Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
KubeSphere
kubesphere
提交
8b037cef
K
kubesphere
项目概览
KubeSphere
/
kubesphere
通知
151
Star
32
Fork
5
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
2
Wiki
分析
仓库
DevOps
项目成员
Pages
K
kubesphere
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
2
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
8b037cef
编写于
11月 02, 2019
作者:
H
hongming
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
refine iam policy rules
Signed-off-by:
N
hongming
<
talonwan@yunify.com
>
上级
cae0911d
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
18 addition
and
1 deletion
+18
-1
pkg/constants/constants.go
pkg/constants/constants.go
+1
-0
pkg/controller/workspace/workspace_controller.go
pkg/controller/workspace/workspace_controller.go
+10
-0
pkg/models/iam/am.go
pkg/models/iam/am.go
+7
-1
未找到文件。
pkg/constants/constants.go
浏览文件 @
8b037cef
...
...
@@ -45,6 +45,7 @@ const (
ClusterAdmin
=
"cluster-admin"
WorkspaceRegular
=
"workspace-regular"
WorkspaceViewer
=
"workspace-viewer"
WorkspacesManager
=
"workspaces-manager"
DevopsOwner
=
"owner"
DevopsReporter
=
"reporter"
...
...
pkg/controller/workspace/workspace_controller.go
浏览文件 @
8b037cef
...
...
@@ -564,6 +564,11 @@ func getWorkspaceAdmin(workspaceName string) *rbac.ClusterRole {
ResourceNames
:
[]
string
{
workspaceName
},
Resources
:
[]
string
{
"workspaces"
,
"workspaces/*"
},
},
{
Verbs
:
[]
string
{
"watch"
},
APIGroups
:
[]
string
{
""
},
Resources
:
[]
string
{
"namespaces"
},
},
{
Verbs
:
[]
string
{
"list"
},
APIGroups
:
[]
string
{
"iam.kubesphere.io"
},
...
...
@@ -630,6 +635,11 @@ func getWorkspaceViewer(workspaceName string) *rbac.ClusterRole {
ResourceNames
:
[]
string
{
workspaceName
},
Resources
:
[]
string
{
"workspaces"
,
"workspaces/*"
},
},
{
Verbs
:
[]
string
{
"watch"
},
APIGroups
:
[]
string
{
""
},
Resources
:
[]
string
{
"namespaces"
},
},
{
Verbs
:
[]
string
{
"get"
,
"list"
},
APIGroups
:
[]
string
{
"openpitrix.io"
},
...
...
pkg/models/iam/am.go
浏览文件 @
8b037cef
...
...
@@ -487,7 +487,7 @@ func GetUserWorkspaceSimpleRules(workspace, username string) ([]models.SimpleRul
APIGroups
:
[]
string
{
"*"
},
Resources
:
[]
string
{
"workspaces"
,
"workspaces/*"
},
})
{
return
GetWorkspaceRoleSimpleRules
(
workspace
,
constants
.
Workspace
Admin
),
nil
return
GetWorkspaceRoleSimpleRules
(
workspace
,
constants
.
Workspace
sManager
),
nil
}
workspaceRole
,
err
:=
GetUserWorkspaceRole
(
workspace
,
username
)
...
...
@@ -534,6 +534,12 @@ func GetWorkspaceRoleSimpleRules(workspace, roleName string) []models.SimpleRule
{
Name
:
"apps"
,
Actions
:
[]
string
{
"view"
}},
{
Name
:
"repos"
,
Actions
:
[]
string
{
"view"
}},
}
case
constants
.
WorkspacesManager
:
workspaceRules
=
[]
models
.
SimpleRule
{
{
Name
:
"workspaces"
,
Actions
:
[]
string
{
"edit"
,
"delete"
,
"view"
}},
{
Name
:
"members"
,
Actions
:
[]
string
{
"edit"
,
"delete"
,
"create"
,
"view"
}},
{
Name
:
"roles"
,
Actions
:
[]
string
{
"view"
}},
}
}
return
workspaceRules
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录