From ed5e1c53e996fab9256976e5196dae252ac59723 Mon Sep 17 00:00:00 2001 From: hongming Date: Mon, 29 Apr 2019 17:37:07 +0800 Subject: [PATCH] fix: workspace manage permission Signed-off-by: hongming --- pkg/models/iam/am.go | 11 +++++++---- pkg/models/iam/policy/policy.go | 16 +--------------- 2 files changed, 8 insertions(+), 19 deletions(-) diff --git a/pkg/models/iam/am.go b/pkg/models/iam/am.go index ccf1319d1..d65e1e504 100644 --- a/pkg/models/iam/am.go +++ b/pkg/models/iam/am.go @@ -481,10 +481,13 @@ func GetUserWorkspaceSimpleRules(workspace, username string) ([]models.SimpleRul return nil, err } - if workspacesManager, err := policy.GetClusterAction("workspaces", "edit"); err == nil { - if rulesMatchesAction(clusterRules, workspacesManager) { - return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspaceAdmin), nil - } + // workspace manager + if RulesMatchesRequired(clusterRules, rbacv1.PolicyRule{ + Verbs: []string{"*"}, + APIGroups: []string{"*"}, + Resources: []string{"workspaces", "workspaces/*"}, + }) { + return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspaceAdmin), nil } workspaceRole, err := GetUserWorkspaceRole(workspace, username) diff --git a/pkg/models/iam/policy/policy.go b/pkg/models/iam/policy/policy.go index bedf8ed5f..7c48f659d 100644 --- a/pkg/models/iam/policy/policy.go +++ b/pkg/models/iam/policy/policy.go @@ -20,7 +20,6 @@ package policy import ( "encoding/json" - "fmt" "io/ioutil" "kubesphere.io/kubesphere/pkg/models" @@ -60,7 +59,7 @@ var ( {Name: "workspaces", Actions: []models.Action{ { - Name: "manager", + Name: "manage", Rules: []v1.PolicyRule{ { Verbs: []string{"*"}, @@ -1084,16 +1083,3 @@ var ( }, } ) - -func GetClusterAction(module, action string) (models.Action, error) { - for _, rule := range ClusterRoleRuleMapping { - if rule.Name == module { - for _, act := range rule.Actions { - if act.Name == action { - return act, nil - } - } - } - } - return models.Action{}, fmt.Errorf("not found") -}