From 8af6b385dd42faa3c4795533dbf5c92fa7d53cb5 Mon Sep 17 00:00:00 2001
From: zhurong <aaronzhu1121@gmail.com>
Date: Sun, 31 Jul 2016 21:52:16 +0800
Subject: [PATCH] Using rbac policy for environments panel

Using rbac policy for environments panel and table action.

Change-Id: Ia67477f72501f9fc05b94624a8b3f4d9d52d8bdb
Depends-On: I3e6aec8e1cbe57cb80e6d1b8df012f5047aad511
Partially-Implements: blueprint murano-dashboard-rbac
---
 muranodashboard/environments/panel.py  |  1 +
 muranodashboard/environments/tables.py | 26 ++++++++++++++++++++++++--
 muranodashboard/environments/tabs.py   |  4 ++++
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/muranodashboard/environments/panel.py b/muranodashboard/environments/panel.py
index a2754c858..19e720797 100644
--- a/muranodashboard/environments/panel.py
+++ b/muranodashboard/environments/panel.py
@@ -21,6 +21,7 @@ from muranodashboard import dashboard
 class Environments(horizon.Panel):
     name = _("Environments")
     slug = 'environments'
+    policy_rules = (("murano", "list_environments"),)
 
 
 dashboard.Murano.register(Environments)
diff --git a/muranodashboard/environments/tables.py b/muranodashboard/environments/tables.py
index 961625fd2..981e6e5b1 100644
--- a/muranodashboard/environments/tables.py
+++ b/muranodashboard/environments/tables.py
@@ -25,6 +25,7 @@ from horizon import messages
 from horizon import tables
 from horizon.utils import filters
 from muranoclient.common import exceptions as exc
+from openstack_dashboard import policy
 from oslo_log import log as logging
 
 from muranodashboard import api as api_utils
@@ -34,7 +35,6 @@ from muranodashboard.environments import api
 from muranodashboard.environments import consts
 from muranodashboard.packages import consts as pkg_consts
 
-
 LOG = logging.getLogger(__name__)
 
 
@@ -89,6 +89,7 @@ class CreateEnvironment(tables.LinkAction):
     classes = ('btn-launch', 'add_env')
     redirect_url = "horizon:project:murano:environments"
     icon = 'plus'
+    policy_rules = (("murano", "create_environment"),)
 
     def allowed(self, request, datum):
         return True if self.table.data else False
@@ -104,8 +105,9 @@ class CreateEnvironment(tables.LinkAction):
             exceptions.handle(request, msg, redirect=redirect)
 
 
-class DeleteEnvironment(tables.DeleteAction):
+class DeleteEnvironment(policy.PolicyTargetMixin, tables.DeleteAction):
     redirect_url = "horizon:project:murano:environments"
+    policy_rules = (("murano", "delete_environment"),)
 
     @staticmethod
     def action_present(count):
@@ -148,6 +150,7 @@ class AbandonEnvironment(tables.DeleteAction):
                   "this environment will have to be released manually.")
     name = 'abandon'
     redirect_url = "horizon:project:murano:environments"
+    policy_rules = (("murano", "delete_environment"),)
 
     @staticmethod
     def action_present(count):
@@ -398,6 +401,10 @@ class UpdateServiceRow(tables.Row):
 
 
 class UpdateName(tables.UpdateAction):
+    def allowed(self, request, environment, cell):
+        policy_rule = (("murano", "update_environment"),)
+        return policy.check(policy_rule, request)
+
     def update_cell(self, request, datum, obj_id, cell_name, new_cell_value):
         try:
             if not new_cell_value or new_cell_value.isspace():
@@ -439,6 +446,21 @@ class EnvironmentsTable(tables.DataTable):
                            status_choices=consts.STATUS_CHOICES,
                            display_choices=consts.STATUS_DISPLAY_CHOICES)
 
+    def get_env_detail_link(self, environment):
+        # NOTE: using the policy check for show_environment
+        if policy.check((("murano", "show_environment"),),
+                        self.request, target={"environment": environment}):
+            return reverse("horizon:murano:environments:services",
+                           args=(environment.id,))
+        return None
+
+    def __init__(self, request, data=None, needs_form_wrapper=None, **kwargs):
+        super(EnvironmentsTable,
+              self).__init__(request, data=data,
+                             needs_form_wrapper=needs_form_wrapper,
+                             **kwargs)
+        self.columns['name'].get_link_url = self.get_env_detail_link
+
     class Meta(object):
         name = 'environments'
         verbose_name = _('Environments')
diff --git a/muranodashboard/environments/tabs.py b/muranodashboard/environments/tabs.py
index 5595dff84..58a5727e5 100644
--- a/muranodashboard/environments/tabs.py
+++ b/muranodashboard/environments/tabs.py
@@ -22,6 +22,7 @@ from horizon import exceptions
 from horizon import tabs
 from openstack_dashboard.api import heat as heat_api
 from openstack_dashboard.api import nova as nova_api
+from openstack_dashboard import policy
 
 from muranoclient.common import exceptions as exc
 from muranodashboard.environments import api
@@ -235,6 +236,9 @@ class DeploymentTab(tabs.TableTab):
     template_name = 'horizon/common/_detail_table.html'
     preload = False
 
+    def allowed(self, request):
+        return policy.check((("murano", "list_deployments"),), request)
+
     def get_deployments_data(self):
         deployments = []
         self.environment_id = self.tab_group.kwargs['environment_id']