mirror of
https://github.com/goharbor/harbor
synced 2025-04-21 21:09:19 +00:00
fix replicate issue
This commit is contained in:
Wenkai Yin
parent
aa681eb018
commit
2e427bffe2
@ -64,6 +64,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
|
|||||||
return s.ctx.IsSysAdmin()
|
return s.ctx.IsSysAdmin()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsSolutionUser ...
|
||||||
|
func (s *SecurityContext) IsSolutionUser() bool {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
// HasReadPerm returns whether the user has read permission to the project
|
// HasReadPerm returns whether the user has read permission to the project
|
||||||
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
||||||
public, err := s.pm.IsPublic(projectIDOrName)
|
public, err := s.pm.IsPublic(projectIDOrName)
|
||||||
|
|||||||
@ -26,6 +26,8 @@ type Context interface {
|
|||||||
GetUsername() string
|
GetUsername() string
|
||||||
// IsSysAdmin returns whether the user is system admin
|
// IsSysAdmin returns whether the user is system admin
|
||||||
IsSysAdmin() bool
|
IsSysAdmin() bool
|
||||||
|
// IsSolutionUser returns whether the user is solution user
|
||||||
|
IsSolutionUser() bool
|
||||||
// HasReadPerm returns whether the user has read permission to the project
|
// HasReadPerm returns whether the user has read permission to the project
|
||||||
HasReadPerm(projectIDOrName interface{}) bool
|
HasReadPerm(projectIDOrName interface{}) bool
|
||||||
// HasWritePerm returns whether the user has write permission to the project
|
// HasWritePerm returns whether the user has write permission to the project
|
||||||
|
|||||||
@ -59,6 +59,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
|
|||||||
return s.user.HasAdminRole == 1
|
return s.user.HasAdminRole == 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsSolutionUser ...
|
||||||
|
func (s *SecurityContext) IsSolutionUser() bool {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
// HasReadPerm returns whether the user has read permission to the project
|
// HasReadPerm returns whether the user has read permission to the project
|
||||||
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
||||||
// public project
|
// public project
|
||||||
|
|||||||
@ -186,6 +186,11 @@ func TestIsSysAdmin(t *testing.T) {
|
|||||||
assert.True(t, ctx.IsSysAdmin())
|
assert.True(t, ctx.IsSysAdmin())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIsSolutionUser(t *testing.T) {
|
||||||
|
ctx := NewSecurityContext(nil, nil)
|
||||||
|
assert.False(t, ctx.IsSolutionUser())
|
||||||
|
}
|
||||||
|
|
||||||
func TestHasReadPerm(t *testing.T) {
|
func TestHasReadPerm(t *testing.T) {
|
||||||
// public project
|
// public project
|
||||||
ctx := NewSecurityContext(nil, pm)
|
ctx := NewSecurityContext(nil, pm)
|
||||||
|
|||||||
@ -65,6 +65,11 @@ func (s *SecurityContext) IsSysAdmin() bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsSolutionUser ...
|
||||||
|
func (s *SecurityContext) IsSolutionUser() bool {
|
||||||
|
return s.IsAuthenticated()
|
||||||
|
}
|
||||||
|
|
||||||
// HasReadPerm returns true if the corresponding user of the secret
|
// HasReadPerm returns true if the corresponding user of the secret
|
||||||
// is jobservice, otherwise returns false
|
// is jobservice, otherwise returns false
|
||||||
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
func (s *SecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
||||||
|
|||||||
@ -77,6 +77,24 @@ func TestIsSysAdmin(t *testing.T) {
|
|||||||
assert.False(t, isSysAdmin)
|
assert.False(t, isSysAdmin)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIsSolutionUser(t *testing.T) {
|
||||||
|
// invalid secret
|
||||||
|
context := NewSecurityContext("invalid_secret",
|
||||||
|
secret.NewStore(map[string]string{
|
||||||
|
"secret": "username",
|
||||||
|
}))
|
||||||
|
isSolutionUser := context.IsSolutionUser()
|
||||||
|
assert.False(t, isSolutionUser)
|
||||||
|
|
||||||
|
// valid secret
|
||||||
|
context = NewSecurityContext("secret",
|
||||||
|
secret.NewStore(map[string]string{
|
||||||
|
"secret": "username",
|
||||||
|
}))
|
||||||
|
isSolutionUser = context.IsSolutionUser()
|
||||||
|
assert.True(t, isSolutionUser)
|
||||||
|
}
|
||||||
|
|
||||||
func TestHasReadPerm(t *testing.T) {
|
func TestHasReadPerm(t *testing.T) {
|
||||||
// secret store is null
|
// secret store is null
|
||||||
context := NewSecurityContext("", nil)
|
context := NewSecurityContext("", nil)
|
||||||
|
|||||||
@ -212,8 +212,10 @@ func getProject(name string) (*models.Project, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
req.URL.Query().Set("name", name)
|
q := req.URL.Query()
|
||||||
req.URL.Query().Encode()
|
q.Set("name", name)
|
||||||
|
req.URL.RawQuery = q.Encode()
|
||||||
|
|
||||||
req.AddCookie(&http.Cookie{
|
req.AddCookie(&http.Cookie{
|
||||||
Name: models.UISecretCookie,
|
Name: models.UISecretCookie,
|
||||||
Value: config.JobserviceSecret(),
|
Value: config.JobserviceSecret(),
|
||||||
@ -231,6 +233,11 @@ func getProject(name string) (*models.Project, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if resp.StatusCode != http.StatusOK {
|
||||||
|
return nil, fmt.Errorf("failed to get project %s: %d %s",
|
||||||
|
name, resp.StatusCode, string(data))
|
||||||
|
}
|
||||||
|
|
||||||
list := []*models.Project{}
|
list := []*models.Project{}
|
||||||
if err = json.Unmarshal(data, &list); err != nil {
|
if err = json.Unmarshal(data, &list); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -308,7 +315,7 @@ func (c *Checker) createProject(project *models.Project) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func buildProjectURL() string {
|
func buildProjectURL() string {
|
||||||
return strings.TrimRight(config.LocalUIURL(), "/") + "/api/projects/"
|
return strings.TrimRight(config.LocalUIURL(), "/") + "/api/projects"
|
||||||
}
|
}
|
||||||
|
|
||||||
// ManifestPuller pulls the manifest of a tag. And if no tag needs to be pulled,
|
// ManifestPuller pulls the manifest of a tag. And if no tag needs to be pulled,
|
||||||
|
|||||||
@ -286,7 +286,7 @@ func (p *ProjectAPI) List() {
|
|||||||
// not login, only get public projects
|
// not login, only get public projects
|
||||||
base.Public = true
|
base.Public = true
|
||||||
} else {
|
} else {
|
||||||
if !p.SecurityCtx.IsSysAdmin() {
|
if !(p.SecurityCtx.IsSysAdmin() || p.SecurityCtx.IsSolutionUser()) {
|
||||||
// login, but not system admin, get public projects and
|
// login, but not system admin, get public projects and
|
||||||
// projects that the user is member of
|
// projects that the user is member of
|
||||||
base.Member = p.SecurityCtx.GetUsername()
|
base.Member = p.SecurityCtx.GetUsername()
|
||||||
|
|||||||
@ -217,6 +217,9 @@ func (f *fakeSecurityContext) GetUsername() string {
|
|||||||
func (f *fakeSecurityContext) IsSysAdmin() bool {
|
func (f *fakeSecurityContext) IsSysAdmin() bool {
|
||||||
return f.isAdmin
|
return f.isAdmin
|
||||||
}
|
}
|
||||||
|
func (f *fakeSecurityContext) IsSolutionUser() bool {
|
||||||
|
return false
|
||||||
|
}
|
||||||
func (f *fakeSecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
func (f *fakeSecurityContext) HasReadPerm(projectIDOrName interface{}) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user