admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add resourcescope to AttributesRecord when determine whether the user can list namespace

Browse Source
This commit is contained in:
wanjunlei
2020-06-24 22:55:33 +08:00
parent dba32a1c5b
commit 9a02d77093
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/models/tenant/tenant.go
View File

@@ -702,10 +702,9 @@ func (t *tenantOperator) Auditing(user user.Info, queryParam *auditingv1alpha1.Q
listEvts := authorizer.AttributesRecord{ listEvts := authorizer.AttributesRecord{
User: user, User: user,
Verb: "list", Verb: "list",
APIGroup: "",
APIVersion: "v1",
Resource: "namespaces", Resource: "namespaces",
ResourceRequest: true, ResourceRequest: true,
ResourceScope: request.ClusterScope,
} }
decision, _, err := t.authorizer.Authorize(listEvts) decision, _, err := t.authorizer.Authorize(listEvts)
if err != nil { if err != nil {