admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1341 from wansir/policy-rules

Browse Source 
refine iam policy rules
This commit is contained in:
KubeSphere CI Bot
2019-11-04 14:39:59 +08:00
committed by GitHub
parent 04f6eba711 636ace1b86
commit 24cbc083b0
2 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/models/iam/am.go
View File

@@ -480,7 +480,16 @@ func GetUserWorkspaceSimpleRules(workspace, username string) ([]models.SimpleRul
return nil, err
}
// workspace manager
// cluster-admin
if RulesMatchesRequired(clusterRules, rbacv1.PolicyRule{
Verbs: []string{"*"},
APIGroups: []string{"*"},
Resources: []string{"*"},
}) {
return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspaceAdmin), nil
}
// workspaces-manager
if RulesMatchesRequired(clusterRules, rbacv1.PolicyRule{
Verbs: []string{"*"},
APIGroups: []string{"*"},
@@ -497,6 +506,7 @@ func GetUserWorkspaceSimpleRules(workspace, username string) ([]models.SimpleRul
}
return nil, err
}
return GetWorkspaceRoleSimpleRules(workspace, workspaceRole.Annotations[constants.DisplayNameAnnotationKey]), nil
}