Yuvipanda has uploaded a new change for review. https://gerrit.wikimedia.org/r/218127
Change subject: Introduce 'editallhiera' permission ...................................................................... Introduce 'editallhiera' permission People with this permission can edit all Hiera pages Bug: T102389 Change-Id: If8e58eaabbd6fb8d64e83b93ab2b0a2a1bf920b2 (cherry picked from commit a7ec39bfff2865107fab467671b7c798b452df2a) --- M OpenStackManager.php M OpenStackManagerHooks.php M i18n/en.json M i18n/qqq.json 4 files changed, 6 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OpenStackManager refs/changes/27/218127/1 diff --git a/OpenStackManager.php b/OpenStackManager.php index 405b0db..e2abd65 100644 --- a/OpenStackManager.php +++ b/OpenStackManager.php @@ -52,6 +52,7 @@ $wgAvailableRights[] = 'manageglobalpuppet'; $wgAvailableRights[] = 'loginviashell'; $wgAvailableRights[] = 'accessrestrictedregions'; +$wgAvailableRights[] = 'editallhiera'; $wgHooks['UserRights'][] = 'OpenStackNovaUser::manageShellAccess'; $wgHooks['getUserPermissionsErrors'][] = 'OpenStackManagerHooks::getUserPermissionsErrors'; diff --git a/OpenStackManagerHooks.php b/OpenStackManagerHooks.php index 114e900..93b4a75 100644 --- a/OpenStackManagerHooks.php +++ b/OpenStackManagerHooks.php @@ -24,7 +24,7 @@ $result = array( 'openstackmanager-nonovacred-admincreate' ); } $project = $title->getText(); - if ( !$userLDAP->inRole( 'projectadmin', $project ) ) { + if ( !$userLDAP->inRole( 'projectadmin', $project ) && !$this->getUser()->isAllowed( 'editallhiera' ) ) { $result = array( 'openstackmanager-hiera-noadmin', $project ); return false; } diff --git a/i18n/en.json b/i18n/en.json index 3b94263..60efb6a 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -12,6 +12,7 @@ "openstackmanager-badresourcename": "Bad resource name provided.\nResource names start with a-z, and can only contain a-z, 0-9, and - characters.", "action-listall": "display all resource information", "right-listall": "Display all resource information", + "right-editallhiera": "Edit all Hiera: pages", "action-managednsdomain": "manage DNS domains", "action-manageglobalpuppet": "manage global Puppet information", "specialpages-group-nova": "OpenStack Nova", @@ -405,7 +406,7 @@ "openstackmanager-email-body": "The following instance has been created, and is ready to be logged into:", "openstackmanager-twofactorrequired": "Two-factor authentication required", "openstackmanager-twofactorrequired2": "Two-factor authentication is required. Please enable it and try again.", - "openstackmanager-hiera-noadmin": "Only project admins for project $1 can edit this page", + "openstackmanager-hiera-noadmin": "Only global cloudadmins and project admins for project $1 can edit this page", "right-manageproject": "Manage OpenStack projects and roles", "action-manageproject": "manage OpenStack projects and roles", "right-loginviashell": "Login via shell", diff --git a/i18n/qqq.json b/i18n/qqq.json index 71ac6da..d973711 100644 --- a/i18n/qqq.json +++ b/i18n/qqq.json @@ -26,6 +26,7 @@ "openstackmanager-badresourcename": "Used as error message in Special:NovaAddress, Special:NovaInstance, SpecialNova:Project, Special:NovaPuppetGroup and Special:NovaVolume.\n\nThis error is the result of the form validation about the following elements: host name, instance name, project name, puppet group name and volume name.\n\n\"Resource name(s)\" in this message probably refers the above-mentioned \"*name\" elements.", "action-listall": "{{doc-action|listall}}", "right-listall": "{{doc-right|listall}}", + "right-listall": "{{doc-right|editallhiera}}", "action-managednsdomain": "{{doc-action|managednsdomain}}", "action-manageglobalpuppet": "{{doc-action|manageglobalpuppet}}", "specialpages-group-nova": "{{doc-special-group|that=are related to OpenStack Nova|like=[[Special:NovaInstance]], [[Special:NovaKey]], [[Special:NovaProject]], [[Special:NovaDomain]], [[Special:NovaAddress]], [[Special:NovaSecurityGroup]], [[Special:NovaServiceGroup]],[[Special:NovaRole]], [[Special:NovaVolume]], [[Special:NovaSudoer]], [[Special:NovaPuppetGroup]]}}\nThe following special pages are listed as members of this group:\n* {{msg-mw|Novaaddress}}\n* {{msg-mw|Novadomain}}\n* {{msg-mw|Novainstance}}\n* {{msg-mw|Novakey}}\n* {{msg-mw|Novaproject}}\n* {{msg-mw|Novasecuritygroup}}\n* {{msg-mw|Novaservicegroup}}\n* {{msg-mw|Novarole}}\n* {{msg-mw|Novavolume}}\n* {{msg-mw|Novasudoer}}\n* {{msg-mw|Novapuppetgroup}}", @@ -406,7 +407,7 @@ "openstackmanager-email-body": "An instance is a virtual machine. In this particular case, a clone of an image for a virtual machine. [http://docs.openstack.org/diablo/openstack-compute/starter/content/Introduction-d1e2084.html More on OpenStack].", "openstackmanager-twofactorrequired": "A page title that will be shown on error when two factor auth is not enabled", "openstackmanager-twofactorrequired2": "Text shown on error when two factor auth is not enabled", - "openstackmanager-hiera-noadmin": "Error message shown if you try to edit the configuration for a project you are not an administrator of.\n\n$1 is the name of the project you must be an administrator of.", + "openstackmanager-hiera-noadmin": "Error message shown if you try to edit the configuration for a project you are not an administrator of, nor are you cloudadmin.\n\n$1 is the name of the project you must be an administrator of.", "right-manageproject": "{{doc-right|manageproject}}\n\nThis is about OpenStack roles.", "action-manageproject": "{{doc-action|manageproject}}\n\nThis is about OpenStack roles.", "right-loginviashell": "{{doc-right|loginviashell}}\n\nThis is a right needed to be added to a project.", -- To view, visit https://gerrit.wikimedia.org/r/218127 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If8e58eaabbd6fb8d64e83b93ab2b0a2a1bf920b2 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OpenStackManager Gerrit-Branch: wmf/1.26wmf9 Gerrit-Owner: Yuvipanda <yuvipa...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits