mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-24 01:27:49 +01:00
fix replicate issue
This commit is contained in:
parent
aa681eb018
commit
2e427bffe2
@ -64,6 +64,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
|
||||
return s.ctx.IsSysAdmin()
|
||||
}
|
||||
|
||||
// IsSolutionUser ...
|
||||
func (s *SecurityContext) IsSolutionUser() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
// HasReadPerm returns whether the user has read permission to the project
|
||||
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
||||
public, err := s.pm.IsPublic(projectIDOrName)
|
||||
|
@ -26,6 +26,8 @@ type Context interface {
|
||||
GetUsername() string
|
||||
// IsSysAdmin returns whether the user is system admin
|
||||
IsSysAdmin() bool
|
||||
// IsSolutionUser returns whether the user is solution user
|
||||
IsSolutionUser() bool
|
||||
// HasReadPerm returns whether the user has read permission to the project
|
||||
HasReadPerm(projectIDOrName interface{}) bool
|
||||
// HasWritePerm returns whether the user has write permission to the project
|
||||
|
@ -59,6 +59,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
|
||||
return s.user.HasAdminRole == 1
|
||||
}
|
||||
|
||||
// IsSolutionUser ...
|
||||
func (s *SecurityContext) IsSolutionUser() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
// HasReadPerm returns whether the user has read permission to the project
|
||||
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
||||
// public project
|
||||
|
@ -186,6 +186,11 @@ func TestIsSysAdmin(t *testing.T) {
|
||||
assert.True(t, ctx.IsSysAdmin())
|
||||
}
|
||||
|
||||
func TestIsSolutionUser(t *testing.T) {
|
||||
ctx := NewSecurityContext(nil, nil)
|
||||
assert.False(t, ctx.IsSolutionUser())
|
||||
}
|
||||
|
||||
func TestHasReadPerm(t *testing.T) {
|
||||
// public project
|
||||
ctx := NewSecurityContext(nil, pm)
|
||||
|
@ -65,6 +65,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
// IsSolutionUser ...
|
||||
func (s *SecurityContext) IsSolutionUser() bool {
|
||||
return s.IsAuthenticated()
|
||||
}
|
||||
|
||||
// HasReadPerm returns true if the corresponding user of the secret
|
||||
// is jobservice, otherwise returns false
|
||||
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
||||
|
@ -77,6 +77,24 @@ func TestIsSysAdmin(t *testing.T) {
|
||||
assert.False(t, isSysAdmin)
|
||||
}
|
||||
|
||||
func TestIsSolutionUser(t *testing.T) {
|
||||
// invalid secret
|
||||
context := NewSecurityContext("invalid_secret",
|
||||
secret.NewStore(map[string]string{
|
||||
"secret": "username",
|
||||
}))
|
||||
isSolutionUser := context.IsSolutionUser()
|
||||
assert.False(t, isSolutionUser)
|
||||
|
||||
// valid secret
|
||||
context = NewSecurityContext("secret",
|
||||
secret.NewStore(map[string]string{
|
||||
"secret": "username",
|
||||
}))
|
||||
isSolutionUser = context.IsSolutionUser()
|
||||
assert.True(t, isSolutionUser)
|
||||
}
|
||||
|
||||
func TestHasReadPerm(t *testing.T) {
|
||||
// secret store is null
|
||||
context := NewSecurityContext("", nil)
|
||||
|
@ -212,8 +212,10 @@ func getProject(name string) (*models.Project, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
req.URL.Query().Set("name", name)
|
||||
req.URL.Query().Encode()
|
||||
q := req.URL.Query()
|
||||
q.Set("name", name)
|
||||
req.URL.RawQuery = q.Encode()
|
||||
|
||||
req.AddCookie(&http.Cookie{
|
||||
Name: models.UISecretCookie,
|
||||
Value: config.JobserviceSecret(),
|
||||
@ -231,6 +233,11 @@ func getProject(name string) (*models.Project, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return nil, fmt.Errorf("failed to get project %s: %d %s",
|
||||
name, resp.StatusCode, string(data))
|
||||
}
|
||||
|
||||
list := []*models.Project{}
|
||||
if err = json.Unmarshal(data, &list); err != nil {
|
||||
return nil, err
|
||||
@ -308,7 +315,7 @@ func (c *Checker) createProject(project *models.Project) error {
|
||||
}
|
||||
|
||||
func buildProjectURL() string {
|
||||
return strings.TrimRight(config.LocalUIURL(), "/") + "/api/projects/"
|
||||
return strings.TrimRight(config.LocalUIURL(), "/") + "/api/projects"
|
||||
}
|
||||
|
||||
// ManifestPuller pulls the manifest of a tag. And if no tag needs to be pulled,
|
||||
|
@ -286,7 +286,7 @@ func (p *ProjectAPI) List() {
|
||||
// not login, only get public projects
|
||||
base.Public = true
|
||||
} else {
|
||||
if !p.SecurityCtx.IsSysAdmin() {
|
||||
if !(p.SecurityCtx.IsSysAdmin() || p.SecurityCtx.IsSolutionUser()) {
|
||||
// login, but not system admin, get public projects and
|
||||
// projects that the user is member of
|
||||
base.Member = p.SecurityCtx.GetUsername()
|
||||
|
@ -217,6 +217,9 @@ func (f *fakeSecurityContext) GetUsername() string {
|
||||
func (f *fakeSecurityContext) IsSysAdmin() bool {
|
||||
return f.isAdmin
|
||||
}
|
||||
func (f *fakeSecurityContext) IsSolutionUser() bool {
|
||||
return false
|
||||
}
|
||||
func (f *fakeSecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
||||
return false
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user