admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refine workspaces-manager rules

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2019-11-05 15:42:49 +08:00
parent c1dccd4620
commit b9d218316a
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/models/iam/am.go
View File

@@ -489,21 +489,24 @@ func GetUserWorkspaceSimpleRules(workspace, username string) ([]models.SimpleRul
return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspaceAdmin), nil
}
// workspaces-manager
if RulesMatchesRequired(clusterRules, rbacv1.PolicyRule{
Verbs: []string{"*"},
APIGroups: []string{"*"},
Resources: []string{"workspaces", "workspaces/*"},
}) {
return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspacesManager), nil
}
workspaceRole, err := GetUserWorkspaceRole(workspace, username)
if err != nil {
if apierrors.IsNotFound(err) {
// workspaces-manager
if RulesMatchesRequired(clusterRules, rbacv1.PolicyRule{
Verbs: []string{"*"},
APIGroups: []string{"*"},
Resources: []string{"workspaces", "workspaces/*"},
}) {
return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspacesManager), nil
}
return []models.SimpleRule{}, nil
}
klog.Error(err)
return nil, err
}