Overview

File 0001_remove_admin_role_name_admin_hardcode_in_user_is_superuser.patch of Package python-django_openstack_auth

From 96bbcd5e9bdf44af26098ea0e30206f39630e07b Mon Sep 17 00:00:00 2001
From: Paul Karikh <pkarikh@mirantis.com>
Date: Wed, 24 Sep 2014 18:36:10 +0400
Subject: [PATCH] Remove admin role name 'admin' hardcode in
 User.is_superuser()

Because of hardcoding name as the 'admin' was impossible to
use administrative panel with a custom administrative role name.
This fix replaces hardcoded the name of the administrative role
with the Horizon settings constant with list of roles.
So, now administrative roles can be multiple.
Related commit: https://review.openstack.org/#/c/123741/

Change-Id: I04277cd50a938f02949ae0e33228e1628197d252
Partial-Bug: #1161144
---
 openstack_auth/user.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/openstack_auth/user.py b/openstack_auth/user.py
index bdcf5ba..2c0687f 100644
--- a/openstack_auth/user.py
+++ b/openstack_auth/user.py
@@ -259,7 +259,12 @@ class User(models.AnonymousUser):
 
         Returns ``True`` or ``False``.
         """
-        return 'admin' in [role['name'].lower() for role in self.roles]
+        admin_roles = [role.lower() for role in getattr(
+            settings,
+            'OPENSTACK_KEYSTONE_ADMIN_ROLES',
+            ['admin'])]
+        user_roles = [role['name'].lower() for role in self.roles]
+        return True if set(admin_roles).intersection(user_roles) else False
 
     @property
     def authorized_tenants(self):
-- 
1.9.1
openSUSE Build Service is sponsored by
Places