Merge pull request #44 from wansir/master

fix bug in iam api to add additional data check logic
2018-06-05 15:13:39 +08:00
parent 40a0be0836 0e54c4df87
commit 354fb5a997
3 changed files with 9 additions and 5 deletions
--- a/pkg/apis/v1alpha/iam/iam_handler.go
+++ b/pkg/apis/v1alpha/iam/iam_handler.go
@@ -25,6 +25,7 @@ import (
 	"strings"
 	"kubesphere.io/kubesphere/pkg/constants"
 	"k8s.io/api/rbac/v1"
+	"k8s.io/kubernetes/pkg/util/slice"
 )

 func Register(ws *restful.WebService) {
@@ -86,7 +87,9 @@ func roleUsersHandler(req *restful.Request, resp *restful.Response) {

 	for _, roleBinding := range roleBindings {
 		for _, subject := range roleBinding.Subjects {
-			if subject.Kind == v1.UserKind {
+			if subject.Kind == v1.UserKind &&
+				!strings.HasPrefix(subject.Name, "system") &&
+				!slice.ContainsString(users, subject.Name, nil) {
 				users = append(users, subject.Name)
 			}
 		}
@@ -110,7 +113,8 @@ func clusterRoleUsersHandler(req *restful.Request, resp *restful.Response) {

 	for _, roleBinding := range roleBindings {
 		for _, subject := range roleBinding.Subjects {
-			if subject.Kind == v1.UserKind {
+			if subject.Kind == v1.UserKind && !strings.HasPrefix(subject.Name, "system") &&
+				!slice.ContainsString(users, subject.Name, nil) {
 				users = append(users, subject.Name)
 			}
 		}
--- a/pkg/apis/v1alpha/iam/policy.go
+++ b/pkg/apis/v1alpha/iam/policy.go
@@ -41,7 +41,7 @@ type userRuleList struct {
 	Rules        map[string][]rule `json:"rules"`
 }

-// TODO design all frontend-facing rules
+// TODO stored in etcd, allow updates
 var (
 	clusterRoleRuleGroup = []rule{projectsManagement, userManagement, roleManagement, registryManagement,
 		volumeManagement, storageclassManagement, nodeManagement, appCatalogManagement, appManagement}
--- a/pkg/models/roles.go
+++ b/pkg/models/roles.go
@@ -33,7 +33,7 @@ func GetClusterRoleBindings(name string) ([]v1.ClusterRoleBinding, error) {
 		}
 	}

-	return roleBindingList.Items, nil
+	return items, nil
 }

 func GetRoleBindings(namespace string, name string) ([]v1.RoleBinding, error) {
@@ -53,7 +53,7 @@ func GetRoleBindings(namespace string, name string) ([]v1.RoleBinding, error) {
 		}
 	}

-	return roleBindingList.Items, nil
+	return items, nil
 }

 func GetClusterRole(name string) (*v1.ClusterRole, error) {