admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: workspaces-manager cannot be overwrite

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2020-02-12 17:46:43 +08:00
parent a003b57351
commit cbc43b60ba
1 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
pkg/models/iam/am.go
View File

@@ -489,23 +489,21 @@ func GetUserWorkspaceSimpleRules(workspace, username string) ([]models.SimpleRul
return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspaceAdmin), nil
}
// workspaces-manager
if RulesMatchesRequired(clusterRules, rbacv1.PolicyRule{
Verbs: []string{"*"},
APIGroups: []string{"*"},
Resources: []string{"workspaces", "workspaces/*"},
}) {
return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspacesManager), nil
}
workspaceRole, err := GetUserWorkspaceRole(workspace, username)
if err != nil {
if apierrors.IsNotFound(err) {
// workspaces-manager
if RulesMatchesRequired(clusterRules, rbacv1.PolicyRule{
Verbs: []string{"*"},
APIGroups: []string{"*"},
Resources: []string{"workspaces", "workspaces/*"},
}) {
return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspacesManager), nil
}
return []models.SimpleRule{}, nil
}
klog.Error(err)
return nil, err
}