Hi Timur, To get quotas we need to retrieve project information from the Keystone. Unfortunately, Keystone set "admin_required" rule by default [1] in their API. We can handle it and raise 403 if Keystone return this error only. [1] https://github.com/openstack/keystone/blob/master/etc/policy.json#L37 Regards, Ivan Kolodyazhny On Mon, Sep 14, 2015 at 1:49 PM, Timur Sufiev <tsufiev at mirantis.com> wrote: > Hi all! > > It seems that recent changes in Cinder policies [1] forbade non-admin > users to see the disk quotas. Yet the volume creation is allowed for > non-admins, which effectively means that from now on a volume creation in > Horizon is free for non-admins (as soon as quotas:show rule is propagated > into Horizon policies). Along with understanding that this is not a desired > UX for Volumes panel in Horizon, I know as well that [1] wasn't responsible > for this quota behavior change on its own. It merely tried to alleviate the > situation caused by [2], which changed the requirements of quota show being > authorized. From this point I'm starting to sense that my knowledge of > Cinder and Keystone (because the hierarchical feature is involved) is > insufficient to suggest the proper solution from the Horizon point of view. > Yet hiding quota values from non-admin users makes no sense to me. > Suggestions? > > [1] https://review.openstack.org/#/c/219231/7/etc/cinder/policy.json line > 36 > [2] > https://review.openstack.org/#/c/205369/29/cinder/api/contrib/quotas.py line > 135 > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150916/8dc34251/attachment.html>