From baa7ae4d693fa4267cc12e961e2fa9e19df97661 Mon Sep 17 00:00:00 2001
From: rick <1450685+LinuxSuRen@users.noreply.github.com>
Date: Fri, 26 Mar 2021 13:29:25 +0800
Subject: [PATCH] Fix that devops admin users cannot approve a Pipeline input

Signed-off-by: rick <1450685+LinuxSuRen@users.noreply.github.com>
---
 pkg/apiserver/authorization/authorizer/interfaces.go | 2 ++
 pkg/kapis/devops/v1alpha2/devops.go                  | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/apiserver/authorization/authorizer/interfaces.go b/pkg/apiserver/authorization/authorizer/interfaces.go
index 181b9cb5c..7756d3c5c 100644
--- a/pkg/apiserver/authorization/authorizer/interfaces.go
+++ b/pkg/apiserver/authorization/authorizer/interfaces.go
@@ -209,4 +209,6 @@ const (
 	VerbGet = "get"
 	// VerbWatch represents the verb of watching a resource
 	VerbWatch = "watch"
+	// VerbDelete represents the verb of deleting a resource
+	VerbDelete = "delete"
 )
diff --git a/pkg/kapis/devops/v1alpha2/devops.go b/pkg/kapis/devops/v1alpha2/devops.go
index d5de97d38..4e8bb15b3 100644
--- a/pkg/kapis/devops/v1alpha2/devops.go
+++ b/pkg/kapis/devops/v1alpha2/devops.go
@@ -307,8 +307,9 @@ func (h *ProjectPipelineHandler) approvableCheck(nodes []clientDevOps.NodesDetai
 	if userInfo, ok = request.UserFrom(pipe.Context); ok {
 		createAuth := authorizer.AttributesRecord{
 			User:            userInfo,
-			Verb:            authorizer.VerbCreate,
+			Verb:            authorizer.VerbDelete,
 			Workspace:       pipe.Workspace,
+			DevOps:          pipe.ProjectName,
 			Resource:        "devopsprojects",
 			ResourceRequest: true,
 			ResourceScope:   request.DevOpsScope,