github/kubevela
1
0
Fork 0
mirror of https://github.com/kubevela/kubevela.git synced 2026-04-24 03:26:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

add default permission and role

Browse Source 
Signed-off-by: Qiaozp <qiaozhongpei.qzp@alibaba-inc.com>
This commit is contained in:
Qiaozp
2022-10-31 20:29:55 +08:00
parent be9840c3cb
commit cf074444ac
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/apiserver/domain/service/rbac.go
View File

@@ -59,6 +59,7 @@ var defaultProjectPermissionTemplate = []*model.PermissionTemplate{
"project:{projectName}/permission:*",
"project:{projectName}/environment:*",
"project:{projectName}/application:*/*",
"project:{projectName}/pipeline:*/*",
},
Actions: []string{"detail", "list"},
Effect: "Allow",
@@ -96,6 +97,16 @@ var defaultProjectPermissionTemplate = []*model.PermissionTemplate{
Effect: "Allow",
Scope: "project",
},
{
Name: "pipeline-management",
Alias: "Pipeline Management",
Resources: []string{
"project:{projectName}/pipeline:*",
},
Actions: []string{"*"},
Effect: "Allow",
Scope: "project",
},
}
var defaultPlatformPermission = []*model.PermissionTemplate{
@@ -877,7 +888,7 @@ func (p *rbacServiceImpl) InitDefaultRoleAndUsersForProject(ctx context.Context,
}, &model.Role{
Name: "project-admin",
Alias: "Project Admin",
Permissions: []string{"project-view", "app-management", "env-management", "role-management", "configuration-read"},
Permissions: []string{"project-view", "app-management", "env-management", "role-management", "pipeline-management", "configuration-read"},
Project: project.Name,
}, &model.Role{
Name: "project-viewer",