mirror of
https://github.com/goharbor/harbor.git
synced 2024-09-28 05:18:01 +02:00
only admin can access registry's catalog API
This commit is contained in:
parent
e2fe74598b
commit
aa25c20f44
@ -139,6 +139,10 @@ func (reg registryFilter) filter(user userInfo, a *token.ResourceActions) error
|
|||||||
if a.Name != "catalog" {
|
if a.Name != "catalog" {
|
||||||
return fmt.Errorf("Unable to handle, type: %s, name: %s", a.Type, a.Name)
|
return fmt.Errorf("Unable to handle, type: %s, name: %s", a.Type, a.Name)
|
||||||
}
|
}
|
||||||
|
if !user.allPerm {
|
||||||
|
//Set the actions to empty is the user is not admin
|
||||||
|
a.Actions = []string{}
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -192,7 +192,9 @@ func TestFilterAccess(t *testing.T) {
|
|||||||
s := []string{"registry:catalog:*"}
|
s := []string{"registry:catalog:*"}
|
||||||
a1 := GetResourceActions(s)
|
a1 := GetResourceActions(s)
|
||||||
a2 := GetResourceActions(s)
|
a2 := GetResourceActions(s)
|
||||||
u := userInfo{"jack", false}
|
a3 := GetResourceActions(s)
|
||||||
|
u1 := userInfo{"jack", true}
|
||||||
|
u2 := userInfo{"jack", false}
|
||||||
ra1 := token.ResourceActions{
|
ra1 := token.ResourceActions{
|
||||||
Type: "registry",
|
Type: "registry",
|
||||||
Name: "catalog",
|
Name: "catalog",
|
||||||
@ -203,10 +205,13 @@ func TestFilterAccess(t *testing.T) {
|
|||||||
Name: "catalog",
|
Name: "catalog",
|
||||||
Actions: []string{},
|
Actions: []string{},
|
||||||
}
|
}
|
||||||
err = filterAccess(a1, u, registryFilterMap)
|
err = filterAccess(a1, u1, registryFilterMap)
|
||||||
assert.Nil(t, err, "Unexpected error: %v", err)
|
assert.Nil(t, err, "Unexpected error: %v", err)
|
||||||
assert.Equal(t, ra1, *a1[0], "Mismatch after registry filter Map")
|
assert.Equal(t, ra1, *a1[0], "Mismatch after registry filter Map")
|
||||||
err = filterAccess(a2, u, notaryFilterMap)
|
err = filterAccess(a2, u1, notaryFilterMap)
|
||||||
assert.Nil(t, err, "Unexpected error: %v", err)
|
assert.Nil(t, err, "Unexpected error: %v", err)
|
||||||
assert.Equal(t, ra2, *a2[0], "Mismatch after notary filter Map")
|
assert.Equal(t, ra2, *a2[0], "Mismatch after notary filter Map")
|
||||||
|
err = filterAccess(a3, u2, registryFilterMap)
|
||||||
|
assert.Nil(t, err, "Unexpected error: %v", err)
|
||||||
|
assert.Equal(t, ra2, *a3[0], "Mismatch after registry filter Map")
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user