fix replicate issue

2024-06-20 11:55:06 +02:00 · 2017-07-20 16:27:58 +08:00 · 2017-07-20 16:27:58 +08:00 · 2e427bffe2
commit 2e427bffe2
parent aa681eb018
9 changed files with 54 additions and 4 deletions
--- a/src/common/security/admiral/context.go
+++ b/src/common/security/admiral/context.go
@ -64,6 +64,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
 	return s.ctx.IsSysAdmin()
 }

+// IsSolutionUser ...
+func (s *SecurityContext) IsSolutionUser() bool {
+	return false
+}
+
 // HasReadPerm returns whether the user has read permission to the project
 func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
 	public, err := s.pm.IsPublic(projectIDOrName)
--- a/src/common/security/context.go
+++ b/src/common/security/context.go
@ -26,6 +26,8 @@ type Context interface {
 	GetUsername() string
 	// IsSysAdmin returns whether the user is system admin
 	IsSysAdmin() bool
+	// IsSolutionUser returns whether the user is solution user
+	IsSolutionUser() bool
 	// HasReadPerm returns whether the user has read permission to the project
 	HasReadPerm(projectIDOrName interface{}) bool
 	// HasWritePerm returns whether the user has write permission to the project
--- a/src/common/security/local/context.go
+++ b/src/common/security/local/context.go
@ -59,6 +59,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
 	return s.user.HasAdminRole == 1
 }

+// IsSolutionUser ...
+func (s *SecurityContext) IsSolutionUser() bool {
+	return false
+}
+
 // HasReadPerm returns whether the user has read permission to the project
 func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
 	// public project
--- a/src/common/security/local/context_test.go
+++ b/src/common/security/local/context_test.go
@ -186,6 +186,11 @@ func TestIsSysAdmin(t *testing.T) {
 	assert.True(t, ctx.IsSysAdmin())
 }

+func TestIsSolutionUser(t *testing.T) {
+	ctx := NewSecurityContext(nil, nil)
+	assert.False(t, ctx.IsSolutionUser())
+}
+
 func TestHasReadPerm(t *testing.T) {
 	// public project
 	ctx := NewSecurityContext(nil, pm)
--- a/src/common/security/secret/context.go
+++ b/src/common/security/secret/context.go
@ -65,6 +65,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
 	return false
 }

+// IsSolutionUser ...
+func (s *SecurityContext) IsSolutionUser() bool {
+	return s.IsAuthenticated()
+}
+
 // HasReadPerm returns true if the corresponding user of the secret
 // is jobservice, otherwise returns false
 func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
--- a/src/common/security/secret/context_test.go
+++ b/src/common/security/secret/context_test.go
@ -77,6 +77,24 @@ func TestIsSysAdmin(t *testing.T) {
 	assert.False(t, isSysAdmin)
 }

+func TestIsSolutionUser(t *testing.T) {
+	// invalid secret
+	context := NewSecurityContext("invalid_secret",
+		secret.NewStore(map[string]string{
+			"secret": "username",
+		}))
+	isSolutionUser := context.IsSolutionUser()
+	assert.False(t, isSolutionUser)
+
+	// valid secret
+	context = NewSecurityContext("secret",
+		secret.NewStore(map[string]string{
+			"secret": "username",
+		}))
+	isSolutionUser = context.IsSolutionUser()
+	assert.True(t, isSolutionUser)
+}
+
 func TestHasReadPerm(t *testing.T) {
 	// secret store is null
 	context := NewSecurityContext("", nil)
--- a/src/jobservice/replication/transfer.go
+++ b/src/jobservice/replication/transfer.go
@ -212,8 +212,10 @@ func getProject(name string) (*models.Project, error) {
 		return nil, err
 	}

-	req.URL.Query().Set("name", name)
-	req.URL.Query().Encode()
+	q := req.URL.Query()
+	q.Set("name", name)
+	req.URL.RawQuery = q.Encode()
+
 	req.AddCookie(&http.Cookie{
 		Name:  models.UISecretCookie,
 		Value: config.JobserviceSecret(),
@ -231,6 +233,11 @@ func getProject(name string) (*models.Project, error) {
 		return nil, err
 	}

+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("failed to get project %s: %d %s",
+			name, resp.StatusCode, string(data))
+	}
+
 	list := []*models.Project{}
 	if err = json.Unmarshal(data, &list); err != nil {
 		return nil, err
@ -308,7 +315,7 @@ func (c *Checker) createProject(project *models.Project) error {
 }

 func buildProjectURL() string {
-	return strings.TrimRight(config.LocalUIURL(), "/") + "/api/projects/"
+	return strings.TrimRight(config.LocalUIURL(), "/") + "/api/projects"
 }

 // ManifestPuller pulls the manifest of a tag. And if no tag needs to be pulled,
--- a/src/ui/api/project.go
+++ b/src/ui/api/project.go
@ -286,7 +286,7 @@ func (p *ProjectAPI) List() {
 		// not login, only get public projects
 		base.Public = true
 	} else {
-		if !p.SecurityCtx.IsSysAdmin() {
+		if !(p.SecurityCtx.IsSysAdmin() || p.SecurityCtx.IsSolutionUser()) {
 			// login, but not system admin, get public projects and
 			// projects that the user is member of
 			base.Member = p.SecurityCtx.GetUsername()
--- a/src/ui/service/token/token_test.go
+++ b/src/ui/service/token/token_test.go
@ -217,6 +217,9 @@ func (f *fakeSecurityContext) GetUsername() string {
 func (f *fakeSecurityContext) IsSysAdmin() bool {
 	return f.isAdmin
 }
+func (f *fakeSecurityContext) IsSolutionUser() bool {
+	return false
+}
 func (f *fakeSecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
 	return false
 }