Don't load user role assignment or groups tabs for non-admins

As a non admin user, navigate to Identity -> Users. Then click on the
username of your user to go to the detail page.

Only the allowed Overview tab is visible.

The view shows three tabs: Overview, Role assignments, Groups. Click on
either Role assignments or Groups. An error will appear, showing that
the API call is unauthorised, and the table content will fail to load.

This change fixes the issue by conditionally loading the tabs based on
policy.

Closes-Bug: #1920214
Change-Id: Ic8b723e6fd423b96a4f5eff54f9392cee534ed9e
(cherry picked from commit 60cf32031565ed8b4b2a4a39380a060997c9d9e4)

1 files changed, 8 insertions, 0 deletions

diff --git a/openstack_dashboard/dashboards/identity/users/tabs.py b/openstack_dashboard/dashboards/identity/users/tabs.py
index 30bcd0a3d..fe8fa3ba6 100644
--- a/openstack_dashboard/dashboards/identity/users/tabs.py
+++ b/openstack_dashboard/dashboards/identity/users/tabs.py
@@ -90,6 +90,10 @@ class RoleAssignmentsTab(tabs.TableTab):
     template_name = "horizon/common/_detail_table.html"
     preload = False
 
+    def allowed(self, request):
+        return policy.check((("identity", "identity:list_role_assignments"),),
+                            self.request)
+
     def get_roleassignmentstable_data(self):
         user = self.tab_group.kwargs['user']
 
@@ -136,6 +140,10 @@ class GroupsTab(tabs.TableTab):
     template_name = "horizon/common/_detail_table.html"
     preload = False
 
+    def allowed(self, request):
+        return policy.check((("identity", "identity:list_groups"),),
+                            self.request)
+
     def get_groupstable_data(self):
         user_groups = []
         user = self.tab_group.kwargs['user']