From ee31418e8e5bf68920b9d59603716ed1a621c8f0 Mon Sep 17 00:00:00 2001 From: Steven Zou Date: Wed, 6 Nov 2019 14:04:29 +0800 Subject: [PATCH] revoke scan permission from the developer role Signed-off-by: Steven Zou --- src/common/rbac/project/visitor_role.go | 1 - src/core/api/repository_test.go | 22 +--------------------- src/core/api/scan_test.go | 5 ++--- 3 files changed, 3 insertions(+), 25 deletions(-) diff --git a/src/common/rbac/project/visitor_role.go b/src/common/rbac/project/visitor_role.go index da165bb7b..b2ad6e502 100755 --- a/src/common/rbac/project/visitor_role.go +++ b/src/common/rbac/project/visitor_role.go @@ -269,7 +269,6 @@ var ( {Resource: rbac.ResourceRobot, Action: rbac.ActionRead}, {Resource: rbac.ResourceRobot, Action: rbac.ActionList}, - {Resource: rbac.ResourceScan, Action: rbac.ActionCreate}, {Resource: rbac.ResourceScan, Action: rbac.ActionRead}, {Resource: rbac.ResourceScanner, Action: rbac.ActionRead}, diff --git a/src/core/api/repository_test.go b/src/core/api/repository_test.go index b51a38aeb..f52d5758a 100644 --- a/src/core/api/repository_test.go +++ b/src/core/api/repository_test.go @@ -18,8 +18,6 @@ import ( "net/http" "testing" - "github.com/goharbor/harbor/src/common/dao" - "github.com/goharbor/harbor/src/common/dao/project" "github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/testing/apitests/apilib" "github.com/stretchr/testify/assert" @@ -230,24 +228,6 @@ func TestPopulateAuthor(t *testing.T) { } func TestPutOfRepository(t *testing.T) { - u, err := dao.GetUser(models.User{ - Username: projAdmin.Name, - }) - if err != nil { - t.Errorf("Error occurred when Register user: %v", err) - } - pmid, err := project.AddProjectMember( - models.Member{ - ProjectID: 1, - Role: 1, - EntityID: int(u.UserID), - EntityType: "u"}, - ) - if err != nil { - t.Errorf("Error occurred when add project member: %v", err) - } - defer project.DeleteProjectMemberByID(pmid) - base := "/api/repositories/" desc := struct { Description string `json:"description"` @@ -329,7 +309,7 @@ func TestPutOfRepository(t *testing.T) { // verify that the description is changed repositories := []*repoResp{} - err = handleAndParse(&testingRequest{ + err := handleAndParse(&testingRequest{ method: http.MethodGet, url: base, queryStruct: struct { diff --git a/src/core/api/scan_test.go b/src/core/api/scan_test.go index 0c40a5698..60515b6ca 100644 --- a/src/core/api/scan_test.go +++ b/src/core/api/scan_test.go @@ -19,9 +19,8 @@ import ( "net/http" "testing" - "github.com/goharbor/harbor/src/pkg/scan/all" - "github.com/goharbor/harbor/src/jobservice/job" + "github.com/goharbor/harbor/src/pkg/scan/all" "github.com/goharbor/harbor/src/pkg/scan/api/scan" dscan "github.com/goharbor/harbor/src/pkg/scan/dao/scan" "github.com/goharbor/harbor/src/pkg/scan/report" @@ -119,7 +118,7 @@ func (suite *ScanAPITestSuite) TestScanAPIScan() { request: &testingRequest{ url: scanBaseURL, method: http.MethodPost, - credential: projDeveloper, + credential: projAdmin, }, code: http.StatusAccepted, },