lywsvip/cloudpods
1
0
Fork 0
mirror of https://github.com/yunionio/cloudpods.git synced 2026-06-06 03:35:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: member user only can get user & domain resource (#7598)

Browse Source 
Co-authored-by: Qu Xuan <quxuan@yunionyun.com>
This commit is contained in:
屈轩
2020-08-20 20:54:21 +08:00
committed by GitHub
parent 01a8384071
commit 6cab61ecb8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/cloudcommon/db/rbac.go
View File

@@ -43,7 +43,7 @@ func isObjectRbacAllowed(model IModel, userCred mcclient.TokenCredential, action
case rbacutils.ScopeSystem:
requireScope = rbacutils.ScopeSystem
case rbacutils.ScopeDomain:
if ownerId != nil && objOwnerId != nil && (ownerId.GetUserId() == objOwnerId.GetUserId()) {
if ownerId != nil && objOwnerId != nil && (ownerId.GetUserId() == objOwnerId.GetUserId() && action == policy.PolicyActionGet) {
requireScope = rbacutils.ScopeUser
} else if ownerId != nil && objOwnerId != nil && (ownerId.GetProjectDomainId() == objOwnerId.GetProjectDomainId() || objOwnerId.GetProjectDomainId() == "" || (model.IsSharable(ownerId) && action == policy.PolicyActionGet)) {
requireScope = rbacutils.ScopeDomain