Overview

File 0001_remove_admin_role_name_admin_hardcode.patch of Package openstack-dashboard

Adapted from:

From f9f50bd2bd3a7dfaa848733938fdc7b2061d604c Mon Sep 17 00:00:00 2001
From: Paul Karikh <pkarikh@mirantis.com>
Date: Tue, 30 Sep 2014 14:53:21 +0400
Subject: [PATCH] Remove admin role name 'admin' hardcode

Because of hardcoding name as the 'admin' was impossible to
use administrative panel with a custom administrative role name.
This fix replaces hardcoding the name of the administrative role
with RBAC policy check.

DocImpact
Related commit: https://review.openstack.org/#/c/123745/
Change-Id: I05c8fc750c56f6f6bb49a435662e821eb0d6ba30
Closes-Bug: #1161144
---
 doc/source/quickstart.rst                                   | 3 ++-
 doc/source/topics/customizing.rst                           | 6 ------
 openstack_dashboard/dashboards/admin/dashboard.py           | 2 +-
 openstack_dashboard/dashboards/admin/hypervisors/panel.py   | 3 ++-
 openstack_dashboard/dashboards/admin/instances/panel.py     | 3 ++-
 openstack_dashboard/dashboards/admin/metadata_defs/panel.py | 2 +-
 openstack_dashboard/dashboards/admin/overview/panel.py      | 2 +-
 7 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/doc/source/quickstart.rst b/doc/source/quickstart.rst
index 167cb42..84ccb58 100644
--- a/doc/source/quickstart.rst
+++ b/doc/source/quickstart.rst
@@ -258,7 +258,8 @@ you register it in a ``panel.py`` file like so::
     class Images(horizon.Panel):
         name = "Images"
         slug = 'images'
-        permissions = ('openstack.roles.admin', 'my.other.permission',)
+        permissions = ('openstack.roles.admin', 'my.openstack.permission',)
+        policy_rules = (('endpoint', 'endpoint:rule'),)
 
 
     # You could also register your panel with another application's dashboard
diff --git a/doc/source/topics/customizing.rst b/doc/source/topics/customizing.rst
index d9ed627..b56398b 100644
--- a/doc/source/topics/customizing.rst
+++ b/doc/source/topics/customizing.rst
@@ -76,12 +76,6 @@ Or get the instances panel::
     projects_dashboard = horizon.get_dashboard("project")
     instances_panel = projects_dashboard.get_panel("instances")
 
-And limit access to users with the Keystone Admin role::
-
-    permissions = list(getattr(instances_panel, 'permissions', []))
-    permissions.append('openstack.roles.admin')
-    instances_panel.permissions = tuple(permissions)
-
 Or just remove it entirely::
 
     projects_dashboard.unregister(instances_panel.__class__)
diff --git a/openstack_dashboard/dashboards/admin/dashboard.py b/openstack_dashboard/dashboards/admin/dashboard.py
index c8cdc63..4101571 100644
--- a/openstack_dashboard/dashboards/admin/dashboard.py
+++ b/openstack_dashboard/dashboards/admin/dashboard.py
@@ -30,7 +30,7 @@ class Admin(horizon.Dashboard):
     slug = "admin"
     panels = (SystemPanels,)
     default_panel = 'overview'
-    permissions = ('openstack.roles.admin',)
+    policy_rules = (("identity", "admin_required"),)
 
 
 horizon.register(Admin)
diff --git a/openstack_dashboard/dashboards/admin/hypervisors/panel.py b/openstack_dashboard/dashboards/admin/hypervisors/panel.py
index c1f8edd..bc8ec6a 100644
--- a/openstack_dashboard/dashboards/admin/hypervisors/panel.py
+++ b/openstack_dashboard/dashboards/admin/hypervisors/panel.py
@@ -21,7 +21,8 @@ from openstack_dashboard.dashboards.admin import dashboard
 class Hypervisors(horizon.Panel):
     name = _("Hypervisors")
     slug = 'hypervisors'
-    permissions = ('openstack.roles.admin', 'openstack.services.compute')
+    permissions = ('openstack.services.compute',)
+    policy_rules = (("compute", "compute_extenson:hypervisors"),)
 
 
 dashboard.Admin.register(Hypervisors)
diff --git a/openstack_dashboard/dashboards/admin/instances/panel.py b/openstack_dashboard/dashboards/admin/instances/panel.py
index 23a0401..efaad95 100644
--- a/openstack_dashboard/dashboards/admin/instances/panel.py
+++ b/openstack_dashboard/dashboards/admin/instances/panel.py
@@ -26,7 +26,8 @@ from openstack_dashboard.dashboards.admin import dashboard
 class Instances(horizon.Panel):
     name = _("Instances")
     slug = 'instances'
-    permissions = ('openstack.roles.admin', 'openstack.services.compute')
+    permissions = ('openstack.services.compute',)
+    policy_rules = (("compute", "compute:get_all"),)


 dashboard.Admin.register(Instances)
diff --git a/openstack_dashboard/dashboards/admin/overview/panel.py b/openstack_dashboard/dashboards/admin/overview/panel.py
index 47c38e4..d75f9b3 100644
--- a/openstack_dashboard/dashboards/admin/overview/panel.py
+++ b/openstack_dashboard/dashboards/admin/overview/panel.py
@@ -26,7 +26,7 @@ from openstack_dashboard.dashboards.admin import dashboard
 class Overview(horizon.Panel):
     name = _("Overview")
     slug = 'overview'
-    permissions = ('openstack.roles.admin',)
+    policy_rules = (('identity', 'identity:list_projects'),)
 
 
 dashboard.Admin.register(Overview)
-- 
1.9.1
openSUSE Build Service is sponsored by
Places