Add "delete" into the action map if the action in token is "*"

Fixes #11563, add "delete" into the action map if the action in token is "*" Signed-off-by: Wenkai Yin <yinw@vmware.com>
2024-09-28 13:27:31 +02:00 · 2020-04-10 16:11:44 +08:00 · 2020-04-10 16:11:44 +08:00 · 847a513cea
commit 847a513cea
parent 56b404bfb7
2 changed files with 13 additions and 5 deletions
--- a/src/common/security/v2token/context.go
+++ b/src/common/security/v2token/context.go
@ -94,13 +94,16 @@ func New(ctx context.Context, name string, access []*registry_token.ResourceActi
 		}
 		actionMap := make(map[types.Action]struct{})
 		for _, a := range ac.Actions {
-			if a == "pull" || a == "*" {
+			switch a {
+			case "pull":
 				actionMap[rbac.ActionPull] = struct{}{}
-			}
-			if a == "push" || a == "*" {
+			case "push":
 				actionMap[rbac.ActionPush] = struct{}{}
-			}
-			if a == "scanner-pull" {
+			case "*":
+				actionMap[rbac.ActionPull] = struct{}{}
+				actionMap[rbac.ActionPush] = struct{}{}
+				actionMap[rbac.ActionDelete] = struct{}{}
+			case "scanner-pull":
 				actionMap[rbac.ActionScannerPull] = struct{}{}
 			}
 		}
--- a/src/common/security/v2token/context_test.go
+++ b/src/common/security/v2token/context_test.go
@ -69,6 +69,11 @@ func TestAll(t *testing.T) {
 			action:   rbac.ActionPush,
 			expect:   true,
 		},
+		{
+			resource: rbac.NewProjectNamespace(2).Resource(rbac.ResourceRepository),
+			action:   rbac.ActionDelete,
+			expect:   true,
+		},
 		{
 			resource: rbac.NewProjectNamespace(2).Resource(rbac.ResourceRepository),
 			action:   rbac.ActionScannerPull,