lywsvip/cloudpods
1
0
Fork 0
mirror of https://github.com/yunionio/cloudpods.git synced 2026-06-04 08:24:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: options of the maximal number of roles of a user in project (#17033)

Browse Source 
Co-authored-by: QIU Jian <qiujian@yunionyun.com>
This commit is contained in:
Jian Qiu
2023-05-14 08:35:04 +08:00
committed by GitHub
parent 64118e947e
commit a3aa26b8e2
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/apis/identity/consts.go
View File

@@ -84,9 +84,6 @@ const (
IdentitySyncStatusIdle = "idle"
MinimalSyncIntervalSeconds = 5 * 60 // 5 minutes
MaxUserRolesInProject = 10
MaxGroupRolesInProject = 5
)
var (

8
pkg/keystone/models/assignments.go
View File

@@ -347,8 +347,8 @@ func (manager *SAssignmentManager) ProjectAddUser(ctx context.Context, userCred
if err != nil {
return errors.Wrap(err, "FetchUserProjectRoleCount")
}
if roleCnt >= api.MaxUserRolesInProject {
return errors.Wrapf(httperrors.ErrTooLarge, "user %s has joined project %s more than %d roles", user.Name, project.Name, roleCnt)
if roleCnt >= options.Options.MaxUserRolesInProject {
return errors.Wrapf(httperrors.ErrTooLarge, "user %s has joined project %s %d roles more than %d", user.Name, project.Name, roleCnt, options.Options.MaxUserRolesInProject)
}
err = manager.add(ctx, api.AssignmentUserProject, user.Id, project.Id, role.Id)
if err != nil {
@@ -498,8 +498,8 @@ func (manager *SAssignmentManager) projectAddGroup(ctx context.Context, userCred
if err != nil {
return errors.Wrap(err, "fetchGroupProjectRoleCount")
}
if roleCnt >= api.MaxGroupRolesInProject {
return errors.Wrapf(httperrors.ErrTooLarge, "group %s has joined project %s more than %d roles", group.Name, project.Name, roleCnt)
if roleCnt >= options.Options.MaxGroupRolesInProject {
return errors.Wrapf(httperrors.ErrTooLarge, "group %s has joined project %s %d roles more than %d", group.Name, project.Name, roleCnt, options.Options.MaxGroupRolesInProject)
}
err = manager.add(ctx, api.AssignmentGroupProject, group.Id, project.Id, role.Id)
if err != nil {

3
pkg/keystone/options/options.go
View File

@@ -73,6 +73,9 @@ type SKeystoneOptions struct {
LdapSearchPageSize uint32 `help:"pagination size for LDAP search" default:"100"`
ProjectAdminRole string `help:"name of role to be saved as admin user of project" default:"project_owner"`
MaxUserRolesInProject int `help:"maximal allowed roles of a user in a project" default:"20"`
MaxGroupRolesInProject int `help:"maximal allowed roles of a group in a project" default:"20"`
}
var (