openstack/horizon
Code Issues Proposed changes

Prevent non-admin users from detaching interfaces

Browse Source 
Remove the option to detach_interface from running instances for
non-admin users.

Change-Id: Id641bde457e8723ace0bc1e49aab2c46b2227485
Closes-bug: #1690790
This commit is contained in:
Abdallah Banishamsa 2017-12-12 09:25:05 -05:00
parent d768502abf
commit c999239fed
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openstack_dashboard/conf/nova_policy.json
View File

@ -26,6 +26,7 @@
"os_compute_api:os-assisted-volume-snapshots:delete": "rule:admin_api", "os_compute_api:os-assisted-volume-snapshots:delete": "rule:admin_api",
"os_compute_api:os-assisted-volume-snapshots:discoverable": "@", "os_compute_api:os-assisted-volume-snapshots:discoverable": "@",
"os_compute_api:os-attach-interfaces": "rule:admin_or_owner", "os_compute_api:os-attach-interfaces": "rule:admin_or_owner",
"os_compute_api:os-attach-interfaces:delete": "rule:admin_or_owner",
"os_compute_api:os-attach-interfaces:discoverable": "@", "os_compute_api:os-attach-interfaces:discoverable": "@",
"os_compute_api:os-availability-zone:list": "rule:admin_or_owner", "os_compute_api:os-availability-zone:list": "rule:admin_or_owner",
"os_compute_api:os-availability-zone:discoverable": "@", "os_compute_api:os-availability-zone:discoverable": "@",

3
openstack_dashboard/dashboards/project/instances/tables.py
View File

@ -958,13 +958,12 @@ class AttachInterface(policy.PolicyTargetMixin, tables.LinkAction):
return urlresolvers.reverse(self.url, args=[instance_id]) return urlresolvers.reverse(self.url, args=[instance_id])
# TODO(lyj): the policy for detach interface not exists in nova.json,
# once it's added, it should be added here.
class DetachInterface(policy.PolicyTargetMixin, tables.LinkAction): class DetachInterface(policy.PolicyTargetMixin, tables.LinkAction):
name = "detach_interface" name = "detach_interface"
verbose_name = _("Detach Interface") verbose_name = _("Detach Interface")
classes = ("btn-confirm", "ajax-modal") classes = ("btn-confirm", "ajax-modal")
url = "horizon:project:instances:detach_interface" url = "horizon:project:instances:detach_interface"
policy_rules = (("compute", "os_compute_api:os-attach-interfaces:delete"),)
def allowed(self, request, instance): def allowed(self, request, instance):
if not api.base.is_service_enabled(request, 'network'): if not api.base.is_service_enabled(request, 'network'):