From cbc43b60bae2c60d9a500c75bed9e9578fcadaee Mon Sep 17 00:00:00 2001
From: hongming <talonwan@yunify.com>
Date: Wed, 12 Feb 2020 17:46:43 +0800
Subject: [PATCH] fix: workspaces-manager cannot be overwrite

Signed-off-by: hongming <talonwan@yunify.com>
---
 pkg/models/iam/am.go | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/pkg/models/iam/am.go b/pkg/models/iam/am.go
index 8131e14de..5251ea43b 100644
--- a/pkg/models/iam/am.go
+++ b/pkg/models/iam/am.go
@@ -489,23 +489,21 @@ func GetUserWorkspaceSimpleRules(workspace, username string) ([]models.SimpleRul
 		return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspaceAdmin), nil
 	}
 
+	// workspaces-manager
+	if RulesMatchesRequired(clusterRules, rbacv1.PolicyRule{
+		Verbs:     []string{"*"},
+		APIGroups: []string{"*"},
+		Resources: []string{"workspaces", "workspaces/*"},
+	}) {
+		return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspacesManager), nil
+	}
+
 	workspaceRole, err := GetUserWorkspaceRole(workspace, username)
 
 	if err != nil {
 		if apierrors.IsNotFound(err) {
-
-			// workspaces-manager
-			if RulesMatchesRequired(clusterRules, rbacv1.PolicyRule{
-				Verbs:     []string{"*"},
-				APIGroups: []string{"*"},
-				Resources: []string{"workspaces", "workspaces/*"},
-			}) {
-				return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspacesManager), nil
-			}
-
 			return []models.SimpleRule{}, nil
 		}
-
 		klog.Error(err)
 		return nil, err
 	}