Skip to content

Commit

Permalink
fix(kubepi): 权限过滤修改
Browse files Browse the repository at this point in the history
  • Loading branch information
ssongliu committed May 27, 2022
1 parent 3d2ffdc commit 440e942
Showing 1 changed file with 11 additions and 5 deletions.
16 changes: 11 additions & 5 deletions internal/api/v1/v1.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,12 @@ import (
"encoding/json"
"errors"
"fmt"
"github.com/KubeOperator/kubepi/internal/api/v1/file"
"github.com/KubeOperator/kubepi/internal/api/v1/mfa"
"io/ioutil"
"strings"

"github.com/KubeOperator/kubepi/internal/api/v1/file"
"github.com/KubeOperator/kubepi/internal/api/v1/mfa"

"github.com/kataras/iris/v12/middleware/jwt"

"github.com/KubeOperator/kubepi/internal/api/v1/chart"
Expand Down Expand Up @@ -312,9 +313,14 @@ func roleAccessHandler() iris.Handler {
//// 通过api resource 过滤出来资源主体,method 过滤操作
p := ctx.Values().Get("profile")
u := p.(session.UserProfile)
if !strings.Contains(ctx.Request().URL.Path, "/proxy") && !strings.Contains(ctx.Request().URL.Path, "/ws") &&
!strings.Contains(ctx.Request().URL.Path, "/webkubectl") && !strings.Contains(ctx.Request().URL.Path, "/webkubectl") &&
!strings.Contains(ctx.Request().URL.Path, "/charts") && !strings.Contains(ctx.Request().URL.Path, "/apps") {
isInWhiteList := false
for _, path := range resourceWhiteList {
if strings.Contains(ctx.Request().URL.Path, fmt.Sprintf("/%s", path)) && path != "sessions" {
isInWhiteList = true
break
}
}
if !isInWhiteList {
// 放通admin权限
if u.IsAdministrator {
ctx.Next()
Expand Down

0 comments on commit 440e942

Please sign in to comment.