admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refine iam policy rules

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2019-11-02 13:28:12 +08:00
parent cae0911d46
commit 8b037cef3f
3 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/models/iam/am.go
View File

@@ -487,7 +487,7 @@ func GetUserWorkspaceSimpleRules(workspace, username string) ([]models.SimpleRul
APIGroups: []string{"*"},
Resources: []string{"workspaces", "workspaces/*"},
}) {
return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspaceAdmin), nil
return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspacesManager), nil
}
workspaceRole, err := GetUserWorkspaceRole(workspace, username)
@@ -534,6 +534,12 @@ func GetWorkspaceRoleSimpleRules(workspace, roleName string) []models.SimpleRule
{Name: "apps", Actions: []string{"view"}},
{Name: "repos", Actions: []string{"view"}},
}
case constants.WorkspacesManager:
workspaceRules = []models.SimpleRule{
{Name: "workspaces", Actions: []string{"edit", "delete", "view"}},
{Name: "members", Actions: []string{"edit", "delete", "create", "view"}},
{Name: "roles", Actions: []string{"view"}},
}
}
return workspaceRules