Merge pull request #1111 from wansir/master

feat: support user-facing role filter

pkg/models/resources/clusterroles.go

@@ -58,7 +58,7 @@ func (*clusterRoleSearcher) match(match map[string]string, item *rbac.ClusterRol
 			if !strings.Contains(item.Name, v) && !searchFuzzy(item.Labels, "", v) && !searchFuzzy(item.Annotations, "", v) {
 				return false
 			}
-		case "userfacing":
+		case UserFacing:
 			if v == "true" {
 				if !isUserFacingClusterRole(item) {
 					return false
@@ -145,6 +145,7 @@ func (s *clusterRoleSearcher) search(namespace string, conditions *params.Condit
 	return r, nil
 }
 
+// cluster role created by user from kubesphere dashboard
 func isUserFacingClusterRole(role *rbac.ClusterRole) bool {
 	if role.Annotations[constants.CreatorAnnotationKey] != "" && role.Labels[constants.WorkspaceLabelKey] == "" {
 		return true

pkg/models/resources/resources.go

@@ -74,6 +74,7 @@ const (
 	release                  = "release"
 	annotation               = "annotation"
 	Keyword                  = "keyword"
+	UserFacing               = "userfacing"
 	Status                   = "status"
 	includeCronJob           = "includeCronJob"
 	storageClassName         = "storageClassName"

pkg/models/resources/roles.go

@@ -49,6 +49,12 @@ func (*roleSearcher) match(match map[string]string, item *rbac.Role) bool {
 			if !strings.Contains(item.Name, v) && !searchFuzzy(item.Labels, "", v) && !searchFuzzy(item.Annotations, "", v) {
 				return false
 			}
+		case UserFacing:
+			if v == "true" {
+				if !isUserFacingRole(item) {
+					return false
+				}
+			}
 		default:
 			// label not exist or value not equal
 			if val, ok := item.Labels[k]; !ok || val != v {
@@ -129,3 +135,11 @@ func (s *roleSearcher) search(namespace string, conditions *params.Conditions, o
 	}
 	return r, nil
 }
+
+// role created by user from kubesphere dashboard
+func isUserFacingRole(role *rbac.Role) bool {
+	if role.Annotations[constants.CreatorAnnotationKey] != "" {
+		return true
+	}
+	return false
+}