Yuvipanda has uploaded a new change for review.
https://gerrit.wikimedia.org/r/218127
Change subject: Introduce 'editallhiera' permission
......................................................................
Introduce 'editallhiera' permission
People with this permission can edit all Hiera pages
Bug: T102389
Change-Id: If8e58eaabbd6fb8d64e83b93ab2b0a2a1bf920b2
(cherry picked from commit a7ec39bfff2865107fab467671b7c798b452df2a)
---
M OpenStackManager.php
M OpenStackManagerHooks.php
M i18n/en.json
M i18n/qqq.json
4 files changed, 6 insertions(+), 3 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OpenStackManager
refs/changes/27/218127/1
diff --git a/OpenStackManager.php b/OpenStackManager.php
index 405b0db..e2abd65 100644
--- a/OpenStackManager.php
+++ b/OpenStackManager.php
@@ -52,6 +52,7 @@
$wgAvailableRights[] = 'manageglobalpuppet';
$wgAvailableRights[] = 'loginviashell';
$wgAvailableRights[] = 'accessrestrictedregions';
+$wgAvailableRights[] = 'editallhiera';
$wgHooks['UserRights'][] = 'OpenStackNovaUser::manageShellAccess';
$wgHooks['getUserPermissionsErrors'][] =
'OpenStackManagerHooks::getUserPermissionsErrors';
diff --git a/OpenStackManagerHooks.php b/OpenStackManagerHooks.php
index 114e900..93b4a75 100644
--- a/OpenStackManagerHooks.php
+++ b/OpenStackManagerHooks.php
@@ -24,7 +24,7 @@
$result = array(
'openstackmanager-nonovacred-admincreate' );
}
$project = $title->getText();
- if ( !$userLDAP->inRole( 'projectadmin', $project ) ) {
+ if ( !$userLDAP->inRole( 'projectadmin', $project ) &&
!$this->getUser()->isAllowed( 'editallhiera' ) ) {
$result = array(
'openstackmanager-hiera-noadmin', $project );
return false;
}
diff --git a/i18n/en.json b/i18n/en.json
index 3b94263..60efb6a 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -12,6 +12,7 @@
"openstackmanager-badresourcename": "Bad resource name
provided.\nResource names start with a-z, and can only contain a-z, 0-9, and -
characters.",
"action-listall": "display all resource information",
"right-listall": "Display all resource information",
+ "right-editallhiera": "Edit all Hiera: pages",
"action-managednsdomain": "manage DNS domains",
"action-manageglobalpuppet": "manage global Puppet information",
"specialpages-group-nova": "OpenStack Nova",
@@ -405,7 +406,7 @@
"openstackmanager-email-body": "The following instance has been
created, and is ready to be logged into:",
"openstackmanager-twofactorrequired": "Two-factor authentication
required",
"openstackmanager-twofactorrequired2": "Two-factor authentication is
required. Please enable it and try again.",
- "openstackmanager-hiera-noadmin": "Only project admins for project $1
can edit this page",
+ "openstackmanager-hiera-noadmin": "Only global cloudadmins and project
admins for project $1 can edit this page",
"right-manageproject": "Manage OpenStack projects and roles",
"action-manageproject": "manage OpenStack projects and roles",
"right-loginviashell": "Login via shell",
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 71ac6da..d973711 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -26,6 +26,7 @@
"openstackmanager-badresourcename": "Used as error message in
Special:NovaAddress, Special:NovaInstance, SpecialNova:Project,
Special:NovaPuppetGroup and Special:NovaVolume.\n\nThis error is the result of
the form validation about the following elements: host name, instance name,
project name, puppet group name and volume name.\n\n\"Resource name(s)\" in
this message probably refers the above-mentioned \"*name\" elements.",
"action-listall": "{{doc-action|listall}}",
"right-listall": "{{doc-right|listall}}",
+ "right-listall": "{{doc-right|editallhiera}}",
"action-managednsdomain": "{{doc-action|managednsdomain}}",
"action-manageglobalpuppet": "{{doc-action|manageglobalpuppet}}",
"specialpages-group-nova": "{{doc-special-group|that=are related to
OpenStack Nova|like=[[Special:NovaInstance]], [[Special:NovaKey]],
[[Special:NovaProject]], [[Special:NovaDomain]], [[Special:NovaAddress]],
[[Special:NovaSecurityGroup]],
[[Special:NovaServiceGroup]],[[Special:NovaRole]], [[Special:NovaVolume]],
[[Special:NovaSudoer]], [[Special:NovaPuppetGroup]]}}\nThe following special
pages are listed as members of this group:\n* {{msg-mw|Novaaddress}}\n*
{{msg-mw|Novadomain}}\n* {{msg-mw|Novainstance}}\n* {{msg-mw|Novakey}}\n*
{{msg-mw|Novaproject}}\n* {{msg-mw|Novasecuritygroup}}\n*
{{msg-mw|Novaservicegroup}}\n* {{msg-mw|Novarole}}\n* {{msg-mw|Novavolume}}\n*
{{msg-mw|Novasudoer}}\n* {{msg-mw|Novapuppetgroup}}",
@@ -406,7 +407,7 @@
"openstackmanager-email-body": "An instance is a virtual machine. In
this particular case, a clone of an image for a virtual machine.
[http://docs.openstack.org/diablo/openstack-compute/starter/content/Introduction-d1e2084.html
More on OpenStack].",
"openstackmanager-twofactorrequired": "A page title that will be shown
on error when two factor auth is not enabled",
"openstackmanager-twofactorrequired2": "Text shown on error when two
factor auth is not enabled",
- "openstackmanager-hiera-noadmin": "Error message shown if you try to
edit the configuration for a project you are not an administrator of.\n\n$1 is
the name of the project you must be an administrator of.",
+ "openstackmanager-hiera-noadmin": "Error message shown if you try to
edit the configuration for a project you are not an administrator of, nor are
you cloudadmin.\n\n$1 is the name of the project you must be an administrator
of.",
"right-manageproject": "{{doc-right|manageproject}}\n\nThis is about
OpenStack roles.",
"action-manageproject": "{{doc-action|manageproject}}\n\nThis is about
OpenStack roles.",
"right-loginviashell": "{{doc-right|loginviashell}}\n\nThis is a right
needed to be added to a project.",
--
To view, visit https://gerrit.wikimedia.org/r/218127
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If8e58eaabbd6fb8d64e83b93ab2b0a2a1bf920b2
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OpenStackManager
Gerrit-Branch: wmf/1.26wmf9
Gerrit-Owner: Yuvipanda <yuvipa...@gmail.com>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
