From dba32a1c5b5a03909d855ea099a7a0c7fc41dc7c Mon Sep 17 00:00:00 2001
From: wanjunlei <wanjunlei@yunify.com>
Date: Wed, 24 Jun 2020 16:26:51 +0800
Subject: [PATCH 1/3] fix bug total result of auditing time topology error

---
 pkg/simple/client/auditing/elasticsearch/elasticsearch.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/simple/client/auditing/elasticsearch/elasticsearch.go b/pkg/simple/client/auditing/elasticsearch/elasticsearch.go
index ee7e972e6..7b8ef64a2 100644
--- a/pkg/simple/client/auditing/elasticsearch/elasticsearch.go
+++ b/pkg/simple/client/auditing/elasticsearch/elasticsearch.go
@@ -123,7 +123,7 @@ func (es *Elasticsearch) CountOverTime(filter *auditing.Filter, interval string)
 	if err := json.Unmarshal(raw, &agg); err != nil {
 		return nil, err
 	}
-	histo := auditing.Histogram{Total: int64(len(agg.Buckets))}
+	histo := auditing.Histogram{Total: resp.Hits.Total}
 	for _, b := range agg.Buckets {
 		histo.Buckets = append(histo.Buckets,
 			auditing.Bucket{Time: b.Key, Count: b.DocCount})

From 9a02d770932e1e34714e79377b2782c7d3bbf293 Mon Sep 17 00:00:00 2001
From: wanjunlei <wanjunlei@yunify.com>
Date: Wed, 24 Jun 2020 22:55:33 +0800
Subject: [PATCH 2/3] add resourcescope to AttributesRecord when determine
 whether the user can list namespace

---
 pkg/models/tenant/tenant.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkg/models/tenant/tenant.go b/pkg/models/tenant/tenant.go
index 68a92670a..6fc0e7579 100644
--- a/pkg/models/tenant/tenant.go
+++ b/pkg/models/tenant/tenant.go
@@ -702,10 +702,9 @@ func (t *tenantOperator) Auditing(user user.Info, queryParam *auditingv1alpha1.Q
 		listEvts := authorizer.AttributesRecord{
 			User:            user,
 			Verb:            "list",
-			APIGroup:        "",
-			APIVersion:      "v1",
 			Resource:        "namespaces",
 			ResourceRequest: true,
+			ResourceScope:   request.ClusterScope,
 		}
 		decision, _, err := t.authorizer.Authorize(listEvts)
 		if err != nil {

From 7338b81254bc6f1a16c469ae7cc58ef63423cdc5 Mon Sep 17 00:00:00 2001
From: wanjunlei <wanjunlei@yunify.com>
Date: Sat, 27 Jun 2020 11:13:26 +0800
Subject: [PATCH 3/3] Delete modification of permission and submit as a pr
 separately

---
 pkg/models/tenant/tenant.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/models/tenant/tenant.go b/pkg/models/tenant/tenant.go
index 6fc0e7579..68a92670a 100644
--- a/pkg/models/tenant/tenant.go
+++ b/pkg/models/tenant/tenant.go
@@ -702,9 +702,10 @@ func (t *tenantOperator) Auditing(user user.Info, queryParam *auditingv1alpha1.Q
 		listEvts := authorizer.AttributesRecord{
 			User:            user,
 			Verb:            "list",
+			APIGroup:        "",
+			APIVersion:      "v1",
 			Resource:        "namespaces",
 			ResourceRequest: true,
-			ResourceScope:   request.ClusterScope,
 		}
 		decision, _, err := t.authorizer.Authorize(listEvts)
 		if err != nil {