Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-10-31 23:59:32 +01:00
Code Issues Projects Releases Wiki Activity

Hide projects in global logs where user has limited guest role

Browse Source 
Signed-off-by: Mark Huang <mhuang@pivotal.io>
This commit is contained in:
Mark Huang 2020-01-06 16:16:19 -05:00
parent 012aa570c8
commit c2257d49b8
3 changed files with 40 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/core/api/api_test.go
View File

@ -40,8 +40,8 @@ import (
) )
var ( var (
nonSysAdminID, projAdminID, projDeveloperID, projGuestID, projAdminRobotID int64 nonSysAdminID, projAdminID, projDeveloperID, projGuestID, projLimitedGuestID, projAdminRobotID int64
projAdminPMID, projDeveloperPMID, projGuestPMID, projAdminRobotPMID int projAdminPMID, projDeveloperPMID, projGuestPMID, projLimitedGuestPMID, projAdminRobotPMID int
// The following users/credentials are registered and assigned roles at the beginning of // The following users/credentials are registered and assigned roles at the beginning of
// running testing and cleaned up at the end. // running testing and cleaned up at the end.
// Do not try to change the system and project roles that the users have during // Do not try to change the system and project roles that the users have during
@ -67,6 +67,10 @@ var (
Name: "proj_guest", Name: "proj_guest",
Passwd: "Harbor12345", Passwd: "Harbor12345",
} }
projLimitedGuest = &usrInfo{
Name: "proj_limited_guest",
Passwd: "Harbor12345",
}
projAdmin4Robot = &usrInfo{ projAdmin4Robot = &usrInfo{
Name: "proj_admin_robot", Name: "proj_admin_robot",
Passwd: "Harbor12345", Passwd: "Harbor12345",
@ -312,6 +316,24 @@ func prepare() error {
}); err != nil { }); err != nil {
return err return err
} }
// register projLimitedGuest and assign project limit guest role
projLimitedGuestID, err = dao.Register(models.User{
Username: projLimitedGuest.Name,
Password: projLimitedGuest.Passwd,
Email: projLimitedGuest.Name + "@test.com",
})
if err != nil {
return err
}
if projLimitedGuestPMID, err = project.AddProjectMember(models.Member{
ProjectID: 1,
Role: common.RoleLimitedGuest,
EntityID: int(projLimitedGuestID),
EntityType: common.UserMember,
}); err != nil {
return err
}
return err return err
} }

15
src/core/api/log.go
View File

@ -18,8 +18,10 @@ import (
"fmt" "fmt"
"errors" "errors"
"github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/dao"
"github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/models"
"github.com/goharbor/harbor/src/common/rbac"
"github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/common/utils"
) )
@ -87,17 +89,20 @@ func (l *LogAPI) Get() {
return return
} }
if len(projects) == 0 { ids := []int64{}
for _, project := range projects {
if hasPermission, _ := l.HasProjectPermission(project.ProjectID, rbac.ActionList, rbac.ResourceLog); hasPermission {
ids = append(ids, project.ProjectID)
}
}
if len(ids) == 0 {
l.SetPaginationHeader(0, page, size) l.SetPaginationHeader(0, page, size)
l.Data["json"] = nil l.Data["json"] = nil
l.ServeJSON() l.ServeJSON()
return return
} }
ids := []int64{}
for _, project := range projects {
ids = append(ids, project.ProjectID)
}
query.ProjectIDs = ids query.ProjectIDs = ids
} }

6
src/core/api/log_test.go
View File

@ -93,4 +93,10 @@ func TestLogGet(t *testing.T) {
assert.Equal(t, repository, logs[0].RepoName) assert.Equal(t, repository, logs[0].RepoName)
assert.Equal(t, tag, logs[0].RepoTag) assert.Equal(t, tag, logs[0].RepoTag)
assert.Equal(t, operation, logs[0].Operation) assert.Equal(t, operation, logs[0].Operation)
// Limited Guest 200 && no logs
c.credential = projLimitedGuest
err = handleAndParse(c, &logs)
require.Nil(t, err)
require.Equal(t, 0, len(logs))
} }