Skip to content

Commit 16f2443

Browse files
feat: release v8 (Release Creation RBAC Scripts) (#5821)
* release rbac sql scripts * script chnage * sql constraints * sql constraints * sql constraints * script number chnages * refactoring * role group mapping model * script number chnage
1 parent 4b70ff4 commit 16f2443

File tree

12 files changed

+126
-61
lines changed

12 files changed

+126
-61
lines changed

api/auth/user/UserRestHandler.go

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -135,7 +135,7 @@ func (handler UserRestHandlerImpl) CreateUser(w http.ResponseWriter, r *http.Req
135135
}
136136
if userInfo.RoleFilters != nil && len(userInfo.RoleFilters) > 0 {
137137
for _, filter := range userInfo.RoleFilters {
138-
if filter.AccessType == bean.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
138+
if filter.AccessType == bean2.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
139139
response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
140140
return
141141
}
@@ -145,7 +145,7 @@ func (handler UserRestHandlerImpl) CreateUser(w http.ResponseWriter, r *http.Req
145145
return
146146
}
147147
}
148-
if filter.Entity == bean.CLUSTER_ENTITIY {
148+
if filter.Entity == bean2.CLUSTER_ENTITIY {
149149
if ok := handler.userCommonService.CheckRbacForClusterEntity(filter.Cluster, filter.Namespace, filter.Group, filter.Kind, filter.Resource, token, handler.CheckManagerAuth); !ok {
150150
response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
151151
return
@@ -170,7 +170,7 @@ func (handler UserRestHandlerImpl) CreateUser(w http.ResponseWriter, r *http.Req
170170

171171
if len(groupRoles) > 0 {
172172
for _, groupRole := range groupRoles {
173-
if groupRole.AccessType == bean.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
173+
if groupRole.AccessType == bean2.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
174174
response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
175175
return
176176
}
@@ -315,7 +315,7 @@ func (handler UserRestHandlerImpl) GetById(w http.ResponseWriter, r *http.Reques
315315
authPass = false
316316
}
317317
}
318-
if filter.Entity == bean.CLUSTER_ENTITIY {
318+
if filter.Entity == bean2.CLUSTER_ENTITIY {
319319
if ok := handler.userCommonService.CheckRbacForClusterEntity(filter.Cluster, filter.Namespace, filter.Group, filter.Kind, filter.Resource, token, handler.CheckManagerAuth); !ok {
320320
authPass = false
321321
}
@@ -381,7 +381,7 @@ func (handler UserRestHandlerImpl) GetAllV2(w http.ResponseWriter, r *http.Reque
381381
break
382382
}
383383
}
384-
if filter.Entity == bean.CLUSTER_ENTITIY {
384+
if filter.Entity == bean2.CLUSTER_ENTITIY {
385385
if ok := handler.userCommonService.CheckRbacForClusterEntity(filter.Cluster, filter.Namespace, filter.Group, filter.Kind, filter.Resource, token, handler.CheckManagerAuth); ok {
386386
isAuthorised = true
387387
break
@@ -451,7 +451,7 @@ func (handler UserRestHandlerImpl) GetAll(w http.ResponseWriter, r *http.Request
451451
break
452452
}
453453
}
454-
if filter.Entity == bean.CLUSTER_ENTITIY {
454+
if filter.Entity == bean2.CLUSTER_ENTITIY {
455455
if ok := handler.userCommonService.CheckRbacForClusterEntity(filter.Cluster, filter.Namespace, filter.Group, filter.Kind, filter.Resource, token, handler.CheckManagerAuth); ok {
456456
isAuthorised = true
457457
break
@@ -528,7 +528,7 @@ func (handler UserRestHandlerImpl) DeleteUser(w http.ResponseWriter, r *http.Req
528528
}
529529
if user.RoleFilters != nil && len(user.RoleFilters) > 0 {
530530
for _, filter := range user.RoleFilters {
531-
if filter.AccessType == bean.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
531+
if filter.AccessType == bean2.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
532532
common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
533533
return
534534
}
@@ -538,7 +538,7 @@ func (handler UserRestHandlerImpl) DeleteUser(w http.ResponseWriter, r *http.Req
538538
return
539539
}
540540
}
541-
if filter.Entity == bean.CLUSTER_ENTITIY {
541+
if filter.Entity == bean2.CLUSTER_ENTITIY {
542542
if ok := handler.userCommonService.CheckRbacForClusterEntity(filter.Cluster, filter.Namespace, filter.Group, filter.Kind, filter.Resource, token, handler.CheckManagerAuth); !ok {
543543
common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
544544
return
@@ -649,7 +649,7 @@ func (handler UserRestHandlerImpl) FetchRoleGroupById(w http.ResponseWriter, r *
649649
authPass = false
650650
}
651651
}
652-
if filter.Entity == bean.CLUSTER_ENTITIY {
652+
if filter.Entity == bean2.CLUSTER_ENTITIY {
653653
if isValidAuth := handler.userCommonService.CheckRbacForClusterEntity(filter.Cluster, filter.Namespace, filter.Group, filter.Kind, filter.Resource, token, handler.CheckManagerAuth); !isValidAuth {
654654
authPass = false
655655
}
@@ -705,7 +705,7 @@ func (handler UserRestHandlerImpl) CreateRoleGroup(w http.ResponseWriter, r *htt
705705

706706
if request.RoleFilters != nil && len(request.RoleFilters) > 0 {
707707
for _, filter := range request.RoleFilters {
708-
if filter.AccessType == bean.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
708+
if filter.AccessType == bean2.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
709709
common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
710710
return
711711
}
@@ -715,7 +715,7 @@ func (handler UserRestHandlerImpl) CreateRoleGroup(w http.ResponseWriter, r *htt
715715
return
716716
}
717717
}
718-
if filter.Entity == bean.CLUSTER_ENTITIY && !isActionUserSuperAdmin {
718+
if filter.Entity == bean2.CLUSTER_ENTITIY && !isActionUserSuperAdmin {
719719
if isValidAuth := handler.userCommonService.CheckRbacForClusterEntity(filter.Cluster, filter.Namespace, filter.Group, filter.Kind, filter.Resource, token, handler.CheckManagerAuth); !isValidAuth {
720720
common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
721721
return
@@ -838,7 +838,7 @@ func (handler UserRestHandlerImpl) FetchRoleGroupsV2(w http.ResponseWriter, r *h
838838
break
839839
}
840840
}
841-
if filter.Entity == bean.CLUSTER_ENTITIY {
841+
if filter.Entity == bean2.CLUSTER_ENTITIY {
842842
if isValidAuth := handler.userCommonService.CheckRbacForClusterEntity(filter.Cluster, filter.Namespace, filter.Group, filter.Kind, filter.Resource, token, handler.CheckManagerAuth); isValidAuth {
843843
isAuthorised = true
844844
break
@@ -909,7 +909,7 @@ func (handler UserRestHandlerImpl) FetchRoleGroups(w http.ResponseWriter, r *htt
909909
break
910910
}
911911
}
912-
if filter.Entity == bean.CLUSTER_ENTITIY {
912+
if filter.Entity == bean2.CLUSTER_ENTITIY {
913913
if isValidAuth := handler.userCommonService.CheckRbacForClusterEntity(filter.Cluster, filter.Namespace, filter.Group, filter.Kind, filter.Resource, token, handler.CheckManagerAuth); isValidAuth {
914914
isAuthorised = true
915915
break
@@ -1004,7 +1004,7 @@ func (handler UserRestHandlerImpl) DeleteRoleGroup(w http.ResponseWriter, r *htt
10041004
}
10051005
if userGroup.RoleFilters != nil && len(userGroup.RoleFilters) > 0 {
10061006
for _, filter := range userGroup.RoleFilters {
1007-
if filter.AccessType == bean.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
1007+
if filter.AccessType == bean2.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
10081008
common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
10091009
return
10101010
}
@@ -1014,7 +1014,7 @@ func (handler UserRestHandlerImpl) DeleteRoleGroup(w http.ResponseWriter, r *htt
10141014
return
10151015
}
10161016
}
1017-
if filter.Entity == bean.CLUSTER_ENTITIY {
1017+
if filter.Entity == bean2.CLUSTER_ENTITIY {
10181018
if isValidAuth := handler.userCommonService.CheckRbacForClusterEntity(filter.Cluster, filter.Namespace, filter.Group, filter.Kind, filter.Resource, token, handler.CheckManagerAuth); !isValidAuth {
10191019
common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
10201020
return

api/bean/UserRequest.go

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -111,13 +111,10 @@ const (
111111
type PolicyType int
112112

113113
const (
114-
POLICY_DIRECT PolicyType = 1
115-
POLICY_GROUP PolicyType = 1
116-
SUPERADMIN = "role:super-admin___"
117-
APP_ACCESS_TYPE_HELM = "helm-app"
118-
USER_TYPE_API_TOKEN = "apiToken"
119-
CHART_GROUP_ENTITY = "chart-group"
120-
CLUSTER_ENTITIY = "cluster"
114+
POLICY_DIRECT PolicyType = 1
115+
POLICY_GROUP PolicyType = 1
116+
SUPERADMIN = "role:super-admin___"
117+
USER_TYPE_API_TOKEN = "apiToken"
121118
)
122119

123120
type UserListingResponse struct {

pkg/auth/user/RoleGroupService.go

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -135,7 +135,7 @@ func (impl RoleGroupServiceImpl) CreateRoleGroup(request *bean.RoleGroup) (*bean
135135
if request.SuperAdmin == false {
136136
for index, roleFilter := range request.RoleFilters {
137137
entity := roleFilter.Entity
138-
if entity == bean.CLUSTER_ENTITIY {
138+
if entity == bean2.CLUSTER_ENTITIY {
139139
policiesToBeAdded, err := impl.CreateOrUpdateRoleGroupForClusterEntity(roleFilter, request.UserId, model, nil, "", nil, tx, mapping[index])
140140
policies = append(policies, policiesToBeAdded...)
141141
if err != nil {
@@ -279,7 +279,7 @@ func (impl RoleGroupServiceImpl) CreateOrUpdateRoleGroupForOtherEntity(roleFilte
279279
}
280280
if roleModel.Id == 0 {
281281
request.Status = fmt.Sprintf("%s+%s,%s,%s,%s", bean2.RoleNotFoundStatusPrefix, roleFilter.Team, environment, entityName, actionType)
282-
if roleFilter.Entity == bean2.ENTITY_APPS || roleFilter.Entity == bean.CHART_GROUP_ENTITY {
282+
if roleFilter.Entity == bean2.ENTITY_APPS || roleFilter.Entity == bean2.CHART_GROUP_ENTITY {
283283
flag, err, policiesAdded := impl.userCommonService.CreateDefaultPoliciesForAllTypes(roleFilter.Team, entityName, environment, entity, "", "", "", "", "", actionType, accessType, "", request.UserId)
284284
if err != nil || flag == false {
285285
return nil, err
@@ -426,7 +426,7 @@ func (impl RoleGroupServiceImpl) UpdateRoleGroup(request *bean.RoleGroup, token
426426

427427
//Adding New Policies
428428
for index, roleFilter := range request.RoleFilters {
429-
if roleFilter.Entity == bean.CLUSTER_ENTITIY {
429+
if roleFilter.Entity == bean2.CLUSTER_ENTITIY {
430430
policiesToBeAdded, err := impl.CreateOrUpdateRoleGroupForClusterEntity(roleFilter, request.UserId, roleGroup, existingRoles, token, managerAuth, tx, mapping[index])
431431
policies = append(policies, policiesToBeAdded...)
432432
if err != nil {
@@ -474,10 +474,7 @@ func (impl RoleGroupServiceImpl) UpdateRoleGroup(request *bean.RoleGroup, token
474474
}
475475
if roleModel.Id > 0 {
476476
roleGroupMappingModel := &repository.RoleGroupRoleMapping{RoleGroupId: roleGroup.Id, RoleId: roleModel.Id}
477-
roleGroupMappingModel.CreatedBy = request.UserId
478-
roleGroupMappingModel.UpdatedBy = request.UserId
479-
roleGroupMappingModel.CreatedOn = time.Now()
480-
roleGroupMappingModel.UpdatedOn = time.Now()
477+
roleGroupMappingModel.CreateAuditLog(request.UserId)
481478
roleGroupMappingModel, err = impl.roleGroupRepository.CreateRoleGroupRoleMapping(roleGroupMappingModel, tx)
482479
if err != nil {
483480
impl.logger.Errorw("error in creating role group role mapping", "err", err, "RoleGroupId", roleGroup.Id)

pkg/auth/user/UserCommonService.go

Lines changed: 15 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -40,9 +40,6 @@ type UserCommonService interface {
4040
RemoveRolesAndReturnEliminatedPoliciesForGroups(request *bean.RoleGroup, existingRoles map[int]*repository.RoleGroupRoleMapping, eliminatedRoles map[int]*repository.RoleGroupRoleMapping, tx *pg.Tx, token string, managerAuth func(resource string, token string, object string) bool) ([]casbin.Policy, error)
4141
CheckRbacForClusterEntity(cluster, namespace, group, kind, resource, token string, managerAuth func(resource, token, object string) bool) bool
4242
GetCapacityForRoleFilter(roleFilters []bean.RoleFilter) (int, map[int]int)
43-
BuildRoleFilterKeyForCluster(roleFilterMap map[string]*bean.RoleFilter, role repository.RoleModel, key string)
44-
BuildRoleFilterKeyForJobs(roleFilterMap map[string]*bean.RoleFilter, role repository.RoleModel, key string)
45-
BuildRoleFilterKeyForOtherEntity(roleFilterMap map[string]*bean.RoleFilter, role repository.RoleModel, key string)
4643
BuildRoleFilterForAllTypes(roleFilterMap map[string]*bean.RoleFilter, role repository.RoleModel, key string)
4744
GetUniqueKeyForAllEntity(role repository.RoleModel) string
4845
SetDefaultValuesIfNotPresent(request *bean.ListingRequest, isRoleGroup bool)
@@ -201,7 +198,7 @@ func getResolvedValueFromPValDetailObject(pValDetailObj repository.PValDetailObj
201198
func getPValUpdateMap(team, entityName, env, entity, cluster, namespace, group, kind, resource, workflow string) map[repository.PValUpdateKey]string {
202199
pValUpdateMap := make(map[repository.PValUpdateKey]string)
203200
pValUpdateMap[repository.EntityPValUpdateKey] = entity
204-
if entity == bean.CLUSTER_ENTITIY {
201+
if entity == bean2.CLUSTER_ENTITIY {
205202
pValUpdateMap[repository.ClusterPValUpdateKey] = cluster
206203
pValUpdateMap[repository.NamespacePValUpdateKey] = namespace
207204
pValUpdateMap[repository.GroupPValUpdateKey] = group
@@ -242,7 +239,7 @@ func (impl UserCommonServiceImpl) RemoveRolesAndReturnEliminatedPolicies(userInf
242239
var eliminatedPolicies []casbin.Policy
243240
// DELETE Removed Items
244241
for _, roleFilter := range userInfo.RoleFilters {
245-
if roleFilter.Entity == bean.CLUSTER_ENTITIY {
242+
if roleFilter.Entity == bean2.CLUSTER_ENTITIY {
246243
namespaces := strings.Split(roleFilter.Namespace, ",")
247244
groups := strings.Split(roleFilter.Group, ",")
248245
kinds := strings.Split(roleFilter.Kind, ",")
@@ -336,7 +333,7 @@ func (impl UserCommonServiceImpl) RemoveRolesAndReturnEliminatedPolicies(userInf
336333
if _, ok := existingRoleIds[roleModel.Id]; ok {
337334
delete(eliminatedRoleIds, roleModel.Id)
338335
}
339-
isChartGroupEntity := roleFilter.Entity == bean.CHART_GROUP_ENTITY
336+
isChartGroupEntity := roleFilter.Entity == bean2.CHART_GROUP_ENTITY
340337
if _, ok := existingRoleIds[oldRoleModel.Id]; ok && !isChartGroupEntity {
341338
//delete old role mapping from existing but not from eliminated roles (so that it gets deleted)
342339
delete(existingRoleIds, oldRoleModel.Id)
@@ -362,7 +359,7 @@ func (impl UserCommonServiceImpl) RemoveRolesAndReturnEliminatedPolicies(userInf
362359
continue
363360
}
364361
}
365-
if role.Entity == bean.CLUSTER_ENTITIY {
362+
if role.Entity == bean2.CLUSTER_ENTITIY {
366363
isValidAuth := impl.CheckRbacForClusterEntity(role.Cluster, role.Namespace, role.Group, role.Kind, role.Resource, token, managerAuth)
367364
if !isValidAuth {
368365
continue
@@ -384,7 +381,7 @@ func (impl UserCommonServiceImpl) RemoveRolesAndReturnEliminatedPoliciesForGroup
384381
//var policies []casbin.Policy
385382
for _, roleFilter := range request.RoleFilters {
386383
entity := roleFilter.Entity
387-
if entity == bean.CLUSTER_ENTITIY {
384+
if entity == bean2.CLUSTER_ENTITIY {
388385
namespaces := strings.Split(roleFilter.Namespace, ",")
389386
groups := strings.Split(roleFilter.Group, ",")
390387
kinds := strings.Split(roleFilter.Kind, ",")
@@ -488,7 +485,7 @@ func (impl UserCommonServiceImpl) RemoveRolesAndReturnEliminatedPoliciesForGroup
488485
if _, ok := existingRoles[roleModel.Id]; ok {
489486
delete(eliminatedRoles, roleModel.Id)
490487
}
491-
isChartGroupEntity := roleFilter.Entity == bean.CHART_GROUP_ENTITY
488+
isChartGroupEntity := roleFilter.Entity == bean2.CHART_GROUP_ENTITY
492489
if _, ok := existingRoles[oldRoleModel.Id]; ok && !isChartGroupEntity {
493490
//delete old role mapping from existing but not from eliminated roles (so that it gets deleted)
494491
delete(existingRoles, oldRoleModel.Id)
@@ -514,7 +511,7 @@ func (impl UserCommonServiceImpl) RemoveRolesAndReturnEliminatedPoliciesForGroup
514511
continue
515512
}
516513
}
517-
if role.Entity == bean.CLUSTER_ENTITIY {
514+
if role.Entity == bean2.CLUSTER_ENTITIY {
518515
isValidAuth := impl.CheckRbacForClusterEntity(role.Cluster, role.Namespace, role.Group, role.Kind, role.Resource, token, managerAuth)
519516
if !isValidAuth {
520517
continue
@@ -608,22 +605,22 @@ func (impl UserCommonServiceImpl) GetCapacityForRoleFilter(roleFilters []bean.Ro
608605

609606
func (impl UserCommonServiceImpl) BuildRoleFilterForAllTypes(roleFilterMap map[string]*bean.RoleFilter, role repository.RoleModel, key string) {
610607
switch role.Entity {
611-
case bean.CLUSTER_ENTITIY:
608+
case bean2.CLUSTER_ENTITIY:
612609
{
613-
impl.BuildRoleFilterKeyForCluster(roleFilterMap, role, key)
610+
BuildRoleFilterKeyForCluster(roleFilterMap, role, key)
614611
}
615612
case bean2.EntityJobs:
616613
{
617-
impl.BuildRoleFilterKeyForJobs(roleFilterMap, role, key)
614+
BuildRoleFilterKeyForJobs(roleFilterMap, role, key)
618615
}
619616
default:
620617
{
621-
impl.BuildRoleFilterKeyForOtherEntity(roleFilterMap, role, key)
618+
BuildRoleFilterKeyForOtherEntity(roleFilterMap, role, key)
622619
}
623620
}
624621
}
625622

626-
func (impl UserCommonServiceImpl) BuildRoleFilterKeyForCluster(roleFilterMap map[string]*bean.RoleFilter, role repository.RoleModel, key string) {
623+
func BuildRoleFilterKeyForCluster(roleFilterMap map[string]*bean.RoleFilter, role repository.RoleModel, key string) {
627624
namespaceArr := strings.Split(roleFilterMap[key].Namespace, ",")
628625
if containsArr(namespaceArr, AllNamespace) {
629626
roleFilterMap[key].Namespace = AllNamespace
@@ -650,7 +647,7 @@ func (impl UserCommonServiceImpl) BuildRoleFilterKeyForCluster(roleFilterMap map
650647
}
651648
}
652649

653-
func (impl UserCommonServiceImpl) BuildRoleFilterKeyForJobs(roleFilterMap map[string]*bean.RoleFilter, role repository.RoleModel, key string) {
650+
func BuildRoleFilterKeyForJobs(roleFilterMap map[string]*bean.RoleFilter, role repository.RoleModel, key string) {
654651
envArr := strings.Split(roleFilterMap[key].Environment, ",")
655652
if containsArr(envArr, AllEnvironment) {
656653
roleFilterMap[key].Environment = AllEnvironment
@@ -671,7 +668,7 @@ func (impl UserCommonServiceImpl) BuildRoleFilterKeyForJobs(roleFilterMap map[st
671668
}
672669
}
673670

674-
func (impl UserCommonServiceImpl) BuildRoleFilterKeyForOtherEntity(roleFilterMap map[string]*bean.RoleFilter, role repository.RoleModel, key string) {
671+
func BuildRoleFilterKeyForOtherEntity(roleFilterMap map[string]*bean.RoleFilter, role repository.RoleModel, key string) {
675672
envArr := strings.Split(roleFilterMap[key].Environment, ",")
676673
if containsArr(envArr, AllEnvironment) {
677674
roleFilterMap[key].Environment = AllEnvironment
@@ -692,7 +689,7 @@ func (impl UserCommonServiceImpl) GetUniqueKeyForAllEntity(role repository.RoleM
692689
} else if role.Entity == bean2.EntityJobs {
693690
key = fmt.Sprintf("%s_%s_%s_%s", role.Team, role.Action, role.AccessType, role.Entity)
694691
} else if len(role.Entity) > 0 {
695-
if role.Entity == bean.CLUSTER_ENTITIY {
692+
if role.Entity == bean2.CLUSTER_ENTITIY {
696693
key = fmt.Sprintf("%s_%s_%s_%s_%s", role.Entity, role.Action, role.Cluster,
697694
role.Group, role.Kind)
698695
} else {

pkg/auth/user/UserService.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -474,7 +474,7 @@ func (impl *UserServiceImpl) CreateOrUpdateUserRolesForAllTypes(roleFilter bean.
474474
var policiesToBeAdded = make([]casbin2.Policy, 0, capacity)
475475
var err error
476476
rolesChanged := false
477-
if entity == bean2.CLUSTER {
477+
if entity == bean2.CLUSTER_ENTITIY {
478478
policiesToBeAdded, rolesChanged, err = impl.createOrUpdateUserRolesForClusterEntity(roleFilter, userId, model, existingRoles, token, managerAuth, tx, entity, capacity)
479479
if err != nil {
480480
return nil, false, err
@@ -1698,7 +1698,7 @@ func (impl *UserServiceImpl) checkGroupAuth(groupName string, token string, mana
16981698
hasAccessToGroup = false
16991699
hasSuperAdminPermission = true
17001700
}
1701-
if role.AccessType == bean.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
1701+
if role.AccessType == bean2.APP_ACCESS_TYPE_HELM && !isActionUserSuperAdmin {
17021702
hasAccessToGroup = false
17031703
}
17041704
if len(role.Team) > 0 {
@@ -1708,7 +1708,7 @@ func (impl *UserServiceImpl) checkGroupAuth(groupName string, token string, mana
17081708
hasAccessToGroup = false
17091709
}
17101710
}
1711-
if role.Entity == bean.CLUSTER_ENTITIY && !isActionUserSuperAdmin {
1711+
if role.Entity == bean2.CLUSTER_ENTITIY && !isActionUserSuperAdmin {
17121712
isValidAuth := impl.userCommonService.CheckRbacForClusterEntity(role.Cluster, role.Namespace, role.Group, role.Kind, role.Resource, token, managerAuth)
17131713
if !isValidAuth {
17141714
hasAccessToGroup = false
@@ -1782,7 +1782,7 @@ func (impl *UserServiceImpl) createOrUpdateUserRolesForOtherEntity(roleFilter be
17821782
environments := strings.Split(roleFilter.Environment, ",")
17831783
for _, environment := range environments {
17841784
for _, entityName := range entityNames {
1785-
if managerAuth != nil && entity != bean.CHART_GROUP_ENTITY {
1785+
if managerAuth != nil && entity != bean2.CHART_GROUP_ENTITY {
17861786
// check auth only for apps permission, skip for chart group
17871787
rbacObject := fmt.Sprintf("%s", roleFilter.Team)
17881788
isValidAuth := managerAuth(casbin2.ResourceUser, token, rbacObject)

0 commit comments

Comments
 (0)