fix workflow create auth error (#2961)

* fix workflow create auth error Signed-off-by: N allenshen <shendongdong@koderover.com> * fix workflow create auth error Signed-off-by: N allenshen <shendongdong@koderover.com> * update project key Signed-off-by: N allenshen <shendongdong@koderover.com> * remove debug log Signed-off-by: N allenshen <shendongdong@koderover.com> --------- Signed-off-by: N allenshen <shendongdong@koderover.com>

fix workflow create auth error (#2961)
* fix workflow create auth error Signed-off-by: N allenshen <shendongdong@koderover.com> * fix workflow create auth error Signed-off-by: N allenshen <shendongdong@koderover.com> * update project key Signed-off-by: N allenshen <shendongdong@koderover.com> * remove debug log Signed-off-by: N allenshen <shendongdong@koderover.com> --------- Signed-off-by: N allenshen <shendongdong@koderover.com>
d194fc81 · shendongdong · GitHub · 72478c8a · d194fc81
隐藏空白更改
内联并排

Showing with 20 addition and 5 deletion

pkg/microservice/aslan/core/templatestore/handler/workflow.go ...microservice/aslan/core/templatestore/handler/workflow.go +20 -5

未找到文件。
--- a/pkg/microservice/aslan/core/templatestore/handler/workflow.go
+++ b/pkg/microservice/aslan/core/templatestore/handler/workflow.go
@@ -41,9 +41,16 @@ func GetWorkflowTemplateByID(c *gin.Context) {
 	// authorization check
 	if !ctx.Resources.IsSystemAdmin {
 		if !ctx.Resources.SystemActions.Template.View {
-			ctx.UnAuthorized = true
+			projectKey := c.Param("projectName")
-			internalhandler.JSONResponse(c, ctx)
+			if _, ok := ctx.Resources.ProjectAuthInfo[projectKey]; !ok {
-			return
+				ctx.UnAuthorized = true
+				return
+			}
+			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
+				!ctx.Resources.ProjectAuthInfo[projectKey].Workflow.Create {
+				ctx.UnAuthorized = true
+				return
+			}
 		}
 	}
@@ -70,8 +77,16 @@ func ListWorkflowTemplate(c *gin.Context) {
 	// authorization check
 	if !ctx.Resources.IsSystemAdmin {
 		if !ctx.Resources.SystemActions.Template.View {
-			ctx.UnAuthorized = true
+			projectKey := c.Param("projectName")
-			return
+			if _, ok := ctx.Resources.ProjectAuthInfo[projectKey]; !ok {
+				ctx.UnAuthorized = true
+				return
+			}
+			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
+				!ctx.Resources.ProjectAuthInfo[projectKey].Workflow.Create {
+				ctx.UnAuthorized = true
+				return
+			}
 		}
 	}