mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-26 20:26:13 +01:00
Fix action and resouce of RBAC change
Signed-off-by: wang yan <wangyan@vmware.com>
This commit is contained in:
parent
bf663df0e7
commit
f4f4535304
@ -17,7 +17,6 @@ package robot
|
||||
import (
|
||||
"github.com/goharbor/harbor/src/common/models"
|
||||
"github.com/goharbor/harbor/src/common/rbac"
|
||||
"github.com/goharbor/harbor/src/common/rbac/project"
|
||||
"github.com/goharbor/harbor/src/core/promgr"
|
||||
)
|
||||
|
||||
@ -64,19 +63,19 @@ func (s *SecurityContext) IsSolutionUser() bool {
|
||||
// HasReadPerm returns whether the user has read permission to the project
|
||||
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
||||
isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
|
||||
return s.Can(project.ActionPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
|
||||
return s.Can(rbac.ActionPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(rbac.ResourceRepository))
|
||||
}
|
||||
|
||||
// HasWritePerm returns whether the user has write permission to the project
|
||||
func (s *SecurityContext) HasWritePerm(projectIDOrName interface{}) bool {
|
||||
isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
|
||||
return s.Can(project.ActionPush, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
|
||||
return s.Can(rbac.ActionPush, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(rbac.ResourceRepository))
|
||||
}
|
||||
|
||||
// HasAllPerm returns whether the user has all permissions to the project
|
||||
func (s *SecurityContext) HasAllPerm(projectIDOrName interface{}) bool {
|
||||
isPublicProject, _ := s.pm.IsPublic(projectIDOrName)
|
||||
return s.Can(project.ActionPushPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(project.ResourceImage))
|
||||
return s.Can(rbac.ActionPushPull, rbac.NewProjectNamespace(projectIDOrName, isPublicProject).Resource(rbac.ResourceRepository))
|
||||
}
|
||||
|
||||
// GetMyProjects no implementation
|
||||
|
@ -136,7 +136,7 @@ func TestIsSolutionUser(t *testing.T) {
|
||||
func TestHasReadPerm(t *testing.T) {
|
||||
|
||||
rbacPolicy := &rbac.Policy{
|
||||
Resource: "/project/testrobot/image",
|
||||
Resource: "/project/testrobot/repository",
|
||||
Action: "pull",
|
||||
}
|
||||
policies := []*rbac.Policy{}
|
||||
@ -153,7 +153,7 @@ func TestHasReadPerm(t *testing.T) {
|
||||
func TestHasWritePerm(t *testing.T) {
|
||||
|
||||
rbacPolicy := &rbac.Policy{
|
||||
Resource: "/project/testrobot/image",
|
||||
Resource: "/project/testrobot/repository",
|
||||
Action: "push",
|
||||
}
|
||||
policies := []*rbac.Policy{}
|
||||
@ -169,7 +169,7 @@ func TestHasWritePerm(t *testing.T) {
|
||||
|
||||
func TestHasAllPerm(t *testing.T) {
|
||||
rbacPolicy := &rbac.Policy{
|
||||
Resource: "/project/testrobot/image",
|
||||
Resource: "/project/testrobot/repository",
|
||||
Action: "push+pull",
|
||||
}
|
||||
policies := []*rbac.Policy{}
|
||||
|
Loading…
Reference in New Issue
Block a user