fix export cve permission issue (#21325)

The export CVE permission should be included in the project scope, as the API relies on project-level judgment.

Signed-off-by: wang yan <wangyan@vmware.com>

src/common/rbac/const.go

@@ -133,9 +133,6 @@ func (n *NolimitProvider) GetPermissions(s scope) []*types.Policy {
 			&types.Policy{Resource: ResourceLdapUser, Action: ActionCreate},
 			&types.Policy{Resource: ResourceLdapUser, Action: ActionList},
 
-			&types.Policy{Resource: ResourceExportCVE, Action: ActionCreate},
-			&types.Policy{Resource: ResourceExportCVE, Action: ActionRead},
-
 			&types.Policy{Resource: ResourceQuota, Action: ActionUpdate},
 
 			&types.Policy{Resource: ResourceUserGroup, Action: ActionCreate},
@@ -151,6 +148,9 @@ func (n *NolimitProvider) GetPermissions(s scope) []*types.Policy {
 			&types.Policy{Resource: ResourceRobot, Action: ActionList},
 			&types.Policy{Resource: ResourceRobot, Action: ActionDelete},
 
+			&types.Policy{Resource: ResourceExportCVE, Action: ActionCreate},
+			&types.Policy{Resource: ResourceExportCVE, Action: ActionRead},
+
 			&types.Policy{Resource: ResourceMember, Action: ActionCreate},
 			&types.Policy{Resource: ResourceMember, Action: ActionRead},
 			&types.Policy{Resource: ResourceMember, Action: ActionUpdate},