From 847a513cea79e6478989a2a80ee18d62f474a192 Mon Sep 17 00:00:00 2001
From: Wenkai Yin <yinw@vmware.com>
Date: Fri, 10 Apr 2020 16:11:44 +0800
Subject: [PATCH] Add "delete" into the action map if the action in token is
 "*"

Fixes #11563, add "delete" into the action map if the action in token is "*"

Signed-off-by: Wenkai Yin <yinw@vmware.com>
---
 src/common/security/v2token/context.go      | 13 ++++++++-----
 src/common/security/v2token/context_test.go |  5 +++++
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/common/security/v2token/context.go b/src/common/security/v2token/context.go
index cc01e4113..933ddac0f 100644
--- a/src/common/security/v2token/context.go
+++ b/src/common/security/v2token/context.go
@@ -94,13 +94,16 @@ func New(ctx context.Context, name string, access []*registry_token.ResourceActi
 		}
 		actionMap := make(map[types.Action]struct{})
 		for _, a := range ac.Actions {
-			if a == "pull" || a == "*" {
+			switch a {
+			case "pull":
 				actionMap[rbac.ActionPull] = struct{}{}
-			}
-			if a == "push" || a == "*" {
+			case "push":
 				actionMap[rbac.ActionPush] = struct{}{}
-			}
-			if a == "scanner-pull" {
+			case "*":
+				actionMap[rbac.ActionPull] = struct{}{}
+				actionMap[rbac.ActionPush] = struct{}{}
+				actionMap[rbac.ActionDelete] = struct{}{}
+			case "scanner-pull":
 				actionMap[rbac.ActionScannerPull] = struct{}{}
 			}
 		}
diff --git a/src/common/security/v2token/context_test.go b/src/common/security/v2token/context_test.go
index 7b7b07e8f..bd4ada488 100644
--- a/src/common/security/v2token/context_test.go
+++ b/src/common/security/v2token/context_test.go
@@ -69,6 +69,11 @@ func TestAll(t *testing.T) {
 			action:   rbac.ActionPush,
 			expect:   true,
 		},
+		{
+			resource: rbac.NewProjectNamespace(2).Resource(rbac.ResourceRepository),
+			action:   rbac.ActionDelete,
+			expect:   true,
+		},
 		{
 			resource: rbac.NewProjectNamespace(2).Resource(rbac.ResourceRepository),
 			action:   rbac.ActionScannerPull,