mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-24 17:47:46 +01:00
Add Can method to securty.Context interface (#6779)
* Add Can method to securty.Context interface Signed-off-by: He Weiwei <hweiwei@vmware.com> * Improve mockSecurityContext Can method Signed-off-by: He Weiwei <hweiwei@vmware.com>
This commit is contained in:
parent
5abfa2de3a
commit
ae061482ae
@ -16,6 +16,7 @@ package security
|
||||
|
||||
import (
|
||||
"github.com/goharbor/harbor/src/common/models"
|
||||
"github.com/goharbor/harbor/src/common/rbac"
|
||||
)
|
||||
|
||||
// Context abstracts the operations related with authN and authZ
|
||||
@ -38,4 +39,6 @@ type Context interface {
|
||||
GetMyProjects() ([]*models.Project, error)
|
||||
// Get user's role in provided project
|
||||
GetProjectRoles(projectIDOrName interface{}) []int
|
||||
// Can returns whether the user can do action on resource
|
||||
Can(action rbac.Action, resource rbac.Resource) bool
|
||||
}
|
||||
|
@ -8,6 +8,8 @@ import (
|
||||
|
||||
"github.com/goharbor/harbor/src/chartserver"
|
||||
"github.com/goharbor/harbor/src/common/models"
|
||||
"github.com/goharbor/harbor/src/common/rbac"
|
||||
"github.com/goharbor/harbor/src/common/rbac/project"
|
||||
"github.com/goharbor/harbor/src/core/promgr/metamgr"
|
||||
)
|
||||
|
||||
@ -311,32 +313,12 @@ func (msc *mockSecurityContext) IsSolutionUser() bool {
|
||||
|
||||
// HasReadPerm returns whether the user has read permission to the project
|
||||
func (msc *mockSecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
||||
if projectIDOrName == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
if ns, ok := projectIDOrName.(string); ok {
|
||||
if ns == "library" {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
return msc.Can(project.ActionPull, rbac.NewProjectNamespace(projectIDOrName, false).Resource(project.ResourceImage))
|
||||
}
|
||||
|
||||
// HasWritePerm returns whether the user has write permission to the project
|
||||
func (msc *mockSecurityContext) HasWritePerm(projectIDOrName interface{}) bool {
|
||||
if projectIDOrName == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
if ns, ok := projectIDOrName.(string); ok {
|
||||
if ns == "library" {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
return msc.Can(project.ActionPush, rbac.NewProjectNamespace(projectIDOrName, false).Resource(project.ResourceImage))
|
||||
}
|
||||
|
||||
// HasAllPerm returns whether the user has all permissions to the project
|
||||
@ -344,6 +326,28 @@ func (msc *mockSecurityContext) HasAllPerm(projectIDOrName interface{}) bool {
|
||||
return msc.HasReadPerm(projectIDOrName) && msc.HasWritePerm(projectIDOrName)
|
||||
}
|
||||
|
||||
// Can returns whether the user can do action on resource
|
||||
func (msc *mockSecurityContext) Can(action rbac.Action, resource rbac.Resource) bool {
|
||||
namespace, err := resource.GetNamespace()
|
||||
if err != nil || namespace.Kind() != "project" {
|
||||
return false
|
||||
}
|
||||
|
||||
projectIDOrName := namespace.Identity()
|
||||
|
||||
if projectIDOrName == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
if ns, ok := projectIDOrName.(string); ok {
|
||||
if ns == "library" {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// Get current user's all project
|
||||
func (msc *mockSecurityContext) GetMyProjects() ([]*models.Project, error) {
|
||||
return []*models.Project{{ProjectID: 0, Name: "library"}}, nil
|
||||
|
@ -30,6 +30,7 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/goharbor/harbor/src/common/models"
|
||||
"github.com/goharbor/harbor/src/common/rbac"
|
||||
"github.com/goharbor/harbor/src/common/utils/test"
|
||||
"github.com/goharbor/harbor/src/core/config"
|
||||
)
|
||||
@ -260,6 +261,9 @@ func (f *fakeSecurityContext) HasWritePerm(projectIDOrName interface{}) bool {
|
||||
func (f *fakeSecurityContext) HasAllPerm(projectIDOrName interface{}) bool {
|
||||
return false
|
||||
}
|
||||
func (f *fakeSecurityContext) Can(action rbac.Action, resource rbac.Resource) bool {
|
||||
return false
|
||||
}
|
||||
func (f *fakeSecurityContext) GetMyProjects() ([]*models.Project, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user