mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-25 10:07:43 +01:00
Merge pull request #6885 from jwangyangls/privilege_escalation
PermissionMasterRoleWithIsue
This commit is contained in:
commit
a95586034e
@ -179,8 +179,10 @@ export class ListReplicationRuleComponent implements OnInit, OnChanges {
|
||||
}
|
||||
|
||||
selectRule(rule: ReplicationRule): void {
|
||||
this.selectedId = rule.id || "";
|
||||
this.selectOne.emit(rule);
|
||||
if (rule) {
|
||||
this.selectedId = rule.id || "";
|
||||
this.selectOne.emit(rule);
|
||||
}
|
||||
}
|
||||
|
||||
redirectTo(rule: ReplicationRule): void {
|
||||
|
@ -9,14 +9,17 @@ import { SERVICE_CONFIG, IServiceConfig} from '../service.config';
|
||||
import { SystemInfo } from '../service/interface';
|
||||
import { Project } from './project';
|
||||
import { UserPermissionService, UserPermissionDefaultService } from '../service/permission.service';
|
||||
import { USERSTATICPERMISSION } from '../service/permission-static';
|
||||
import { of } from 'rxjs';
|
||||
describe('ProjectPolicyConfigComponent', () => {
|
||||
|
||||
let systemInfoService: SystemInfoService;
|
||||
let projectPolicyService: ProjectService;
|
||||
let userPermissionService: UserPermissionService;
|
||||
|
||||
let spySystemInfo: jasmine.Spy;
|
||||
let spyProjectPolicies: jasmine.Spy;
|
||||
|
||||
let mockHasChangeConfigRole: boolean = true;
|
||||
let mockSystemInfo: SystemInfo[] = [
|
||||
{
|
||||
'with_clair': true,
|
||||
@ -121,6 +124,11 @@ describe('ProjectPolicyConfigComponent', () => {
|
||||
spySystemInfo = spyOn(systemInfoService, 'getSystemInfo').and.returnValues(Promise.resolve(mockSystemInfo[0]));
|
||||
spyProjectPolicies = spyOn(projectPolicyService, 'getProject').and.returnValues(Promise.resolve(mockPorjectPolicies[0]));
|
||||
|
||||
userPermissionService = fixture.debugElement.injector.get(UserPermissionService);
|
||||
spyOn(userPermissionService, "getPermission")
|
||||
.withArgs(component.projectId,
|
||||
USERSTATICPERMISSION.CONFIGURATION.KEY, USERSTATICPERMISSION.CONFIGURATION.VALUE.UPDATE )
|
||||
.and.returnValue(of(mockHasChangeConfigRole));
|
||||
fixture.detectChanges();
|
||||
});
|
||||
|
||||
|
@ -87,7 +87,7 @@
|
||||
<div class="card-footer">
|
||||
<clr-dropdown [clrCloseMenuOnItemClick]="false">
|
||||
<button *ngIf="withAdmiral" type="button" class="btn btn-link" (click)="provisionItemEvent($event, item)" [disabled]="!hasProjectAdminRole">{{'REPOSITORY.DEPLOY' | translate}}</button>
|
||||
<button type="button" class="btn btn-link" (click)="$event.stopPropagation()" [disabled]="!hasProjectAdminRole" clrDropdownTrigger>
|
||||
<button type="button" class="btn btn-link" (click)="$event.stopPropagation()" [disabled]="!hasDeleteRepositoryPermission" clrDropdownTrigger>
|
||||
{{'REPOSITORY.ACTION' | translate}}
|
||||
<clr-icon shape="caret down"></clr-icon>
|
||||
</button>
|
||||
@ -95,7 +95,7 @@
|
||||
<button *ngIf="withAdmiral" type="button" class="btn btn-link" clrDropdownItem (click)="itemAddInfoEvent($event, item)" [disabled]="!hasProjectAdminRole">
|
||||
{{'REPOSITORY.ADDITIONAL_INFO' | translate}}
|
||||
</button>
|
||||
<button type="button" class="btn btn-link" clrDropdownItem (click)="deleteItemEvent($event, item)" [disabled]="!hasProjectAdminRole">
|
||||
<button type="button" class="btn btn-link" clrDropdownItem (click)="deleteItemEvent($event, item)" [disabled]="!hasDeleteRepositoryPermission">
|
||||
{{'REPOSITORY.DELETE' | translate}}
|
||||
</button>
|
||||
</clr-dropdown-menu>
|
||||
|
@ -45,6 +45,7 @@ export class UserPermissionDefaultService extends UserPermissionService {
|
||||
super();
|
||||
}
|
||||
private permissionCache: Observable<object>;
|
||||
private projectId: number;
|
||||
private getPermissionFromBackend(projectId): Observable<object> {
|
||||
const userPermissionUrl = `/api/users/current/permissions?scope=/project/${projectId}&relative=true`;
|
||||
return this.http.get(userPermissionUrl);
|
||||
@ -60,7 +61,8 @@ export class UserPermissionDefaultService extends UserPermissionService {
|
||||
}
|
||||
public getPermission(projectId, resource, action): Observable<boolean> {
|
||||
|
||||
if (!this.permissionCache) {
|
||||
if (!this.permissionCache || this.projectId !== +projectId) {
|
||||
this.projectId = +projectId;
|
||||
this.permissionCache = this.getPermissionFromBackend(projectId).pipe(
|
||||
shareReplay(CACHE_SIZE));
|
||||
}
|
||||
@ -72,5 +74,6 @@ export class UserPermissionDefaultService extends UserPermissionService {
|
||||
}
|
||||
public clearPermissionCache() {
|
||||
this.permissionCache = null;
|
||||
this.projectId = null;
|
||||
}
|
||||
}
|
||||
|
@ -92,14 +92,14 @@
|
||||
</section>
|
||||
<clr-tabs>
|
||||
<clr-tab *ngIf="hasVulnerabilitiesListPermission">
|
||||
<button clrTabLink class="btn btn-link nav-link" id="tag-vulnerability" [class.active]='isCurrentTabLink("tag-vulnerability")'
|
||||
<button clrTabLink [clrTabLinkInOverflow]="false" class="btn btn-link nav-link" id="tag-vulnerability" [class.active]='isCurrentTabLink("tag-vulnerability")'
|
||||
type="button" (click)='tabLinkClick("tag-vulnerability")'>{{'REPOSITORY.VULNERABILITY' | translate}}</button>
|
||||
<clr-tab-content id="content1" *clrIfActive="true">
|
||||
<hbr-vulnerabilities-grid [repositoryId]="repositoryId" [tagId]="tagId"></hbr-vulnerabilities-grid>
|
||||
<hbr-vulnerabilities-grid [repositoryId]="repositoryId" [projectId]="projectId" [tagId]="tagId"></hbr-vulnerabilities-grid>
|
||||
</clr-tab-content>
|
||||
</clr-tab>
|
||||
<clr-tab>
|
||||
<button *ngIf="hasBuildHistoryPermission" id="tag-history" clrTabLink class="btn btn-link nav-link" [class.active]='isCurrentTabLink("tag-history")'
|
||||
<button [clrTabLinkInOverflow]="false" *ngIf="hasBuildHistoryPermission" id="tag-history" clrTabLink class="btn btn-link nav-link" [class.active]='isCurrentTabLink("tag-history")'
|
||||
type="button" (click)='tabLinkClick("tag-history")'>{{ 'REPOSITORY.BUILD_HISTORY' | translate }}</button>
|
||||
<clr-tab-content *clrIfActive>
|
||||
<hbr-tag-history [repositoryId]="repositoryId" [tagId]="tagId">{{ 'REPOSITORY.BUILD_HISTORY' |
|
||||
|
@ -167,7 +167,7 @@ describe("TagComponent (inline template)", () => {
|
||||
labelService = fixture.debugElement.injector.get(LabelService);
|
||||
|
||||
spyLabels = spyOn(labelService, "getGLabels").and.returnValues(Promise.resolve(mockLabels));
|
||||
spyLabels1 = spyOn(labelService, "getPLabels").and.returnValues(Promise.resolve(mockLabels1));
|
||||
spyLabels1 = spyOn(labelService, "getPLabels").withArgs(comp.projectId).and.returnValues(Promise.resolve(mockLabels1));
|
||||
|
||||
fixture.detectChanges();
|
||||
});
|
||||
|
@ -289,27 +289,15 @@ export class TagComponent implements OnInit, AfterViewInit {
|
||||
}
|
||||
|
||||
getAllLabels(): void {
|
||||
toPromise<Label[]>(this.labelService.getGLabels()).then((res: Label[]) => {
|
||||
if (res.length) {
|
||||
res.forEach(data => {
|
||||
forkJoin(this.labelService.getGLabels(), this.labelService.getPLabels(this.projectId)).subscribe(results => {
|
||||
results.forEach(labels => {
|
||||
labels.forEach(data => {
|
||||
this.imageLabels.push({ 'iconsShow': false, 'label': data, 'show': true });
|
||||
});
|
||||
}
|
||||
|
||||
toPromise<Label[]>(this.labelService.getPLabels(this.projectId)).then((res1: Label[]) => {
|
||||
if (res1.length) {
|
||||
res1.forEach(data => {
|
||||
this.imageLabels.push({ 'iconsShow': false, 'label': data, 'show': true });
|
||||
});
|
||||
}
|
||||
this.imageFilterLabels = clone(this.imageLabels);
|
||||
this.imageStickLabels = clone(this.imageLabels);
|
||||
}).catch(error => {
|
||||
this.errorHandler.error(error);
|
||||
});
|
||||
}).catch(error => {
|
||||
this.errorHandler.error(error);
|
||||
});
|
||||
this.imageFilterLabels = clone(this.imageLabels);
|
||||
this.imageStickLabels = clone(this.imageLabels);
|
||||
}, error => this.errorHandler.error(error));
|
||||
}
|
||||
|
||||
labelSelectedChange(tag?: Tag[]): void {
|
||||
|
@ -9,13 +9,16 @@ import { SharedModule } from '../shared/shared.module';
|
||||
import { FilterComponent } from '../filter/index';
|
||||
import {ChannelService} from "../channel/channel.service";
|
||||
import { UserPermissionService, UserPermissionDefaultService } from "../service/permission.service";
|
||||
|
||||
import { USERSTATICPERMISSION } from "../service/permission-static";
|
||||
import { of } from "rxjs";
|
||||
describe('ResultGridComponent (inline template)', () => {
|
||||
let component: ResultGridComponent;
|
||||
let fixture: ComponentFixture<ResultGridComponent>;
|
||||
let serviceConfig: IServiceConfig;
|
||||
let scanningService: ScanningResultService;
|
||||
let userPermissionService: UserPermissionService;
|
||||
let spy: jasmine.Spy;
|
||||
let mockHasScanImagePermission: boolean = true;
|
||||
let testConfig: IServiceConfig = {
|
||||
vulnerabilityScanningBaseEndpoint: "/api/vulnerability/testing"
|
||||
};
|
||||
@ -41,6 +44,7 @@ describe('ResultGridComponent (inline template)', () => {
|
||||
fixture = TestBed.createComponent(ResultGridComponent);
|
||||
component = fixture.componentInstance;
|
||||
component.tagId = "mockTag";
|
||||
component.projectId = 1;
|
||||
|
||||
serviceConfig = TestBed.get(SERVICE_CONFIG);
|
||||
scanningService = fixture.debugElement.injector.get(ScanningResultService);
|
||||
@ -62,6 +66,15 @@ describe('ResultGridComponent (inline template)', () => {
|
||||
spy = spyOn(scanningService, 'getVulnerabilityScanningResults')
|
||||
.and.returnValue(Promise.resolve(mockData));
|
||||
|
||||
|
||||
userPermissionService = fixture.debugElement.injector.get(UserPermissionService);
|
||||
|
||||
|
||||
spyOn(userPermissionService, "getPermission")
|
||||
.withArgs(component.projectId, USERSTATICPERMISSION.REPOSITORY_TAG_SCAN_JOB.KEY,
|
||||
USERSTATICPERMISSION.REPOSITORY_TAG_SCAN_JOB.VALUE.CREATE )
|
||||
.and.returnValue(of(mockHasScanImagePermission));
|
||||
|
||||
fixture.detectChanges();
|
||||
});
|
||||
|
||||
|
@ -22,6 +22,7 @@ export class ResultGridComponent implements OnInit {
|
||||
|
||||
@Input() tagId: string;
|
||||
@Input() repositoryId: string;
|
||||
@Input() projectId: number;
|
||||
hasScanImagePermission: boolean;
|
||||
constructor(
|
||||
private scanningService: ScanningResultService,
|
||||
@ -32,6 +33,7 @@ export class ResultGridComponent implements OnInit {
|
||||
|
||||
ngOnInit(): void {
|
||||
this.loadResults(this.repositoryId, this.tagId);
|
||||
this.getScanPermissions(this.projectId);
|
||||
}
|
||||
|
||||
loadResults(repositoryId: string, tagId: string): void {
|
||||
|
Loading…
Reference in New Issue
Block a user