fix: privilege escalation

Signed-off-by: hongming <talonwan@yunify.com>
2019-10-31 15:42:03 +08:00
parent 6790844340
commit 0177baf916
2 changed files with 11 additions and 4 deletions
--- a/pkg/models/iam/im.go
+++ b/pkg/models/iam/im.go
@@ -1166,11 +1166,13 @@ func UpdateUser(user *models.User) (*models.User, error) {
 		return nil, err
 	}

-	err = CreateClusterRoleBinding(user.Username, user.ClusterRole)
+	if user.ClusterRole != "" {
+		err = CreateClusterRoleBinding(user.Username, user.ClusterRole)

-	if err != nil {
-		klog.Errorln("create cluster role binding filed", err)
-		return nil, err
+		if err != nil {
+			klog.Errorln(err)
+			return nil, err
+		}
 	}

 	// clear auth failed record