def get_all_permissions(self, user, obj=None): """Returns a set of permission strings that the user has. This permission available to the user is derived from the user's Keystone "roles". The permissions are returned as ``"openstack.{{ role.name }}"``. """ if user.is_anonymous() or obj is not None: return set() # TODO(gabrielhurley): Integrate policy-driven RBAC # when supported by Keystone. role_perms = { utils.get_role_permission(role['name']) for role in user.roles } services = [] for service in user.service_catalog: try: service_type = service['type'] except KeyError: continue service_regions = [ utils.get_endpoint_region(endpoint) for endpoint in service.get('endpoints', []) ] if user.services_region in service_regions: services.append(service_type.lower()) service_perms = { "openstack.services.%s" % service for service in services } return role_perms | service_perms
def get_all_permissions(self, user, obj=None): """Returns a set of permission strings that the user has. This permission available to the user is derived from the user's Keystone "roles". The permissions are returned as ``"openstack.{{ role.name }}"``. """ if user.is_anonymous() or obj is not None: return set() # TODO(gabrielhurley): Integrate policy-driven RBAC # when supported by Keystone. role_perms = {utils.get_role_permission(role['name']) for role in user.roles} services = [] for service in user.service_catalog: try: service_type = service['type'] except KeyError: continue service_regions = [utils.get_endpoint_region(endpoint) for endpoint in service.get('endpoints', [])] if user.services_region in service_regions: services.append(service_type.lower()) service_perms = {"openstack.services.%s" % service for service in services} return role_perms | service_perms
def available_services_regions(self): """Returns list of unique region name values in service catalog.""" regions = [] if self.service_catalog: for service in self.service_catalog: service_type = service.get('type') if service_type is None or service_type == 'identity': continue for endpoint in service.get('endpoints', []): region = utils.get_endpoint_region(endpoint) if region not in regions: regions.append(region) return regions