commit e10f120a1d5725ce50dbae667a1d66b1100839b7
Author: Billy Olsen <email address hidden>
Date: Sun Jun 10 23:00:02 2018 -0700
Update keystonev3_policy.json to enable UI buttons
The horizon interface enables/displays actions based on the
keystonev3_policy.json file provided. The keystonev3_policy.json file
included by the charm has rules for various actions that depend on the
target object's domain id (user, group, project). The buttons displayed
for creating and deleting the objects (shown above the tables) are also
based on these policy rules but no target object exists because they are
bound to the table and not a specific target object.
This patch changes some of the policy rules to create/delete users,
projects, and groups to not require the target object's domain_id. This
is safe to do because the table is shown within the context of the
target domain_id already. Additionally, the actual ability to alter
objects is controlled by the actual policy installed in Keystone and not
the Horizon UI.
Without this change, actions such as "Create User" will only show for
a user who is a cloud admin and not for any domain admins (even if the
domain admin is allowed to perform the action via the API or CLI).
Reviewed: https:/ /review. openstack. org/574138 /git.openstack. org/cgit/ openstack/ charm-openstack -dashboard/ commit/ ?id=e10f120a1d5 725ce50dbae667a 1d66b1100839b7
Committed: https:/
Submitter: Zuul
Branch: master
commit e10f120a1d5725c e50dbae667a1d66 b1100839b7
Author: Billy Olsen <email address hidden>
Date: Sun Jun 10 23:00:02 2018 -0700
Update keystonev3_ policy. json to enable UI buttons
The horizon interface enables/displays actions based on the policy. json file provided. The keystonev3_ policy. json file
keystonev3_
included by the charm has rules for various actions that depend on the
target object's domain id (user, group, project). The buttons displayed
for creating and deleting the objects (shown above the tables) are also
based on these policy rules but no target object exists because they are
bound to the table and not a specific target object.
This patch changes some of the policy rules to create/delete users,
projects, and groups to not require the target object's domain_id. This
is safe to do because the table is shown within the context of the
target domain_id already. Additionally, the actual ability to alter
objects is controlled by the actual policy installed in Keystone and not
the Horizon UI.
Without this change, actions such as "Create User" will only show for
a user who is a cloud admin and not for any domain admins (even if the
domain admin is allowed to perform the action via the API or CLI).
Change-Id: Ie0a85e11e6a171 083deb19b0eb26c 7e552390c00
Closes-Bug: #1775224
Closes-Bug: #1775229