Properly enable/disable project/user edit via setting.
For identity backends which don't support editing (LDAP, et. al.) we already have a setting that turns off user editing, but it was applied inconsistently. This patch applies it more thoroughly and adds the same functionality for projects. Fixes bug 1109019. Change-Id: Ia1316de4ff76779b93edd1c1f364ede9aabb6fd0
This commit is contained in:
parent
a366264d62
commit
245aa2a513
@ -277,10 +277,13 @@ def get_user_ec2_credentials(request, user_id, access_token):
|
||||
|
||||
|
||||
def keystone_can_edit_user():
|
||||
if hasattr(settings, "OPENSTACK_KEYSTONE_BACKEND"):
|
||||
return settings.OPENSTACK_KEYSTONE_BACKEND['can_edit_user']
|
||||
else:
|
||||
return False
|
||||
backend_settings = getattr(settings, "OPENSTACK_KEYSTONE_BACKEND", {})
|
||||
return backend_settings.get('can_edit_user', True)
|
||||
|
||||
|
||||
def keystone_can_edit_project():
|
||||
backend_settings = getattr(settings, "OPENSTACK_KEYSTONE_BACKEND", {})
|
||||
return backend_settings.get('can_edit_project', True)
|
||||
|
||||
|
||||
def keystone_backend_name():
|
||||
|
@ -40,6 +40,9 @@ class CreateProject(tables.LinkAction):
|
||||
url = "horizon:admin:projects:create"
|
||||
classes = ("btn-launch", "ajax-modal",)
|
||||
|
||||
def allowed(self, request, project):
|
||||
return api.keystone.keystone_can_edit_project()
|
||||
|
||||
|
||||
class UpdateProject(tables.LinkAction):
|
||||
name = "update"
|
||||
@ -47,6 +50,9 @@ class UpdateProject(tables.LinkAction):
|
||||
url = "horizon:admin:projects:update"
|
||||
classes = ("ajax-modal", "btn-edit")
|
||||
|
||||
def allowed(self, request, project):
|
||||
return api.keystone.keystone_can_edit_project()
|
||||
|
||||
|
||||
class ModifyQuotas(tables.LinkAction):
|
||||
name = "quotas"
|
||||
@ -65,6 +71,9 @@ class DeleteTenantsAction(tables.DeleteAction):
|
||||
data_type_singular = _("Project")
|
||||
data_type_plural = _("Projects")
|
||||
|
||||
def allowed(self, request, project):
|
||||
return api.keystone.keystone_can_edit_project()
|
||||
|
||||
def delete(self, request, obj_id):
|
||||
api.keystone.tenant_delete(request, obj_id)
|
||||
|
||||
|
@ -22,9 +22,7 @@ class CreateUserLink(tables.LinkAction):
|
||||
classes = ("ajax-modal", "btn-create")
|
||||
|
||||
def allowed(self, request, user):
|
||||
if api.keystone.keystone_can_edit_user():
|
||||
return True
|
||||
return False
|
||||
return api.keystone.keystone_can_edit_user()
|
||||
|
||||
|
||||
class EditUserLink(tables.LinkAction):
|
||||
@ -33,6 +31,9 @@ class EditUserLink(tables.LinkAction):
|
||||
url = "horizon:admin:users:update"
|
||||
classes = ("ajax-modal", "btn-edit")
|
||||
|
||||
def allowed(self, request, user):
|
||||
return api.keystone.keystone_can_edit_user()
|
||||
|
||||
|
||||
class ToggleEnabled(tables.BatchAction):
|
||||
name = "enable"
|
||||
@ -43,6 +44,9 @@ class ToggleEnabled(tables.BatchAction):
|
||||
classes = ("btn-enable",)
|
||||
|
||||
def allowed(self, request, user=None):
|
||||
if not api.keystone.keystone_can_edit_user():
|
||||
return False
|
||||
|
||||
self.enabled = True
|
||||
if not user:
|
||||
return self.enabled
|
||||
|
@ -87,7 +87,8 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
|
||||
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
|
||||
OPENSTACK_KEYSTONE_BACKEND = {
|
||||
'name': 'native',
|
||||
'can_edit_user': True
|
||||
'can_edit_user': True,
|
||||
'can_edit_project': True
|
||||
}
|
||||
|
||||
OPENSTACK_HYPERVISOR_FEATURES = {
|
||||
|
@ -65,7 +65,8 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
|
||||
|
||||
OPENSTACK_KEYSTONE_BACKEND = {
|
||||
'name': 'native',
|
||||
'can_edit_user': True
|
||||
'can_edit_user': True,
|
||||
'can_edit_project': True
|
||||
}
|
||||
|
||||
OPENSTACK_HYPERVISOR_FEATURES = {
|
||||
|
Loading…
x
Reference in New Issue
Block a user