revoke scan permission from the developer role

Signed-off-by: Steven Zou <szou@vmware.com>
2024-11-18 16:25:16 +01:00 · 2019-11-06 14:04:29 +08:00 · 2019-11-06 14:04:29 +08:00 · ee31418e8e
commit ee31418e8e
parent 4b335b79d5
3 changed files with 3 additions and 25 deletions
--- a/src/common/rbac/project/visitor_role.go
+++ b/src/common/rbac/project/visitor_role.go
@ -269,7 +269,6 @@ var (
 			{Resource: rbac.ResourceRobot, Action: rbac.ActionRead},
 			{Resource: rbac.ResourceRobot, Action: rbac.ActionList},

-			{Resource: rbac.ResourceScan, Action: rbac.ActionCreate},
 			{Resource: rbac.ResourceScan, Action: rbac.ActionRead},

 			{Resource: rbac.ResourceScanner, Action: rbac.ActionRead},
--- a/src/core/api/repository_test.go
+++ b/src/core/api/repository_test.go
@ -18,8 +18,6 @@ import (
 	"net/http"
 	"testing"

-	"github.com/goharbor/harbor/src/common/dao"
-	"github.com/goharbor/harbor/src/common/dao/project"
 	"github.com/goharbor/harbor/src/common/models"
 	"github.com/goharbor/harbor/src/testing/apitests/apilib"
 	"github.com/stretchr/testify/assert"
@ -230,24 +228,6 @@ func TestPopulateAuthor(t *testing.T) {
 }

 func TestPutOfRepository(t *testing.T) {
-	u, err := dao.GetUser(models.User{
-		Username: projAdmin.Name,
-	})
-	if err != nil {
-		t.Errorf("Error occurred when Register user: %v", err)
-	}
-	pmid, err := project.AddProjectMember(
-		models.Member{
-			ProjectID:  1,
-			Role:       1,
-			EntityID:   int(u.UserID),
-			EntityType: "u"},
-	)
-	if err != nil {
-		t.Errorf("Error occurred when add project member: %v", err)
-	}
-	defer project.DeleteProjectMemberByID(pmid)
-
 	base := "/api/repositories/"
 	desc := struct {
 		Description string `json:"description"`
@ -329,7 +309,7 @@ func TestPutOfRepository(t *testing.T) {

 	// verify that the description is changed
 	repositories := []*repoResp{}
-	err = handleAndParse(&testingRequest{
+	err := handleAndParse(&testingRequest{
 		method: http.MethodGet,
 		url:    base,
 		queryStruct: struct {
--- a/src/core/api/scan_test.go
+++ b/src/core/api/scan_test.go
@ -19,9 +19,8 @@ import (
 	"net/http"
 	"testing"

-	"github.com/goharbor/harbor/src/pkg/scan/all"
-
 	"github.com/goharbor/harbor/src/jobservice/job"
+	"github.com/goharbor/harbor/src/pkg/scan/all"
 	"github.com/goharbor/harbor/src/pkg/scan/api/scan"
 	dscan "github.com/goharbor/harbor/src/pkg/scan/dao/scan"
 	"github.com/goharbor/harbor/src/pkg/scan/report"
@ -119,7 +118,7 @@ func (suite *ScanAPITestSuite) TestScanAPIScan() {
 			request: &testingRequest{
 				url:        scanBaseURL,
 				method:     http.MethodPost,
-				credential: projDeveloper,
+				credential: projAdmin,
 			},
 			code: http.StatusAccepted,
 		},