Properly enable/disable project/user edit via setting.

For identity backends which don't support editing (LDAP, et. al.)
we already have a setting that turns off user editing, but it was
applied inconsistently. This patch applies it more thoroughly
and adds the same functionality for projects.

Fixes bug 1109019.

Change-Id: Ia1316de4ff76779b93edd1c1f364ede9aabb6fd0
This commit is contained in:
Gabriel Hurley 2013-02-09 15:29:56 -08:00
parent a366264d62
commit 245aa2a513
5 changed files with 27 additions and 9 deletions

View File

@ -277,10 +277,13 @@ def get_user_ec2_credentials(request, user_id, access_token):
def keystone_can_edit_user():
if hasattr(settings, "OPENSTACK_KEYSTONE_BACKEND"):
return settings.OPENSTACK_KEYSTONE_BACKEND['can_edit_user']
else:
return False
backend_settings = getattr(settings, "OPENSTACK_KEYSTONE_BACKEND", {})
return backend_settings.get('can_edit_user', True)
def keystone_can_edit_project():
backend_settings = getattr(settings, "OPENSTACK_KEYSTONE_BACKEND", {})
return backend_settings.get('can_edit_project', True)
def keystone_backend_name():

View File

@ -40,6 +40,9 @@ class CreateProject(tables.LinkAction):
url = "horizon:admin:projects:create"
classes = ("btn-launch", "ajax-modal",)
def allowed(self, request, project):
return api.keystone.keystone_can_edit_project()
class UpdateProject(tables.LinkAction):
name = "update"
@ -47,6 +50,9 @@ class UpdateProject(tables.LinkAction):
url = "horizon:admin:projects:update"
classes = ("ajax-modal", "btn-edit")
def allowed(self, request, project):
return api.keystone.keystone_can_edit_project()
class ModifyQuotas(tables.LinkAction):
name = "quotas"
@ -65,6 +71,9 @@ class DeleteTenantsAction(tables.DeleteAction):
data_type_singular = _("Project")
data_type_plural = _("Projects")
def allowed(self, request, project):
return api.keystone.keystone_can_edit_project()
def delete(self, request, obj_id):
api.keystone.tenant_delete(request, obj_id)

View File

@ -22,9 +22,7 @@ class CreateUserLink(tables.LinkAction):
classes = ("ajax-modal", "btn-create")
def allowed(self, request, user):
if api.keystone.keystone_can_edit_user():
return True
return False
return api.keystone.keystone_can_edit_user()
class EditUserLink(tables.LinkAction):
@ -33,6 +31,9 @@ class EditUserLink(tables.LinkAction):
url = "horizon:admin:users:update"
classes = ("ajax-modal", "btn-edit")
def allowed(self, request, user):
return api.keystone.keystone_can_edit_user()
class ToggleEnabled(tables.BatchAction):
name = "enable"
@ -43,6 +44,9 @@ class ToggleEnabled(tables.BatchAction):
classes = ("btn-enable",)
def allowed(self, request, user=None):
if not api.keystone.keystone_can_edit_user():
return False
self.enabled = True
if not user:
return self.enabled

View File

@ -87,7 +87,8 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True
'can_edit_user': True,
'can_edit_project': True
}
OPENSTACK_HYPERVISOR_FEATURES = {

View File

@ -65,7 +65,8 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True
'can_edit_user': True,
'can_edit_project': True
}
OPENSTACK_HYPERVISOR_FEATURES = {