[dashboard] Disabled packages are browsed in App catalog

I investigated and found that the murano dashboard calls up the murano api endpoint's "search" function to retrieve a list of active packages.

Unfortunately, the "enabled" attribute of a package is not one of the supported parameters. Moreover, the murano dashboard's admin listing of packages (which calls the "search" function) needs to return all packages, enabled or not. However, the application catalog's listing (which also calls the same "search" function) needs to filter out the disabled packages.

We can add an "enabled" parameter, but then the question becomes one of how to we keep the parameter only exposed to admins while ignoring it for other users. We can support the parameter, but ignore it if it's passed by someone not allowed to pass it. However, this will still mean that admin users will still see all packages, enabled or not, in the application catalog.

Another solution would be to provide separate search functions for admin users and for regular users. Regular users would always get only enabled packages while admin users would be able to pass in a flag for filtering packages by their status.

Any thoughts?

Ankur, thank you for investigation,
now we use this parameter just for filter non active applications, when user want to deploy new application. Some application can be not ready for deployment and user want to know what applications can be successfully deployed.

Well, by design admin user is able to browse even disabled applications. Do we need to show all applications not only in Package Definitions but in App catalog?
For now non-admin users are not seen disabled packages
        query = session.query(pkg).filter(or_((pkg.is_public & pkg.enabled),
                                              pkg.owner_id == context.tenant))

We can add enabled to supported params in this bug, and browsing only enabled categories with separete view - in 0.6 What do you think?

I'd suggest to add an additional search query parameter 'disabled=false|true' which has meaning only for admin users. Then UI could obtain list of packages in Manage panel group using url '.../search?disabled=true' - and that will return even packages that are disabled. But an AppCatalog panel won't specify 'disabled' option in its search query, thus default value 'disabled=false' will be used, effectively hiding disabled applications from AppCatalog.

Fix proposed to branch: master
Review: https://review.openstack.org/89721

Fix proposed to branch: master
Review: https://review.openstack.org/89722

Fix proposed to branch: master
Review: https://review.openstack.org/90181

Fix proposed to branch: master
Review: https://review.openstack.org/90185

I've revised my changes to do the following:

https://review.openstack.org/89721 changes the murano-api in the following ways:
- add a new include_disabled parameter to the package search
- if include_disabled specified by admin, all packages including disabled packages are returned
- if include_disabled specified by non-admin, only disabled packages owned by current tenant are returned (in addition to enabled, public packages and enabled private packages owned by current tenant)

https://review.openstack.org/90181 changes the murano client in the following ways:
- list function takes optional 'include_disabled' parameter
- 'include_disabled' parameter is false, by default

https://review.openstack.org/90185 changes the murano dashboard page for listing editable packages in the following way:
- if an admin loads the page, they see all packages, enabled or disabled, from all users
- if a non-admin loads the page, they only see packages that they own

Reviewed: https://review.openstack.org/89721
Committed: https://git.openstack.org/cgit/stackforge/murano-api/commit/?id=8b718d0621c3182283a7e9329d4acc317149b06a
Submitter: Jenkins
Branch: master

commit 8b718d0621c3182283a7e9329d4acc317149b06a
Author: Ankur Rishi <email address hidden>
Date: Tue Apr 22 16:59:27 2014 -0700

    Add include_disabled param to pkg search

    Currently, the api endpoint function for listing
    packages returns all packages by default. This
    commit adds a new 'include_disabled' parameter
    which, when specified by an admin as 'True',
    results in the packages search results including
    disabled packages from all users in addition to
    all enabled packages.

    When the include_disabled parameter is specified
    'True' by non-admins, the search will include
    both all enabled packages (public and owned), plus
    only the disabled packages owned by the searcher.

    If a non-admin specifies 'True' for the
    include_disabled paramater AND also specifies
    the 'owned' parameter, then the non-admin gets
    all of their own packages, public and private,
    both enabled and disabled.

    This commit effectively disables the 'owned'
    parameter for admin users. It is the only way
    to make the package search API function
    usable for both generating views of packages
    for deployment as well as views of packages
    for editing packages.

    Change-Id: I28dfc49e1559dd9f0a87b89936df3e4b5c938264
    Partial-Bug: #1307963

Reviewed: https://review.openstack.org/90181
Committed: https://git.openstack.org/cgit/stackforge/python-muranoclient/commit/?id=aa7679f2ff7e2e15a96f25d33e89b2ffd8bf7420
Submitter: Jenkins
Branch: master

commit aa7679f2ff7e2e15a96f25d33e89b2ffd8bf7420
Author: Ankur Rishi <email address hidden>
Date: Thu Apr 24 11:28:14 2014 -0700

    for pkg list, make include_disabled default False

    Change-Id: I78fe3e0ced243070ae9759dccc1792cb04b94d3b
    Partial-Bug: #1307963

Fix proposed to branch: release-0.5
Review: https://review.openstack.org/90953

Reviewed: https://review.openstack.org/90185
Committed: https://git.openstack.org/cgit/stackforge/murano-dashboard/commit/?id=4c8a799dcd420f4c674cb99fb9ed948a508ec0e7
Submitter: Jenkins
Branch: master

commit 4c8a799dcd420f4c674cb99fb9ed948a508ec0e7
Author: Ankur Rishi <email address hidden>
Date: Thu Apr 24 11:21:38 2014 -0700

    Pkg definition page should show owned pkgs for non-admins

    Currently, the package definitions page shows
    all packages to all users. This needs to be
    changed so that only admins see all packages
    on the package definition page while non-admins
    see only their own packages on the package
    definition page.

    This is needed for the bugfix in that we want the
    api search function to be able to return only
    packages that are deployable by the current
    tenant* in some situations while, in other
    situations, to return a list of packages
    appropriate for package editing views.

    * 'deployable by the current' tenant means enabled
    packages that are (a) public or (b) owned by the
    current user.

    Change-Id: I3032ba7756c150eeb8942a5991dd69ea153dad28
    Partial-Bug: #1307963

Reviewed: https://review.openstack.org/90953
Committed: https://git.openstack.org/cgit/stackforge/python-muranoclient/commit/?id=0caacfbb8547dce79d028d49e9531e25d3621420
Submitter: Jenkins
Branch: release-0.5

commit 0caacfbb8547dce79d028d49e9531e25d3621420
Author: Ankur Rishi <email address hidden>
Date: Thu Apr 24 11:28:14 2014 -0700

    for pkg list, make include_disabled default False

    Change-Id: I78fe3e0ced243070ae9759dccc1792cb04b94d3b
    Partial-Bug: #1307963

Verified. Non-admin users could not see disabled packages in App Catalog and Package Definition pages.

This bug is still open for non-admin users

not reproduced on my environment.