Fix action and resouce of RBAC change

Signed-off-by: wang yan <wangyan@vmware.com>
This commit is contained in:
wang yan 2019-01-29 16:22:50 +08:00
parent bf663df0e7
commit f4f4535304
2 changed files with 6 additions and 7 deletions

View File

@ -17,7 +17,6 @@ package robot
import (
"github.com/goharbor/harbor/src/common/models"
"github.com/goharbor/harbor/src/common/rbac"
"github.com/goharbor/harbor/src/common/rbac/project"
"github.com/goharbor/harbor/src/core/promgr"
)
@ -64,19 +63,19 @@ func (s *SecurityContext) IsSolutionUser() bool {
// HasReadPerm returns whether the user has read permission to the project
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
return s.Can(project.ActionPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
return s.Can(rbac.ActionPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(rbac.ResourceRepository))
}
// HasWritePerm returns whether the user has write permission to the project
func (s *SecurityContext) HasWritePerm(projectIDOrName interface{}) bool {
isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
return s.Can(project.ActionPush, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
return s.Can(rbac.ActionPush, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(rbac.ResourceRepository))
}
// HasAllPerm returns whether the user has all permissions to the project
func (s *SecurityContext) HasAllPerm(projectIDOrName interface{}) bool {
isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
return s.Can(project.ActionPushPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
return s.Can(rbac.ActionPushPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(rbac.ResourceRepository))
}
// GetMyProjects no implementation

View File

@ -136,7 +136,7 @@ func TestIsSolutionUser(t *testing.T) {
func TestHasReadPerm(t *testing.T) {
rbacPolicy := &rbac.Policy{
Resource: "/project/testrobot/image",
Resource: "/project/testrobot/repository",
Action: "pull",
}
policies := []*rbac.Policy{}
@ -153,7 +153,7 @@ func TestHasReadPerm(t *testing.T) {
func TestHasWritePerm(t *testing.T) {
rbacPolicy := &rbac.Policy{
Resource: "/project/testrobot/image",
Resource: "/project/testrobot/repository",
Action: "push",
}
policies := []*rbac.Policy{}
@ -169,7 +169,7 @@ func TestHasWritePerm(t *testing.T) {
func TestHasAllPerm(t *testing.T) {
rbacPolicy := &rbac.Policy{
Resource: "/project/testrobot/image",
Resource: "/project/testrobot/repository",
Action: "push+pull",
}
policies := []*rbac.Policy{}