Add Can method to securty.Context interface (#6779)

* Add Can method to securty.Context interface

Signed-off-by: He Weiwei <hweiwei@vmware.com>

* Improve mockSecurityContext Can method

Signed-off-by: He Weiwei <hweiwei@vmware.com>
This commit is contained in:
He Weiwei 2019-01-23 14:32:37 +08:00 committed by Yan
parent 5abfa2de3a
commit ae061482ae
3 changed files with 33 additions and 22 deletions

View File

@ -16,6 +16,7 @@ package security
import ( import (
"github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/models"
"github.com/goharbor/harbor/src/common/rbac"
) )
// Context abstracts the operations related with authN and authZ // Context abstracts the operations related with authN and authZ
@ -38,4 +39,6 @@ type Context interface {
GetMyProjects() ([]*models.Project, error) GetMyProjects() ([]*models.Project, error)
// Get user's role in provided project // Get user's role in provided project
GetProjectRoles(projectIDOrName interface{}) []int GetProjectRoles(projectIDOrName interface{}) []int
// Can returns whether the user can do action on resource
Can(action rbac.Action, resource rbac.Resource) bool
} }

View File

@ -8,6 +8,8 @@ import (
"github.com/goharbor/harbor/src/chartserver" "github.com/goharbor/harbor/src/chartserver"
"github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/models"
"github.com/goharbor/harbor/src/common/rbac"
"github.com/goharbor/harbor/src/common/rbac/project"
"github.com/goharbor/harbor/src/core/promgr/metamgr" "github.com/goharbor/harbor/src/core/promgr/metamgr"
) )
@ -311,32 +313,12 @@ func (msc *mockSecurityContext) IsSolutionUser() bool {
// HasReadPerm returns whether the user has read permission to the project // HasReadPerm returns whether the user has read permission to the project
func (msc *mockSecurityContext) HasReadPerm(projectIDOrName interface{}) bool { func (msc *mockSecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
if projectIDOrName == nil { return msc.Can(project.ActionPull, rbac.NewProjectNamespace(projectIDOrName, false).Resource(project.ResourceImage))
return false
}
if ns, ok := projectIDOrName.(string); ok {
if ns == "library" {
return true
}
}
return false
} }
// HasWritePerm returns whether the user has write permission to the project // HasWritePerm returns whether the user has write permission to the project
func (msc *mockSecurityContext) HasWritePerm(projectIDOrName interface{}) bool { func (msc *mockSecurityContext) HasWritePerm(projectIDOrName interface{}) bool {
if projectIDOrName == nil { return msc.Can(project.ActionPush, rbac.NewProjectNamespace(projectIDOrName, false).Resource(project.ResourceImage))
return false
}
if ns, ok := projectIDOrName.(string); ok {
if ns == "library" {
return true
}
}
return false
} }
// HasAllPerm returns whether the user has all permissions to the project // HasAllPerm returns whether the user has all permissions to the project
@ -344,6 +326,28 @@ func (msc *mockSecurityContext) HasAllPerm(projectIDOrName interface{}) bool {
return msc.HasReadPerm(projectIDOrName) && msc.HasWritePerm(projectIDOrName) return msc.HasReadPerm(projectIDOrName) && msc.HasWritePerm(projectIDOrName)
} }
// Can returns whether the user can do action on resource
func (msc *mockSecurityContext) Can(action rbac.Action, resource rbac.Resource) bool {
namespace, err := resource.GetNamespace()
if err != nil || namespace.Kind() != "project" {
return false
}
projectIDOrName := namespace.Identity()
if projectIDOrName == nil {
return false
}
if ns, ok := projectIDOrName.(string); ok {
if ns == "library" {
return true
}
}
return false
}
// Get current user's all project // Get current user's all project
func (msc *mockSecurityContext) GetMyProjects() ([]*models.Project, error) { func (msc *mockSecurityContext) GetMyProjects() ([]*models.Project, error) {
return []*models.Project{{ProjectID: 0, Name: "library"}}, nil return []*models.Project{{ProjectID: 0, Name: "library"}}, nil

View File

@ -30,6 +30,7 @@ import (
"testing" "testing"
"github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/models"
"github.com/goharbor/harbor/src/common/rbac"
"github.com/goharbor/harbor/src/common/utils/test" "github.com/goharbor/harbor/src/common/utils/test"
"github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/config"
) )
@ -260,6 +261,9 @@ func (f *fakeSecurityContext) HasWritePerm(projectIDOrName interface{}) bool {
func (f *fakeSecurityContext) HasAllPerm(projectIDOrName interface{}) bool { func (f *fakeSecurityContext) HasAllPerm(projectIDOrName interface{}) bool {
return false return false
} }
func (f *fakeSecurityContext) Can(action rbac.Action, resource rbac.Resource) bool {
return false
}
func (f *fakeSecurityContext) GetMyProjects() ([]*models.Project, error) { func (f *fakeSecurityContext) GetMyProjects() ([]*models.Project, error) {
return nil, nil return nil, nil
} }