mirror of
https://github.com/goharbor/harbor.git
synced 2024-06-20 11:55:06 +02:00
only admin can access registry's catalog API
This commit is contained in:
parent
e2fe74598b
commit
aa25c20f44
|
@ -139,6 +139,10 @@ func (reg registryFilter) filter(user userInfo, a *token.ResourceActions) error
|
|||
if a.Name != "catalog" {
|
||||
return fmt.Errorf("Unable to handle, type: %s, name: %s", a.Type, a.Name)
|
||||
}
|
||||
if !user.allPerm {
|
||||
//Set the actions to empty is the user is not admin
|
||||
a.Actions = []string{}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -192,7 +192,9 @@ func TestFilterAccess(t *testing.T) {
|
|||
s := []string{"registry:catalog:*"}
|
||||
a1 := GetResourceActions(s)
|
||||
a2 := GetResourceActions(s)
|
||||
u := userInfo{"jack", false}
|
||||
a3 := GetResourceActions(s)
|
||||
u1 := userInfo{"jack", true}
|
||||
u2 := userInfo{"jack", false}
|
||||
ra1 := token.ResourceActions{
|
||||
Type: "registry",
|
||||
Name: "catalog",
|
||||
|
@ -203,10 +205,13 @@ func TestFilterAccess(t *testing.T) {
|
|||
Name: "catalog",
|
||||
Actions: []string{},
|
||||
}
|
||||
err = filterAccess(a1, u, registryFilterMap)
|
||||
err = filterAccess(a1, u1, registryFilterMap)
|
||||
assert.Nil(t, err, "Unexpected error: %v", err)
|
||||
assert.Equal(t, ra1, *a1[0], "Mismatch after registry filter Map")
|
||||
err = filterAccess(a2, u, notaryFilterMap)
|
||||
err = filterAccess(a2, u1, notaryFilterMap)
|
||||
assert.Nil(t, err, "Unexpected error: %v", err)
|
||||
assert.Equal(t, ra2, *a2[0], "Mismatch after notary filter Map")
|
||||
err = filterAccess(a3, u2, registryFilterMap)
|
||||
assert.Nil(t, err, "Unexpected error: %v", err)
|
||||
assert.Equal(t, ra2, *a3[0], "Mismatch after registry filter Map")
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user