fix system label resource (#19621)

Make sure robot can use rbac.Resource(label) to access system level label Signed-off-by: wang yan <wangyan@vmware.com>
2023-11-27 13:34:17 +08:00 · 2023-11-27 13:34:17 +08:00 · e6900301ce
parent 969dd1be66
commit e6900301ce
1 changed files with 1 additions and 3 deletions
--- a/src/server/v2.0/handler/label.go
+++ b/src/server/v2.0/handler/label.go
@ -23,7 +23,6 @@ import (

 	"github.com/goharbor/harbor/src/common"
 	"github.com/goharbor/harbor/src/common/rbac"
-	"github.com/goharbor/harbor/src/common/rbac/system"
 	"github.com/goharbor/harbor/src/controller/project"
 	"github.com/goharbor/harbor/src/lib"
 	"github.com/goharbor/harbor/src/lib/errors"
@ -193,8 +192,7 @@ func (lAPI *labelAPI) DeleteLabel(ctx context.Context, params operation.DeleteLa
 func (lAPI *labelAPI) requireAccess(ctx context.Context, label *pkg_model.Label, action rbac.Action, subresources ...rbac.Resource) error {
 	switch label.Scope {
 	case common.LabelScopeGlobal:
-		resource := system.NewNamespace().Resource(rbac.ResourceLabel)
-		return lAPI.RequireSystemAccess(ctx, action, resource)
+		return lAPI.RequireSystemAccess(ctx, action, rbac.ResourceLabel)
 	case common.LabelScopeProject:
 		if len(subresources) == 0 {
 			subresources = append(subresources, rbac.ResourceLabel)