diff --git a/pkg/kapis/devops/v1alpha2/member.go b/pkg/kapis/devops/v1alpha2/member.go index d0c045f47..1fbc3154f 100644 --- a/pkg/kapis/devops/v1alpha2/member.go +++ b/pkg/kapis/devops/v1alpha2/member.go @@ -28,14 +28,7 @@ import ( func (h ProjectPipelineHandler) GetDevOpsProjectMembersHandler(request *restful.Request, resp *restful.Response) { projectId := request.PathParameter("devops") - username := request.HeaderParameter(constants.UserNameHeader) - err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice) - if err != nil { - klog.Errorf("%+v", err) - api.HandleForbidden(resp, nil, err) - return - } orderBy := request.QueryParameter(params.OrderByParam) reverse := params.GetBoolValueWithDefault(request, params.ReverseParam, false) limit, offset := params.ParsePaging(request) @@ -56,15 +49,8 @@ func (h ProjectPipelineHandler) GetDevOpsProjectMembersHandler(request *restful. func (h ProjectPipelineHandler) GetDevOpsProjectMemberHandler(request *restful.Request, resp *restful.Response) { projectId := request.PathParameter("devops") - username := request.HeaderParameter(constants.UserNameHeader) member := request.PathParameter("member") - err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice) - if err != nil { - klog.Errorf("%+v", err) - api.HandleForbidden(resp, nil, err) - return - } project, err := h.projectMemberOperator.GetProjectMember(projectId, member) if err != nil { @@ -101,12 +87,6 @@ func (h ProjectPipelineHandler) AddDevOpsProjectMemberHandler(request *restful.R api.HandleBadRequest(resp, request, err) return } - err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner}) - if err != nil { - klog.Errorf("%+v", err) - api.HandleForbidden(resp, nil, err) - return - } member.GrantBy = username project, err := h.projectMemberOperator.AddProjectMember(projectId, member) @@ -153,12 +133,6 @@ func (h ProjectPipelineHandler) UpdateDevOpsProjectMemberHandler(request *restfu return } - err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner}) - if err != nil { - klog.Errorf("%+v", err) - api.HandleForbidden(resp, nil, err) - return - } project, err := h.projectMemberOperator.UpdateProjectMember(projectId, member) if err != nil { @@ -177,13 +151,7 @@ func (h ProjectPipelineHandler) DeleteDevOpsProjectMemberHandler(request *restfu username := request.HeaderParameter(constants.UserNameHeader) member := request.PathParameter("member") - err := h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner}) - if err != nil { - klog.Errorf("%+v", err) - api.HandleForbidden(resp, nil, err) - return - } - username, err = h.projectMemberOperator.DeleteProjectMember(projectId, member) + username, err := h.projectMemberOperator.DeleteProjectMember(projectId, member) if err != nil { klog.Errorf("%+v", err) api.HandleInternalError(resp, nil, err) diff --git a/pkg/kapis/devops/v1alpha2/pipeline_sonar.go b/pkg/kapis/devops/v1alpha2/pipeline_sonar.go index 9f8456cba..163162fa4 100644 --- a/pkg/kapis/devops/v1alpha2/pipeline_sonar.go +++ b/pkg/kapis/devops/v1alpha2/pipeline_sonar.go @@ -4,20 +4,11 @@ import ( "github.com/emicklei/go-restful" "k8s.io/klog" "kubesphere.io/kubesphere/pkg/api" - "kubesphere.io/kubesphere/pkg/constants" - "kubesphere.io/kubesphere/pkg/simple/client/devops" ) func (h PipelineSonarHandler) GetPipelineSonarStatusHandler(request *restful.Request, resp *restful.Response) { projectId := request.PathParameter("devops") - username := request.HeaderParameter(constants.UserNameHeader) pipelineId := request.PathParameter("pipeline") - err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice) - if err != nil { - klog.Errorf("%+v", err) - api.HandleForbidden(resp, nil, err) - return - } sonarStatus, err := h.pipelineSonarGetter.GetPipelineSonar(projectId, pipelineId) if err != nil { klog.Errorf("%+v", err) @@ -29,15 +20,8 @@ func (h PipelineSonarHandler) GetPipelineSonarStatusHandler(request *restful.Req func (h PipelineSonarHandler) GetMultiBranchesPipelineSonarStatusHandler(request *restful.Request, resp *restful.Response) { projectId := request.PathParameter("devops") - username := request.HeaderParameter(constants.UserNameHeader) pipelineId := request.PathParameter("pipeline") branchId := request.PathParameter("branch") - err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice) - if err != nil { - klog.Errorf("%+v", err) - api.HandleForbidden(resp, nil, err) - return - } sonarStatus, err := h.pipelineSonarGetter.GetMultiBranchPipelineSonar(projectId, pipelineId, branchId) if err != nil { klog.Errorf("%+v", err) diff --git a/pkg/kapis/devops/v1alpha2/project.go b/pkg/kapis/devops/v1alpha2/project.go index 94453a597..8eb393014 100644 --- a/pkg/kapis/devops/v1alpha2/project.go +++ b/pkg/kapis/devops/v1alpha2/project.go @@ -18,21 +18,13 @@ import ( "k8s.io/klog" "kubesphere.io/kubesphere/pkg/api" "kubesphere.io/kubesphere/pkg/api/devops/v1alpha2" - "kubesphere.io/kubesphere/pkg/constants" "kubesphere.io/kubesphere/pkg/simple/client/devops" ) func (h ProjectPipelineHandler) GetDevOpsProjectHandler(request *restful.Request, resp *restful.Response) { projectId := request.PathParameter("devops") - username := request.HeaderParameter(constants.UserNameHeader) - err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice) - if err != nil { - klog.Errorf("%+v", err) - api.HandleForbidden(resp, nil, err) - return - } project, err := h.projectOperator.GetProject(projectId) if err != nil { @@ -48,7 +40,6 @@ func (h ProjectPipelineHandler) GetDevOpsProjectHandler(request *restful.Request func (h ProjectPipelineHandler) UpdateProjectHandler(request *restful.Request, resp *restful.Response) { projectId := request.PathParameter("devops") - username := request.HeaderParameter(constants.UserNameHeader) var project *v1alpha2.DevOpsProject err := request.ReadEntity(&project) if err != nil { @@ -57,12 +48,6 @@ func (h ProjectPipelineHandler) UpdateProjectHandler(request *restful.Request, r return } project.ProjectId = projectId - err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner}) - if err != nil { - klog.Errorf("%+v", err) - api.HandleForbidden(resp, nil, err) - return - } project, err = h.projectOperator.UpdateProject(project) if err != nil { diff --git a/pkg/models/devops/project_handler.go b/pkg/models/devops/project_handler.go index 76a254602..4f5c26aec 100644 --- a/pkg/models/devops/project_handler.go +++ b/pkg/models/devops/project_handler.go @@ -30,7 +30,6 @@ import ( type ProjectOperator interface { GetProject(projectId string) (*v1alpha2.DevOpsProject, error) UpdateProject(project *v1alpha2.DevOpsProject) (*v1alpha2.DevOpsProject, error) - CheckProjectUserInRole(username, projectId string, roles []string) error } type projectOperator struct { diff --git a/pkg/models/tenant/devops.go b/pkg/models/tenant/devops.go index 675fdfd78..f6bb3ad46 100644 --- a/pkg/models/tenant/devops.go +++ b/pkg/models/tenant/devops.go @@ -145,13 +145,7 @@ func (o *devopsProjectOperator) GetDevOpsProjectsCount(username string) (uint32, } func (o *devopsProjectOperator) DeleteDevOpsProject(projectId, username string) error { - err := o.ksProjectOperator.CheckProjectUserInRole(username, projectId, []string{dsClient.ProjectOwner}) - if err != nil { - klog.Errorf("%+v", err) - return restful.NewError(http.StatusForbidden, err.Error()) - } - - err = o.dsProject.DeleteDevOpsProject(projectId) + err := o.dsProject.DeleteDevOpsProject(projectId) if err != nil { klog.Errorf("%+v", err) return err