From 37f6929da9ecbf204497a56fb9a543a1436e7d10 Mon Sep 17 00:00:00 2001
From: "Mclean, Aaron (am9518)" <am9518@att.com>
Date: Mon, 30 Jul 2018 11:08:41 -0500
Subject: [PATCH] [US429508] Adding customer_creator flavor_creator admin image
 roles

Change-Id: I5e7217abda058197e3633b6f11642fcabbdd6d15
---
 .../customer_manager/cms_rest/etc/policy.json | 28 ++++++++++-------
 .../flavor_manager/fms_rest/etc/policy.json   | 30 +++++++++++--------
 .../image_manager/ims/etc/policy.json         |  4 +--
 3 files changed, 37 insertions(+), 25 deletions(-)

diff --git a/orm/services/customer_manager/cms_rest/etc/policy.json b/orm/services/customer_manager/cms_rest/etc/policy.json
index 590cac4c..77580139 100755
--- a/orm/services/customer_manager/cms_rest/etc/policy.json
+++ b/orm/services/customer_manager/cms_rest/etc/policy.json
@@ -4,19 +4,25 @@
     "admin": "role:admin and tenant:admin or role:admin and tenant:services",
     "admin_support": "role:admin_support and tenant:admin or role:admin_support and tenant:services",
     "admin_viewer": "role:admin_viewer and tenant:admin or role:admin_viewer and tenant:services",
+    "creator": "role:ranger_customer_creator and tenant:admin or role:ranger_customer_creator and tenant:services",
+
+    "admin_or_creator": "rule:admin or rule:creator",
 
     "admin_or_support": "rule:admin or rule:admin_support",
-    "admin_or_support_or_viewer": "rule:admin or rule:admin_support or rule:admin_viewer",
+    "admin_or_support_or_creator": "rule:admin or rule:admin_support or rule:creator",
 
-    "customers:get_one": "rule:admin_or_support_or_viewer",
-    "customers:get_all": "rule:admin_or_support_or_viewer",
-    "customers:create": "rule:admin_or_support",
-    "customers:update": "rule:admin",
+    "admin_or_support_or_viewer": "rule:admin or rule:admin_support or rule:admin_viewer",
+    "admin_or_support_or_viewer_or_creator": "rule:admin or rule:admin_support or rule:admin_viewer or rule:creator",
+
+    "customers:get_one": "rule:admin_or_support_or_viewer_or_creator",
+    "customers:get_all": "rule:admin_or_support_or_viewer_or_creator",
+    "customers:create": "rule:admin_or_support_or_creator",
+    "customers:update": "rule:admin_or_creator",
     "customers:delete": "rule:admin",
 
-    "customers:add_region": "rule:admin_or_support",
-    "customers:update_region": "rule:admin",
-    "customers:delete_region": "rule:admin",
+    "customers:add_region": "rule:admin_or_support_or_creator",
+    "customers:update_region": "rule:admin_or_creator",
+    "customers:delete_region": "rule:admin_or_creator",
 
     "customers:add_region_user": "rule:admin_or_support",
     "customers:update_region_user": "rule:admin",
@@ -26,8 +32,8 @@
     "customers:update_default_user": "rule:admin",
     "customers:delete_default_user": "rule:admin",
 
-    "customers:add_metadata": "rule:admin_or_support",
-    "customers:update_metadata": "rule:admin",
+    "customers:add_metadata": "rule:admin_or_support_or_creator",
+    "customers:update_metadata": "rule:admin_or_creator",
 
-    "customers:enable": "rule:admin"
+    "customers:enable": "rule:admin_or_support_or_creator"
 }
\ No newline at end of file
diff --git a/orm/services/flavor_manager/fms_rest/etc/policy.json b/orm/services/flavor_manager/fms_rest/etc/policy.json
index b414b87f..63e3ea61 100755
--- a/orm/services/flavor_manager/fms_rest/etc/policy.json
+++ b/orm/services/flavor_manager/fms_rest/etc/policy.json
@@ -4,29 +4,35 @@
     "admin": "role:admin and tenant:admin or role:admin and tenant:services",
     "admin_support": "role:admin_support and tenant:admin or role:admin_support and tenant:services",
     "admin_viewer": "role:admin_viewer and tenant:admin or role:admin_viewer and tenant:services",
+    "creator": "role:ranger_flavor_creator and tenant:admin or role:ranger_flavor_creator and tenant:services",
+
+    "admin_or_creator": "rule:admin or rule:creator",
 
     "admin_or_support": "rule:admin or rule:admin_support",
-    "admin_or_support_or_viewer": "rule:admin or rule:admin_support or rule:admin_viewer",
+    "admin_or_support_or_creator": "rule:admin or rule:admin_support or rule:creator",
 
-    "flavor:create": "rule:admin_or_support",
-    "flavor:get_one": "rule:admin_or_support_or_viewer",
-    "flavor:get_all": "rule:admin_or_support_or_viewer",
+    "admin_or_support_or_viewer": "rule:admin or rule:admin_support or rule:admin_viewer",
+    "admin_or_support_or_viewer_or_creator": "rule:admin or rule:admin_support or rule:admin_viewer or rule:creator",
+
+    "flavor:get_one": "rule:admin_or_support_or_viewer_or_creator",
+    "flavor:get_all": "rule:admin_or_support_or_viewer_or_creator",
+    "flavor:create": "rule:admin_or_support_or_creator",
     "flavor:delete": "rule:admin",
 
-    "flavor:get_flavor_extra_specs": "rule:admin_or_support_or_viewer",
-    "flavor:add_flavor_extra_specs": "rule:admin_or_support",
-    "flavor:replace_flavor_extra_specs": "rule:admin",
+    "flavor:get_flavor_extra_specs": "rule:admin_or_support_or_viewer_or_creator",
+    "flavor:add_flavor_extra_specs": "rule:admin_or_support_or_creator",
+    "flavor:replace_flavor_extra_specs": "rule:admin_or_creator",
     "flavor:delete_flavor_extra_specs": "rule:admin",
 
-    "flavor:add_flavor_regions": "rule:admin_or_support",
+    "flavor:add_flavor_regions": "rule:admin_or_support_or_creator",
     "flavor:delete_flavor_region": "rule:admin",
 
-    "flavor:get_flavor_tags": "rule:admin_or_support_or_viewer",
-    "flavor:add_flavor_tags": "rule:admin_or_support",
-    "flavor:replace_flavor_tags": "rule:admin",
+    "flavor:get_flavor_tags": "rule:admin_or_support_or_viewer_or_creator",
+    "flavor:add_flavor_tags": "rule:admin_or_support_or_creator",
+    "flavor:replace_flavor_tags": "rule:admin_or_creator",
     "flavor:delete_flavor_tags": "rule:admin",
 
-    "flavor:add_flavor_tenants": "rule:admin_or_support",
+    "flavor:add_flavor_tenants": "rule:admin_or_support_or_creator",
     "flavor:delete_flavor_tenant": "rule:admin"
 
 }
\ No newline at end of file
diff --git a/orm/services/image_manager/ims/etc/policy.json b/orm/services/image_manager/ims/etc/policy.json
index 32fc700d..1c6447e6 100755
--- a/orm/services/image_manager/ims/etc/policy.json
+++ b/orm/services/image_manager/ims/etc/policy.json
@@ -1,7 +1,7 @@
 {
     "default": "!",
 
-    "admin": "role:admin and tenant:admin or role:admin and tenant:services",
+    "admin": "role:admin and tenant:admin or role:admin and tenant:services or role:admin_image and tenant:admin or role:admin_image and tenant:services",
     "admin_support": "role:admin_support and tenant:admin or role:admin_support and tenant:services",
     "admin_viewer": "role:admin_viewer and tenant:admin or role:admin_viewer and tenant:services",
 
@@ -13,7 +13,7 @@
     "image:get_one": "rule:admin_or_support_or_viewer",
     "image:update": "rule:admin",
     "image:delete": "rule:admin",
-    "image:enable": "rule:admin",
+    "image:enable": "rule:admin_or_support",
 
     "region:create": "rule:admin_or_support",
     "region:update": "rule:admin",