Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-12-19 23:28:20 +01:00
Code Issues Projects Releases Wiki Activity

Add "delete" into the action map if the action in token is "*"

Browse Source 
Fixes #11563, add "delete" into the action map if the action in token is "*"

Signed-off-by: Wenkai Yin <yinw@vmware.com>
This commit is contained in:
Wenkai Yin 2020-04-10 16:11:44 +08:00
parent 56b404bfb7
commit 847a513cea
2 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/common/security/v2token/context.go
View File

@ -94,13 +94,16 @@ func New(ctx context.Context, name string, access []*registry_token.ResourceActi
} }
actionMap := make(map[types.Action]struct{}) actionMap := make(map[types.Action]struct{})
for _, a := range ac.Actions { for _, a := range ac.Actions {
if a == "pull" || a == "*" { switch a {
case "pull":
actionMap[rbac.ActionPull] = struct{}{} actionMap[rbac.ActionPull] = struct{}{}
} case "push":
if a == "push" || a == "*" {
actionMap[rbac.ActionPush] = struct{}{} actionMap[rbac.ActionPush] = struct{}{}
} case "*":
if a == "scanner-pull" { actionMap[rbac.ActionPull] = struct{}{}
actionMap[rbac.ActionPush] = struct{}{}
actionMap[rbac.ActionDelete] = struct{}{}
case "scanner-pull":
actionMap[rbac.ActionScannerPull] = struct{}{} actionMap[rbac.ActionScannerPull] = struct{}{}
} }
} }

5
src/common/security/v2token/context_test.go
View File

@ -69,6 +69,11 @@ func TestAll(t *testing.T) {
action: rbac.ActionPush, action: rbac.ActionPush,
expect: true, expect: true,
}, },
{
resource: rbac.NewProjectNamespace(2).Resource(rbac.ResourceRepository),
action: rbac.ActionDelete,
expect: true,
},
{ {
resource: rbac.NewProjectNamespace(2).Resource(rbac.ResourceRepository), resource: rbac.NewProjectNamespace(2).Resource(rbac.ResourceRepository),
action: rbac.ActionScannerPull, action: rbac.ActionScannerPull,