Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-23 10:45:45 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #6847 from wy65701436/update-res-robot

Browse Source 
Fix action and resouce of RBAC change
This commit is contained in:
He Weiwei 2019-01-29 17:42:00 +08:00 committed by GitHub
commit 4af9a42ea8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/common/security/robot/context.go
View File

@ -17,7 +17,6 @@ package robot
import ( import (
"github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/models"
"github.com/goharbor/harbor/src/common/rbac" "github.com/goharbor/harbor/src/common/rbac"
"github.com/goharbor/harbor/src/common/rbac/project"
"github.com/goharbor/harbor/src/core/promgr" "github.com/goharbor/harbor/src/core/promgr"
) )
@ -64,19 +63,19 @@ func (s *SecurityContext) IsSolutionUser() bool {
// HasReadPerm returns whether the user has read permission to the project // HasReadPerm returns whether the user has read permission to the project
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool { func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
isPublicProject, _ := s.pm.IsPublic(projectIDOrName) isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
return s.Can(project.ActionPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage)) return s.Can(rbac.ActionPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(rbac.ResourceRepository))
} }
// HasWritePerm returns whether the user has write permission to the project // HasWritePerm returns whether the user has write permission to the project
func (s *SecurityContext) HasWritePerm(projectIDOrName interface{}) bool { func (s *SecurityContext) HasWritePerm(projectIDOrName interface{}) bool {
isPublicProject, _ := s.pm.IsPublic(projectIDOrName) isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
return s.Can(project.ActionPush, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage)) return s.Can(rbac.ActionPush, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(rbac.ResourceRepository))
} }
// HasAllPerm returns whether the user has all permissions to the project // HasAllPerm returns whether the user has all permissions to the project
func (s *SecurityContext) HasAllPerm(projectIDOrName interface{}) bool { func (s *SecurityContext) HasAllPerm(projectIDOrName interface{}) bool {
isPublicProject, _ := s.pm.IsPublic(projectIDOrName) isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
return s.Can(project.ActionPushPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage)) return s.Can(rbac.ActionPushPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(rbac.ResourceRepository))
} }
// GetMyProjects no implementation // GetMyProjects no implementation

6
src/common/security/robot/context_test.go
View File

@ -136,7 +136,7 @@ func TestIsSolutionUser(t *testing.T) {
func TestHasReadPerm(t *testing.T) { func TestHasReadPerm(t *testing.T) {
rbacPolicy := &rbac.Policy{ rbacPolicy := &rbac.Policy{
Resource: "/project/testrobot/image", Resource: "/project/testrobot/repository",
Action: "pull", Action: "pull",
} }
policies := []*rbac.Policy{} policies := []*rbac.Policy{}
@ -153,7 +153,7 @@ func TestHasReadPerm(t *testing.T) {
func TestHasWritePerm(t *testing.T) { func TestHasWritePerm(t *testing.T) {
rbacPolicy := &rbac.Policy{ rbacPolicy := &rbac.Policy{
Resource: "/project/testrobot/image", Resource: "/project/testrobot/repository",
Action: "push", Action: "push",
} }
policies := []*rbac.Policy{} policies := []*rbac.Policy{}
@ -169,7 +169,7 @@ func TestHasWritePerm(t *testing.T) {
func TestHasAllPerm(t *testing.T) { func TestHasAllPerm(t *testing.T) {
rbacPolicy := &rbac.Policy{ rbacPolicy := &rbac.Policy{
Resource: "/project/testrobot/image", Resource: "/project/testrobot/repository",
Action: "push+pull", Action: "push+pull",
} }
policies := []*rbac.Policy{} policies := []*rbac.Policy{}