From e417875377534d7bb1867455ebb1a431c3ed4f0c Mon Sep 17 00:00:00 2001
From: Wang Yan <wangyan@vmware.com>
Date: Tue, 17 Dec 2024 14:52:21 +0800
Subject: [PATCH] fix export cve permission issue (#21325)

The export CVE permission should be included in the project scope, as the API relies on project-level judgment.

Signed-off-by: wang yan <wangyan@vmware.com>
---
 src/common/rbac/const.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/common/rbac/const.go b/src/common/rbac/const.go
index 0cc4fc1ba..f23189db9 100644
--- a/src/common/rbac/const.go
+++ b/src/common/rbac/const.go
@@ -133,9 +133,6 @@ func (n *NolimitProvider) GetPermissions(s scope) []*types.Policy {
 			&types.Policy{Resource: ResourceLdapUser, Action: ActionCreate},
 			&types.Policy{Resource: ResourceLdapUser, Action: ActionList},
 
-			&types.Policy{Resource: ResourceExportCVE, Action: ActionCreate},
-			&types.Policy{Resource: ResourceExportCVE, Action: ActionRead},
-
 			&types.Policy{Resource: ResourceQuota, Action: ActionUpdate},
 
 			&types.Policy{Resource: ResourceUserGroup, Action: ActionCreate},
@@ -151,6 +148,9 @@ func (n *NolimitProvider) GetPermissions(s scope) []*types.Policy {
 			&types.Policy{Resource: ResourceRobot, Action: ActionList},
 			&types.Policy{Resource: ResourceRobot, Action: ActionDelete},
 
+			&types.Policy{Resource: ResourceExportCVE, Action: ActionCreate},
+			&types.Policy{Resource: ResourceExportCVE, Action: ActionRead},
+
 			&types.Policy{Resource: ResourceMember, Action: ActionCreate},
 			&types.Policy{Resource: ResourceMember, Action: ActionRead},
 			&types.Policy{Resource: ResourceMember, Action: ActionUpdate},