From 9a02d770932e1e34714e79377b2782c7d3bbf293 Mon Sep 17 00:00:00 2001
From: wanjunlei <wanjunlei@yunify.com>
Date: Wed, 24 Jun 2020 22:55:33 +0800
Subject: [PATCH] add resourcescope to AttributesRecord when determine whether
 the user can list namespace

---
 pkg/models/tenant/tenant.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkg/models/tenant/tenant.go b/pkg/models/tenant/tenant.go
index 68a92670a..6fc0e7579 100644
--- a/pkg/models/tenant/tenant.go
+++ b/pkg/models/tenant/tenant.go
@@ -702,10 +702,9 @@ func (t *tenantOperator) Auditing(user user.Info, queryParam *auditingv1alpha1.Q
 		listEvts := authorizer.AttributesRecord{
 			User:            user,
 			Verb:            "list",
-			APIGroup:        "",
-			APIVersion:      "v1",
 			Resource:        "namespaces",
 			ResourceRequest: true,
+			ResourceScope:   request.ClusterScope,
 		}
 		decision, _, err := t.authorizer.Authorize(listEvts)
 		if err != nil {