Add list artifact and list repo permissions to robot account (#15718)

Signed-off-by: AllForNothing <sshijun@vmware.com>
This commit is contained in:
孙世军 2021-10-08 10:56:37 +08:00 committed by GitHub
parent 32023891eb
commit 96f5caa635
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 54 additions and 20 deletions

View File

@ -114,7 +114,7 @@
{{getPermissions()}} {{"SYSTEM_ROBOT.PERMISSIONS" | translate}}
<clr-icon shape="caret down"></clr-icon>
</button>
<clr-dropdown-menu [style.height.px]="230" clrPosition="bottom-left" *clrIfOpen>
<clr-dropdown-menu class="dropdown-menu" [style.height.px]="230" clrPosition="bottom-left" *clrIfOpen>
<div clrDropdownItem *ngFor="let item of defaultAccesses" (click)="chooseAccess(item)">
<clr-icon class="check" shape="check" [style.visibility]="item.checked ? 'visible' : 'hidden'"></clr-icon>
<span>{{i18nMap[item.action] | translate}} {{i18nMap[item.resource] | translate}}</span>

View File

@ -76,4 +76,7 @@
min-height: 20px;
display: flex;
align-items: center;
}
}
.dropdown-menu {
overflow-y: auto;
}

View File

@ -88,7 +88,7 @@ export class SystemRobotAccountsComponent implements OnInit, OnDestroy {
}));
})).subscribe(response => {
this.total = Number.parseInt(
response.headers.get('x-total-count')
response.headers.get('x-total-count'), 10
);
this.robots = response.body as Robot[];
this.calculateProjects();
@ -199,7 +199,7 @@ export class SystemRobotAccountsComponent implements OnInit, OnDestroy {
.subscribe(
response => {
this.total = Number.parseInt(
response.headers.get('x-total-count')
response.headers.get('x-total-count'), 10
);
this.robots = response.body as Robot[];
this.calculateProjects();

View File

@ -28,16 +28,20 @@ export enum PermissionsKinds {
}
export enum Resource {
ARTIFACT = 'repository',
REPO = 'repository',
HELM_CHART = 'helm-chart',
HELM_CHART_VERSION = 'helm-chart-version'
HELM_CHART_VERSION = 'helm-chart-version',
ARTIFACT = 'artifact'
}
export enum Action {
PUSH = 'push',
PULL = 'pull',
READ = 'read',
CREATE = 'create'
CREATE = 'create',
LIST = 'list',
STOP = 'stop',
DELETE = 'delete'
}
export const NAMESPACE_ALL_PROJECTS: string = '*';
@ -97,7 +101,17 @@ export const INITIAL_ACCESSES: FrontAccess[] = [
"resource": "scan",
"action": "stop",
"checked": true
}
},
{
"resource": "artifact",
"action": "list",
"checked": true
},
{
"resource": "repository",
"action": "list",
"checked": true
},
];
export const ACTION_RESOURCE_I18N_MAP = {
@ -106,7 +120,7 @@ export const ACTION_RESOURCE_I18N_MAP = {
'read': 'SYSTEM_ROBOT.READ',
'create': 'SYSTEM_ROBOT.CREATE',
'delete': 'SYSTEM_ROBOT.DELETE',
'repository': 'SYSTEM_ROBOT.ARTIFACT',
'repository': 'SYSTEM_ROBOT.REPOSITORY',
'artifact': 'SYSTEM_ROBOT.ARTIFACT',
'helm-chart': 'SYSTEM_ROBOT.HELM',
'helm-chart-version': 'SYSTEM_ROBOT.HELM_VERSION',
@ -114,7 +128,8 @@ export const ACTION_RESOURCE_I18N_MAP = {
'artifact-label': 'SYSTEM_ROBOT.ARTIFACT_LABEL',
'scan': 'SYSTEM_ROBOT.SCAN',
'scanner-pull': 'SYSTEM_ROBOT.SCANNER_PULL',
'stop': 'SYSTEM_ROBOT.STOP'
'stop': 'SYSTEM_ROBOT.STOP',
'list': 'SYSTEM_ROBOT.LIST'
};
export enum ExpirationType {
@ -128,10 +143,10 @@ export function onlyHasPushPermission(access: Access[]): boolean {
let hasPushPermission: boolean = false;
let hasPullPermission: boolean = false;
access.forEach( item => {
if (item.action === Action.PUSH && item.resource === Resource.ARTIFACT) {
if (item.action === Action.PUSH && item.resource === Resource.REPO) {
hasPushPermission = true;
}
if (item.action === Action.PULL && item.resource === Resource.ARTIFACT) {
if (item.action === Action.PULL && item.resource === Resource.REPO) {
hasPullPermission = true;
}
});

View File

@ -1702,6 +1702,8 @@
"FINAL_SYSTEM_NAME_TIP": "Der zusammengesetzte systemweite Robot-Account-Name besteht aus dem Prefix und dem Inhalt des Eingabefeldes.",
"PUSH_AND_PULL": "Push",
"PUSH_PERMISSION_TOOLTIP": "Push permission can not work alone, it must work with pull permission",
"STOP": "Stop"
"STOP": "Stop",
"LIST": "List",
"REPOSITORY": "Repository"
}
}

View File

@ -1702,6 +1702,8 @@
"FINAL_SYSTEM_NAME_TIP": "The final system robot name consists of the prefix and the current input value",
"PUSH_AND_PULL": "Push",
"PUSH_PERMISSION_TOOLTIP": "Push permission can not work alone, it must work with pull permission",
"STOP": "Stop"
"STOP": "Stop",
"LIST": "List",
"REPOSITORY": "Repository"
}
}

View File

@ -1701,6 +1701,8 @@
"FINAL_SYSTEM_NAME_TIP": "The final system robot name consists of the prefix and the current input value",
"PUSH_AND_PULL": "Push",
"PUSH_PERMISSION_TOOLTIP": "Push permission can not work alone, it must work with pull permission",
"STOP": "Stop"
"STOP": "Stop",
"LIST": "List",
"REPOSITORY": "Repository"
}
}

View File

@ -1670,6 +1670,8 @@
"FINAL_SYSTEM_NAME_TIP": "The final system robot name consists of the prefix and the current input value",
"PUSH_AND_PULL": "Push",
"PUSH_PERMISSION_TOOLTIP": "Push permission can not work alone, it must work with pull permission",
"STOP": "Stop"
"STOP": "Stop",
"LIST": "List",
"REPOSITORY": "Repository"
}
}

View File

@ -1698,7 +1698,9 @@
"FINAL_SYSTEM_NAME_TIP": "Este valor será concatenado ao prefixo do projeto.",
"PUSH_AND_PULL": "Push",
"PUSH_PERMISSION_TOOLTIP": "Permissões de envio (push) presume também a permissão e recebimento (pull).",
"STOP": "Stop"
"STOP": "Stop",
"LIST": "List",
"REPOSITORY": "Repository"
}
}

View File

@ -1702,6 +1702,8 @@
"FINAL_SYSTEM_NAME_TIP": "The final system robot name consists of the prefix and the current input value",
"PUSH_AND_PULL": "Push",
"PUSH_PERMISSION_TOOLTIP": "Push permission can not work alone, it must work with pull permission",
"STOP": "Stop"
"STOP": "Stop",
"LIST": "List",
"REPOSITORY": "Repository"
}
}

View File

@ -1700,6 +1700,8 @@
"FINAL_SYSTEM_NAME_TIP": "系统级机器人的最终名称由前缀和当前输入值组成",
"PUSH_AND_PULL": "推送",
"PUSH_PERMISSION_TOOLTIP": "推送权限无法单独工作,请在选择推送权限的时,确保已经勾选了拉取权限",
"STOP": "停止"
"STOP": "停止",
"LIST": "查询",
"REPOSITORY": "仓库"
}
}

View File

@ -1687,6 +1687,8 @@
"FINAL_SYSTEM_NAME_TIP": "The final system robot name consists of the prefix and the current input value",
"PUSH_AND_PULL": "Push",
"PUSH_PERMISSION_TOOLTIP": "Push permission can not work alone, it must work with pull permission",
"STOP": "Stop"
"STOP": "Stop",
"LIST": "List",
"REPOSITORY": "Repository"
}
}