Fix project_user role permissions 99/7999/6
authordelacruzramo <pedro.delacruzramos@altran.com>
Mon, 30 Sep 2019 13:50:52 +0000 (15:50 +0200)
committerdelacruzramo <pedro.delacruzramos@altran.com>
Wed, 2 Oct 2019 07:42:06 +0000 (09:42 +0200)
Change-Id: If10f6b77d468535516dcd8bdffb712b98cec2c61
Signed-off-by: delacruzramo <pedro.delacruzramos@altran.com>
osm_nbi/resources_to_operations.yml
osm_nbi/roles_to_operations.yml

index c2fb289..0c39fe3 100644 (file)
@@ -341,7 +341,7 @@ resources_to_operations:
   "GET /nsilcm/v1/netslice_instances_content": "slice_instances:get"
   "GET /nsilcm/v1/netslice_instances": "slice_instances:get"
 
-  "POST /nsilcm/v1/netslice_instances_content": "slice_instances:content:get"
+  "POST /nsilcm/v1/netslice_instances_content": "slice_instances:content:post"
 
   "GET /nsilcm/v1/netslice_instances_content/<SliceInstanceId>": "slice_instances:id:get"
   "GET /nsilcm/v1/netslice_instances/<SliceInstanceId>": "slice_instances:id:get"
index 916f09e..cdb99d6 100644 (file)
@@ -53,6 +53,10 @@ roles:
 # NOTE 2: The default <OPERATION> tag can be overridden by using more specific tags
 #         with a different value.
 #
+# The 'force', 'public' and 'set_project' operation tags (respectively allowing/denying
+# the use of the query-strings FORCE, PUBLIC and SET_PROJECT), take by default the
+# value specified by the tag 'default' (false if not specified).
+#
 # The node <OPERATION> tag is defined by using an internal node of the tree, i.e.
 # "nsds", "users:id". A node <OPERATION> tag will affect all the nodes and leafs
 # beneath it. It can be used to override a default <OPERATION> tag.
@@ -82,6 +86,7 @@ roles:
     permissions:
         default:  false
         admin:    false
+        force:    true
         tokens:   true
         users:    true
         projects: true
@@ -89,52 +94,52 @@ roles:
 
   - name: "project_admin"
     permissions:
-        default: true
-        # Users
-        users:post:      false
-        users:id:patch:  false
-        users:id:delete: false
-        users:id:put:    false
-        # Projects
+        default:  true
+        admin:    false
+        users:    false
         projects: false
-        # Roles
         roles:    false
 
   - name: "project_user"
     permissions:
-        default: true
-        # NS Instances
-        ns_instances: false
-        ns_instances:get: true
-        # VNF Instances
-        vnf_instances: false
-        # Users
-        users: false
-        users:id:get: true
-        users:id:put: true
-        users:id:patch: true
-        # Projects
+        default:     false
+        admin:       false
+        force:       false
+        public:      true
+        set_project: true
+        vnf_packages:    true
+        ns_descriptors:  true
+        slice_templates: true
+        ns_instances:    true
+        vnf_instances:   true
+        slice_instances: true
+        users:    false
         projects: false
+        roles:    false
         # VIMs
-        vims: false
-        vims:get: true
+        vims:        false
+        vims:get:    true
         vims:id:get: true
         # VIM Accounts
-        vim_accounts: false
-        vim_accounts:get: true
+        vim_accounts:        false
+        vim_accounts:get:    true
         vim_accounts:id:get: true
         # SDN Controllers
-        sdn_controllers: false
-        sdn_controllers:get: true
+        sdn_controllers:        false
+        sdn_controllers:get:    true
         sdn_controllers:id:get: true
         # WIMs
-        wims: false
-        wims:get: true
+        wims:        false
+        wims:get:    true
         wims:id:get: true
         # WIM Accounts
-        wim_accounts: false
-        wim_accounts:get: true
+        wim_accounts:        false
+        wim_accounts:get:    true
         wim_accounts:id:get: true
+        # PDUs
+        pduds:        false
+        pduds:get:    true
+        pduds:id:get: true
 
   - name: "anonymous"
     permissions: