Brings across role based nova resource checks for index, show and delete and adds an additional role based test for index the confirms resources are / are not filtered automatically by location when appropriate.
NOTE: the index filtering by location in Nova doesn't actually prevent those users from interacting with resources that are in different locations. To properly enforce that a new permission is needed and all of the policies need to become smarter. Here's how I'd do it:
create a new "all locations" permission that is added to the roles that shouldn't be location restricted
modify policies for any model that is location aware to check the user has the permission for the action and user has the "all locations" permission OR the user has access to the location the model is in
Edit: If you go this route, the index location filtering in Nova could change from a role based exclusion to a permission based exclusion. If the user has the "all locations" permission, the location filtering isn't applied.
Brings across role based nova resource checks for index, show and delete and adds an additional role based test for index the confirms resources are / are not filtered automatically by location when appropriate.
NOTE: the index filtering by location in Nova doesn't actually prevent those users from interacting with resources that are in different locations. To properly enforce that a new permission is needed and all of the policies need to become smarter. Here's how I'd do it:
Edit: If you go this route, the index location filtering in Nova could change from a role based exclusion to a permission based exclusion. If the user has the "all locations" permission, the location filtering isn't applied.