fix replicate issue

This commit is contained in:
Wenkai Yin 2017-07-20 16:27:58 +08:00
parent aa681eb018
commit 2e427bffe2
9 changed files with 54 additions and 4 deletions

View File

@ -64,6 +64,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
return s.ctx.IsSysAdmin()
}
// IsSolutionUser ...
func (s *SecurityContext) IsSolutionUser() bool {
return false
}
// HasReadPerm returns whether the user has read permission to the project
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
public, err := s.pm.IsPublic(projectIDOrName)

View File

@ -26,6 +26,8 @@ type Context interface {
GetUsername() string
// IsSysAdmin returns whether the user is system admin
IsSysAdmin() bool
// IsSolutionUser returns whether the user is solution user
IsSolutionUser() bool
// HasReadPerm returns whether the user has read permission to the project
HasReadPerm(projectIDOrName interface{}) bool
// HasWritePerm returns whether the user has write permission to the project

View File

@ -59,6 +59,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
return s.user.HasAdminRole == 1
}
// IsSolutionUser ...
func (s *SecurityContext) IsSolutionUser() bool {
return false
}
// HasReadPerm returns whether the user has read permission to the project
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
// public project

View File

@ -186,6 +186,11 @@ func TestIsSysAdmin(t *testing.T) {
assert.True(t, ctx.IsSysAdmin())
}
func TestIsSolutionUser(t *testing.T) {
ctx := NewSecurityContext(nil, nil)
assert.False(t, ctx.IsSolutionUser())
}
func TestHasReadPerm(t *testing.T) {
// public project
ctx := NewSecurityContext(nil, pm)

View File

@ -65,6 +65,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
return false
}
// IsSolutionUser ...
func (s *SecurityContext) IsSolutionUser() bool {
return s.IsAuthenticated()
}
// HasReadPerm returns true if the corresponding user of the secret
// is jobservice, otherwise returns false
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {

View File

@ -77,6 +77,24 @@ func TestIsSysAdmin(t *testing.T) {
assert.False(t, isSysAdmin)
}
func TestIsSolutionUser(t *testing.T) {
// invalid secret
context := NewSecurityContext("invalid_secret",
secret.NewStore(map[string]string{
"secret": "username",
}))
isSolutionUser := context.IsSolutionUser()
assert.False(t, isSolutionUser)
// valid secret
context = NewSecurityContext("secret",
secret.NewStore(map[string]string{
"secret": "username",
}))
isSolutionUser = context.IsSolutionUser()
assert.True(t, isSolutionUser)
}
func TestHasReadPerm(t *testing.T) {
// secret store is null
context := NewSecurityContext("", nil)

View File

@ -212,8 +212,10 @@ func getProject(name string) (*models.Project, error) {
return nil, err
}
req.URL.Query().Set("name", name)
req.URL.Query().Encode()
q := req.URL.Query()
q.Set("name", name)
req.URL.RawQuery = q.Encode()
req.AddCookie(&http.Cookie{
Name: models.UISecretCookie,
Value: config.JobserviceSecret(),
@ -231,6 +233,11 @@ func getProject(name string) (*models.Project, error) {
return nil, err
}
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("failed to get project %s: %d %s",
name, resp.StatusCode, string(data))
}
list := []*models.Project{}
if err = json.Unmarshal(data, &list); err != nil {
return nil, err
@ -308,7 +315,7 @@ func (c *Checker) createProject(project *models.Project) error {
}
func buildProjectURL() string {
return strings.TrimRight(config.LocalUIURL(), "/") + "/api/projects/"
return strings.TrimRight(config.LocalUIURL(), "/") + "/api/projects"
}
// ManifestPuller pulls the manifest of a tag. And if no tag needs to be pulled,

View File

@ -286,7 +286,7 @@ func (p *ProjectAPI) List() {
// not login, only get public projects
base.Public = true
} else {
if !p.SecurityCtx.IsSysAdmin() {
if !(p.SecurityCtx.IsSysAdmin() || p.SecurityCtx.IsSolutionUser()) {
// login, but not system admin, get public projects and
// projects that the user is member of
base.Member = p.SecurityCtx.GetUsername()

View File

@ -217,6 +217,9 @@ func (f *fakeSecurityContext) GetUsername() string {
func (f *fakeSecurityContext) IsSysAdmin() bool {
return f.isAdmin
}
func (f *fakeSecurityContext) IsSolutionUser() bool {
return false
}
func (f *fakeSecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
return false
}