c339189b44
Switch to using the self-contained django_openstack_auth
package which is a proper django.contrib.auth pluggable
backend.
Notable functional improvements include:
* Better overall security via use of standard Django
auth code (well-vetted by security experts).
* Token expiration checking.
* User "enabled" attribute checking.
* Support for full range of Django auth attributes
such as is_anonymous, is_active, is_superuser, etc.
* Improved hooks for RBAC/permission-based acess control.
Regarding the RBAC/permission-based access control, this
patch moves all "role" and "service"-oriented checks to
permission checks. This will make transitioning to
policy-driven checking much easier once that fully lands
in OpenStack.
Implements blueprint move-keystone-support-to-django-auth-backend
Change-Id: I4f3112af797aff8c4c5e9930c6ca33a70e45589d
38 lines
1.1 KiB
Python
38 lines
1.1 KiB
Python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright 2012 Nebula, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from django.utils.translation import ugettext_lazy as _
|
|
|
|
import horizon
|
|
|
|
|
|
class SystemPanels(horizon.PanelGroup):
|
|
slug = "syspanel"
|
|
name = _("System Panel")
|
|
panels = ('overview', 'instances', 'volumes', 'services', 'flavors',
|
|
'images', 'projects', 'users', 'quotas',)
|
|
|
|
|
|
class Syspanel(horizon.Dashboard):
|
|
name = _("Admin")
|
|
slug = "syspanel"
|
|
panels = (SystemPanels,)
|
|
default_panel = 'overview'
|
|
permissions = ('openstack.roles.admin',)
|
|
|
|
|
|
horizon.register(Syspanel)
|