yahoo-eng-team team mailing list archive

[OpenStack Infra <1579111@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/339110
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=6b9dc6ac560ef68e702e405d3653ff204cb88740
Submitter: Jenkins
Branch:    master

commit 6b9dc6ac560ef68e702e405d3653ff204cb88740
Author: Luis Daniel Castellanos <luis.daniel.castellanos@xxxxxxxxx>
Date:   Thu Jul 7 11:06:45 2016 -0500

    Added policy checks for Project>Volumes Panel
    
    Before if a user/operator wanted to restrict access to the Volumes
    Panel via the policy.json file by setting these values to:
    "volume:get_all": "rule:context_is_admin"
    nothing happened after restarting horizon.
    This patch adds the policy checks so the access to the Volumes panel
    be restricted by changing the cinder_policy.json file
    
    Change-Id: Ibc53be505a053353062c03ea5d31e9fd800a5dcb
    Closes-Bug: #1579111


** Changed in: horizon
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1579111

Title:
  Project/Volumes page do not respect policy.json value

Status in OpenStack Dashboard (Horizon):
  Fix Released

Bug description:
  Let's assume that user/operator wants to restrict access to the Volumes page via policy.json file. 
  Looks like the best way to do it is to set '"volume:get_all": ["rule:context_is_admin"],' in cinder_policy.json file.
  But if we do so and restart Horizon - nothing happens. 
  Volumes panel has following restrictions:
  permissions = ('openstack.services.volume', 'openstack.services.volumev2'),

  Looks like we need to add some policy checks for this panel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1579111/+subscriptions