mgr/dashboard: Various fixes

* Remove scope and permission check from UserPasswordPolicy controller again, otherwise the Angular UI validator can't be executed for users without that privilege.
* Remobe obsolete QA test.

Signed-off-by: Volker Theile <vtheile@suse.com>

diff --git a/qa/tasks/mgr/dashboard/test_user.py b/qa/tasks/mgr/dashboard/test_user.py
index f3ee8863a6730037b3b7e7469019d104248fdf93..83972d93a67c8f04a0da0dc2ad3b9fb287afc1ce 100644 (file)
--- a/qa/tasks/mgr/dashboard/test_user.py
+++ b/qa/tasks/mgr/dashboard/test_user.py
@@ -391,15 +391,10 @@ class UserTest(DashboardTestCase):
         self._ceph_cmd(['dashboard', 'set-user-pwd-expiration-span', '0'])
 
     def test_validate_password_weak(self):
-        data = self._post('/api/user/validate_password', {
+        self._post('/api/user/validate_password', {
             'password': 'mypassword1'
         })
         self.assertStatus(200)
-        self.assertSchema(data, JObj(sub_elems={
-            'valid': JLeaf(bool),
-            'credits': JLeaf(int),
-            'valuation': JLeaf(str)
-        }))
         self.assertJsonBody({
             'valid': True,
             'credits': 11,
@@ -473,11 +468,3 @@ class UserTest(DashboardTestCase):
             'credits': 0,
             'valuation': 'Password must not be the same as the previous one.'
         })
-
-    @DashboardTestCase.RunAs('test', 'test', [{'user': ['read', 'delete']}])
-    def test_validate_password_invalid_permissions(self):
-        self._post('/api/user/validate_password', {
-            'password': 'foo'
-        })
-        self.assertStatus(403)
-        self.assertError(detail='You don\'t have permissions to access that resource')

diff --git a/src/pybind/mgr/dashboard/controllers/user.py b/src/pybind/mgr/dashboard/controllers/user.py
index dfafb4ff71f8b2af31d31a2a6481164b6db5a5f8..688f60082447da4189416330e8bd0396f2b5460b 100644 (file)
--- a/src/pybind/mgr/dashboard/controllers/user.py
+++ b/src/pybind/mgr/dashboard/controllers/user.py
@@ -7,7 +7,7 @@ import time
 
 import cherrypy
 
-from . import BaseController, ApiController, RESTController, Endpoint, CreatePermission
+from . import BaseController, ApiController, RESTController, Endpoint
 from .. import mgr
 from ..exceptions import DashboardException, UserAlreadyExists, \
     UserDoesNotExist, PasswordPolicyException, PwdExpirationDateNotValid
@@ -37,6 +37,7 @@ def validate_password_policy(password, username=None, old_password=None):
 
 @ApiController('/user', Scope.USER)
 class User(RESTController):
+
     @staticmethod
     def _user_to_dict(user):
         result = user.to_dict()
@@ -139,11 +140,10 @@ class User(RESTController):
         return User._user_to_dict(user)
 
 
-@ApiController('/user', Scope.USER)
+@ApiController('/user')
 class UserPasswordPolicy(RESTController):
 
     @Endpoint('POST')
-    @CreatePermission
     def validate_password(self, password, username=None, old_password=None):
         """
         Check if the password meets the password policy.
@@ -173,6 +173,7 @@ class UserPasswordPolicy(RESTController):
 
 @ApiController('/user/{username}')
 class UserChangePassword(BaseController):
+
     @Endpoint('POST')
     def change_password(self, username, old_password, new_password):
         session_username = JwtManager.get_username()