fix export cve permission issue (#21325)

The export CVE permission should be included in the project scope, as the API relies on project-level judgment. Signed-off-by: wang yan <wangyan@vmware.com>
2025-01-03 14:37:44 +01:00 · 2024-12-17 14:52:21 +08:00 · 2024-12-17 14:52:21 +08:00 · e417875377
commit e417875377
parent af63122bb7
1 changed files with 3 additions and 3 deletions
--- a/src/common/rbac/const.go
+++ b/src/common/rbac/const.go
@ -133,9 +133,6 @@ func (n *NolimitProvider) GetPermissions(s scope) []*types.Policy {
 			&types.Policy{Resource: ResourceLdapUser, Action: ActionCreate},
 			&types.Policy{Resource: ResourceLdapUser, Action: ActionList},

-			&types.Policy{Resource: ResourceExportCVE, Action: ActionCreate},
-			&types.Policy{Resource: ResourceExportCVE, Action: ActionRead},
-
 			&types.Policy{Resource: ResourceQuota, Action: ActionUpdate},

 			&types.Policy{Resource: ResourceUserGroup, Action: ActionCreate},
@ -151,6 +148,9 @@ func (n *NolimitProvider) GetPermissions(s scope) []*types.Policy {
 			&types.Policy{Resource: ResourceRobot, Action: ActionList},
 			&types.Policy{Resource: ResourceRobot, Action: ActionDelete},

+			&types.Policy{Resource: ResourceExportCVE, Action: ActionCreate},
+			&types.Policy{Resource: ResourceExportCVE, Action: ActionRead},
+
 			&types.Policy{Resource: ResourceMember, Action: ActionCreate},
 			&types.Policy{Resource: ResourceMember, Action: ActionRead},
 			&types.Policy{Resource: ResourceMember, Action: ActionUpdate},