From 6aeefd54cbe29fa850117b4cce3f5a85c458346f Mon Sep 17 00:00:00 2001 From: ahmadhamzh Date: Tue, 30 Jul 2024 08:21:50 +0300 Subject: [PATCH] give admin owner role --- modules/api/pkg/handler/v1/user/user.go | 2 +- modules/api/pkg/provider/kubernetes/member.go | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/modules/api/pkg/handler/v1/user/user.go b/modules/api/pkg/handler/v1/user/user.go index aaf0c3c7d7..a03a6c30cd 100644 --- a/modules/api/pkg/handler/v1/user/user.go +++ b/modules/api/pkg/handler/v1/user/user.go @@ -437,7 +437,7 @@ func (r AddReq) Validate(authenticatesUserInfo *provider.UserInfo) error { if projectFromRequest.ID != r.ProjectID { return utilerrors.New(http.StatusForbidden, fmt.Sprintf("you can only assign the user to %s project", r.ProjectID)) } - if strings.EqualFold(apiUserFromRequest.Email, authenticatesUserInfo.Email) { + if strings.EqualFold(apiUserFromRequest.Email, authenticatesUserInfo.Email) && !authenticatesUserInfo.IsAdmin { return utilerrors.New(http.StatusForbidden, "you cannot assign yourself to a different group") } isRequestedGroupPrefixValid := false diff --git a/modules/api/pkg/provider/kubernetes/member.go b/modules/api/pkg/provider/kubernetes/member.go index 10cf2291e7..3c2eaabef8 100644 --- a/modules/api/pkg/provider/kubernetes/member.go +++ b/modules/api/pkg/provider/kubernetes/member.go @@ -199,7 +199,9 @@ func (p *ProjectMemberProvider) MapUserToGroups(ctx context.Context, user *kuber groups.Insert(suffixedGroupName) } } - + if user.Spec.IsAdmin { + groups.Insert(fmt.Sprintf("owners-%s", projectID)) + } if groups.Len() > 0 { return groups, nil } else { @@ -279,6 +281,10 @@ func (p *ProjectMemberProvider) MapUserToRoles(ctx context.Context, user *kuberm } roles := sets.New[string]() + if user.Spec.IsAdmin { + roles.Insert("owners") + return roles, nil + } for _, gpb := range groupProjectBindings.Items { if slice.ContainsString(user.Spec.Groups, gpb.Spec.Group, nil) && gpb.Spec.ProjectID == projectID { roles.Insert(gpb.Spec.Role)