(request, data=data,
+                             needs_form_wrapper=needs_form_wrapper,
+                             **kwargs)
+        self.columns['name'].get_link_url = self.get_env_detail_link
+
    class Meta(object):
        name = 'environments'
        verbose_name = _('Environments')
--- a/muranodashboard/environments/tabs.py
+++ b/muranodashboard/environments/tabs.py
@ -22,6 +22,7 @@ from horizon import exceptions
 from horizon import tabs
 from openstack_dashboard.api import heat as heat_api
 from openstack_dashboard.api import nova as nova_api
+from openstack_dashboard import policy

 from muranoclient.common import exceptions as exc
 from muranodashboard.environments import api
@ -235,6 +236,9 @@ class DeploymentTab(tabs.TableTab):
    template_name = 'horizon/common/_detail_table.html'
    preload = False

+    def allowed(self, request):
+        return policy.check((("murano", "list_deployments"),), request)
+
    def get_deployments_data(self):
        deployments = []
        self.environment_id = self.tab_group.kwargs['environment_id']