Fix the devopsProjectLister is nil

Signed-off-by: rick <1450685+LinuxSuRen@users.noreply.github.com>

pkg/apiserver/apiserver.go

@@ -322,7 +322,7 @@ func (s *APIServer) buildHandlerChain(stopCh <-chan struct{}) {
 	case authorization.RBAC:
 		excludedPaths := []string{"/oauth/*", "/kapis/config.kubesphere.io/*", "/kapis/version", "/kapis/metrics"}
 		pathAuthorizer, _ := path.NewAuthorizer(excludedPaths)
-		amOperator := am.NewReadOnlyOperator(s.InformerFactory)
+		amOperator := am.NewReadOnlyOperator(s.InformerFactory, s.DevopsClient)
 		authorizers = unionauthorizer.New(pathAuthorizer, rbac.NewRBACAuthorizer(amOperator))
 	}
 

pkg/apiserver/authorization/rbac/rbac_test.go

@@ -920,7 +920,7 @@ func newMockRBACAuthorizer(staticRoles *StaticRoles) (*RBACAuthorizer, error) {
 			return nil, err
 		}
 	}
-	return NewRBACAuthorizer(am.NewReadOnlyOperator(fakeInformerFactory)), nil
+	return NewRBACAuthorizer(am.NewReadOnlyOperator(fakeInformerFactory, nil)), nil
 }
 
 func TestAppliesTo(t *testing.T) {

pkg/models/iam/am/am.go

@@ -114,8 +114,8 @@ type amOperator struct {
 	k8sclient                  kubernetes.Interface
 }
 
-func NewReadOnlyOperator(factory informers.InformerFactory) AccessManagementInterface {
+func NewReadOnlyOperator(factory informers.InformerFactory, devopsClient devops.Interface) AccessManagementInterface {
-	return &amOperator{
+	operator := &amOperator{
 		globalRoleBindingGetter:    globalrolebinding.New(factory.KubeSphereSharedInformerFactory()),
 		workspaceRoleBindingGetter: workspacerolebinding.New(factory.KubeSphereSharedInformerFactory()),
 		clusterRoleBindingGetter:   clusterrolebinding.New(factory.KubernetesSharedInformerFactory()),
@@ -126,16 +126,17 @@ func NewReadOnlyOperator(factory informers.InformerFactory) AccessManagementInte
 		roleGetter:                 role.New(factory.KubernetesSharedInformerFactory()),
 		namespaceLister:            factory.KubernetesSharedInformerFactory().Core().V1().Namespaces().Lister(),
 	}
+	// no more CRDs of devopsprojects if the DevOps module was disabled
+	if devopsClient != nil {
+		operator.devopsProjectLister = factory.KubeSphereSharedInformerFactory().Devops().V1alpha3().DevOpsProjects().Lister()
+	}
+	return operator
 }
 
 func NewOperator(ksClient kubesphere.Interface, k8sClient kubernetes.Interface, factory informers.InformerFactory, devopsClient devops.Interface) AccessManagementInterface {
-	amOperator := NewReadOnlyOperator(factory).(*amOperator)
+	amOperator := NewReadOnlyOperator(factory, devopsClient).(*amOperator)
 	amOperator.ksclient = ksClient
 	amOperator.k8sclient = k8sClient
-	// no more CRDs of devopsprojects if the DevOps module was disabled
-	if devopsClient != nil {
-		amOperator.devopsProjectLister = factory.KubeSphereSharedInformerFactory().Devops().V1alpha3().DevOpsProjects().Lister()
-	}
 	return amOperator
 }