diff options
| author | Vishvananda Ishaya <vishvananda@gmail.com> | 2010-08-10 18:04:23 -0700 |
|---|---|---|
| committer | Vishvananda Ishaya <vishvananda@gmail.com> | 2010-08-10 18:04:23 -0700 |
| commit | cff3cccc342c7d09cd2ec6c95431e1b373eba620 (patch) | |
| tree | b0826071da09eed60c57041c62d54aeff8343d3a | |
| parent | 19b9164c4eaae0c2c9144f9e839fbafcac7c3ed3 (diff) | |
| download | nova-cff3cccc342c7d09cd2ec6c95431e1b373eba620.tar.gz nova-cff3cccc342c7d09cd2ec6c95431e1b373eba620.tar.xz nova-cff3cccc342c7d09cd2ec6c95431e1b373eba620.zip | |
change get_roles to have a flag for project_roles or not. Don't show 'projectmanager' in list of roles
| -rw-r--r-- | nova/auth/manager.py | 15 | ||||
| -rw-r--r-- | nova/tests/auth_unittest.py | 2 |
2 files changed, 7 insertions, 10 deletions
diff --git a/nova/auth/manager.py b/nova/auth/manager.py index e338dfc83..064fd78bc 100644 --- a/nova/auth/manager.py +++ b/nova/auth/manager.py @@ -463,19 +463,18 @@ class AuthManager(object): with self.driver() as drv: drv.remove_role(User.safe_id(user), role, Project.safe_id(project)) - def get_roles(self): + def get_roles(self, project_roles=True): """Get list of allowed roles""" - return FLAGS.allowed_roles + if project_roles: + return list(set(FLAGS.allowed_roles) - set(FLAGS.global_roles)) + else: + return FLAGS.allowed_roles def get_user_roles(self, user, project=None): """Get user global or per-project roles""" - roles = [] with self.driver() as drv: - roles = drv.get_user_roles(User.safe_id(user), - Project.safe_id(project)) - if project is not None and self.is_project_manager(user, project): - roles.append('projectmanager') - return roles + return drv.get_user_roles(User.safe_id(user), + Project.safe_id(project)) def get_project(self, pid): """Get project object by id""" diff --git a/nova/tests/auth_unittest.py b/nova/tests/auth_unittest.py index 2d99c8e36..0b404bfdc 100644 --- a/nova/tests/auth_unittest.py +++ b/nova/tests/auth_unittest.py @@ -186,11 +186,9 @@ class AuthTestCase(test.BaseTestCase): roles = self.manager.get_user_roles(user) self.assertTrue('sysadmin' in roles) self.assertFalse('netadmin' in roles) - self.assertFalse('projectmanager' in roles) project_roles = self.manager.get_user_roles(user, project) self.assertTrue('sysadmin' in project_roles) self.assertTrue('netadmin' in project_roles) - self.assertTrue('projectmanager' in project_roles) # has role should be false because global role is missing self.assertFalse(self.manager.has_role(user, 'netadmin', project)) |