[MediaWiki-commits] [Gerrit] Add an wgOpenStackManagerRestrictedRegions option - change (mediawiki...OpenStackManager)

Thu, 27 Feb 2014 22:53:22 -0800 

Ryan Lane has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/116063

Change subject: Add an wgOpenStackManagerRestrictedRegions option
......................................................................

Add an wgOpenStackManagerRestrictedRegions option

This change adds an wgOpenStackManagerRestrictedRegions option
to restrict a list of users in a group that is granted the
accessrestrictedregions right.

Change-Id: Ia097f9627ce334d4d9559bf9fac9393544d601ac
---
M OpenStackManager.php
M nova/OpenStackNovaController.php
2 files changed, 9 insertions(+), 0 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OpenStackManager 
refs/changes/63/116063/1

diff --git a/OpenStackManager.php b/OpenStackManager.php
index 1d27855..99bb8e5 100644
--- a/OpenStackManager.php
+++ b/OpenStackManager.php
@@ -37,6 +37,7 @@
 $wgAvailableRights[] = 'managednsdomain';
 $wgAvailableRights[] = 'manageglobalpuppet';
 $wgAvailableRights[] = 'loginviashell';
+$wgAvailableRights[] = 'accessrestrictedregions';
 
 $wgHooks['UserRights'][] = 'OpenStackNovaUser::manageShellAccess';
 
@@ -139,6 +140,9 @@
 // will be deemed stale
 $wgPuppetInterval = 1440;
 
+// A list of regions restricted to a group by right
+$wgOpenStackManagerRestrictedRegions = array();
+
 $dir = dirname( __FILE__ ) . '/';
 
 $wgExtensionMessagesFiles['OpenStackManager'] = $dir . 
'OpenStackManager.i18n.php';
diff --git a/nova/OpenStackNovaController.php b/nova/OpenStackNovaController.php
index e89fdea..729ca82 100644
--- a/nova/OpenStackNovaController.php
+++ b/nova/OpenStackNovaController.php
@@ -83,6 +83,8 @@
 
        function getRegions( $service ) {
                global $wgMemc;
+               global $wgUser;
+               global $wgOpenStackManagerRestrictedRegions;
 
                // We need to ensure the project token has been
                // fetched before we can get the regions.
@@ -94,6 +96,9 @@
                        foreach ( $serviceCatalog as $entry ) {
                                if ( $entry->type === "identity" ) {
                                        foreach ( $entry->endpoints as 
$endpoint ) {
+                                               if ( !$wgUser->isAllowed( 
'accessrestrictedregions' ) && in_array( $wgOpenStackManagerRestrictedRegions, 
$endpoint->region ) ) {
+                                                       continue;
+                                               }
                                                $regions[] = $endpoint->region;
                                        }
                                }

-- 
To view, visit https://gerrit.wikimedia.org/r/116063
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia097f9627ce334d4d9559bf9fac9393544d601ac
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OpenStackManager
Gerrit-Branch: master
Gerrit-Owner: Ryan Lane <rl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to