Add policy middleware, use it in requests tab

46d06df9 · Szabolcs Gelencser · 6676d3c2 · 46d06df9 · 46d06df9 · 46d06df9
Commit 46d06df9 authored Apr 03, 2018 by Szabolcs Gelencser
6 changed files
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
--- a/circle/circle/middleware.py
+++ b/circle/circle/middleware.py
+class PolicyMiddleware(object):
+    def process_request(self, request):
+        user = request.user
+        if hasattr(user, 'project_id'):
+            setattr(user, 'permissions', {})
+            from django.utils.module_loading import import_string
+            check = import_string("openstack_auth.policy.check")
+            has_perm_request_decide = check((("circle", "request:decide"),), request,
+                                            {'project_id': user.project_id})
+            user.permissions["request_decide"] = has_perm_request_decide
\ No newline at end of file
--- a/circle/circle/os_policies/circle_policy.json
+++ b/circle/circle/os_policies/circle_policy.json
 {
-  "admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or  project_id:%(project_id)s",
+  "admin": "is_admin:True or (role:admin and is_admin_project:True)",
+  "owner": "project_id:%(project_id)s",
+  "circle_admin": "role:circle_admin and project_id:%(project_id)s",
-  "template:create": "rule:admin_or_owner"
+  "template:create": "rule:admin or rule:owner or rule:circle_admin",
+  "request:decide": "rule:admin or rule:circle_admin"
 }
\ No newline at end of file
--- a/circle/circle/settings/base.py
+++ b/circle/circle/settings/base.py
@@ -336,6 +336,7 @@ MIDDLEWARE_CLASSES = (
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'circle.middleware.PolicyMiddleware'
 )
 ########## END MIDDLEWARE CONFIGURATION
@@ -580,4 +581,4 @@ DEFAULT_SUBNETPOOL_PREFIXES = (
 )
 DEFAULT_SUBNETPOOL_PREFIX_LEN = 20
-OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="bme"
+OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="Default"
\ No newline at end of file
--- a/circle/dashboard/templates/dashboard/base.html
+++ b/circle/dashboard/templates/dashboard/base.html
@@ -49,13 +49,15 @@
  {#        <span class="hidden-sm">{% trans "Network" %}</span>#}
  {#      </a>#}
  {#    </li>#}
-  {#    <li>#}
+  {% if view.request.user.permissions.request_decide %}
-  {#      <a href="{% url "request.views.request-list" %}">#}
+      <li>
-  {#        <i class="fa fa-phone"></i>#}
+        <a href="{% url "request.views.request-list" %}">
-  {#        <span class="hidden-sm">{% trans "Requests" %}</span>#}
+          <i class="fa fa-phone"></i>
-  {#      </a>#}
+          <span class="hidden-sm">{% trans "Requests" %}</span>
-  {#    </li>#}
+        </a>
-  {#    {% endif %}#}
+      </li>
+  {% endif %}
+{#      {% endif %}#}
  {#      <li>#}
  {#        <a href="{% url "dashboard.views.profile-preferences" %}">#}

--- a/circle/request/migrations/0005_auto_20180403_1342.py
+++ b/circle/request/migrations/0005_auto_20180403_1342.py
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.6 on 2018-04-03 11:42
+from __future__ import unicode_literals
+from django.db import migrations
+class Migration(migrations.Migration):
+    dependencies = [
+        ('request', '0004_auto_20150629_1605'),
+    ]
+    operations = [
+        migrations.AlterModelOptions(
+            name='request',
+            options={'permissions': (('can_decide_request', 'Can decide to accept/decline request'),)},
+        ),
+    ]