Merge pull request #1361 from wansir/master

refine workspaces-manager rules

Merge pull request #1361 from wansir/master
refine workspaces-manager rules
8dc4a144 · KubeSphere CI Bot · GitHub · 857faac9 · b9d21831 · 8dc4a144
隐藏空白更改
内联并排

Showing with 12 addition and 9 deletion

pkg/models/iam/am.go pkg/models/iam/am.go +12 -9

未找到文件。
--- a/pkg/models/iam/am.go
+++ b/pkg/models/iam/am.go
@@ -489,21 +489,24 @@ func GetUserWorkspaceSimpleRules(workspace, username string) ([]models.SimpleRul
 		return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspaceAdmin), nil
 	}

-	// workspaces-manager
-	if RulesMatchesRequired(clusterRules, rbacv1.PolicyRule{
-		Verbs:     []string{"*"},
-		APIGroups: []string{"*"},
-		Resources: []string{"workspaces", "workspaces/*"},
-	}) {
-		return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspacesManager), nil
-	}
-
 	workspaceRole, err := GetUserWorkspaceRole(workspace, username)

 	if err != nil {
 		if apierrors.IsNotFound(err) {
+
+			// workspaces-manager
+			if RulesMatchesRequired(clusterRules, rbacv1.PolicyRule{
+				Verbs:     []string{"*"},
+				APIGroups: []string{"*"},
+				Resources: []string{"workspaces", "workspaces/*"},
+			}) {
+				return GetWorkspaceRoleSimpleRules(workspace, constants.WorkspacesManager), nil
+			}
+
 			return []models.SimpleRule{}, nil
 		}
+
+		klog.Error(err)
 		return nil, err
 	}