Skip to content

Commit

Permalink
fix: revert default policy (#20111)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ioito
ioito authored Apr 23, 2024
1 parent 5084cd1 commit 003ad67
Show file tree
Hide file tree
Showing 6 changed files with 632 additions and 651 deletions.
133 changes: 67 additions & 66 deletions pkg/cloudid/policy/defaults.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@
package policy

import (
"yunion.io/x/pkg/util/rbacscope"

api "yunion.io/x/onecloud/pkg/apis/cloudid"
common_policy "yunion.io/x/onecloud/pkg/cloudcommon/policy"
"yunion.io/x/onecloud/pkg/util/rbacutils"
)
Expand All @@ -30,80 +33,78 @@ const (

var (
predefinedDefaultPolicies = []rbacutils.SRbacPolicy{
/*
{
Auth: true,
Scope: rbacscope.ScopeSystem,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudpolicies",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudpolicies",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
{
Auth: true,
Scope: rbacscope.ScopeSystem,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudpolicies",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudpolicies",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
},
{
Auth: true,
Scope: rbacscope.ScopeDomain,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudgroups",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudgroups",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
},
{
Auth: true,
Scope: rbacscope.ScopeDomain,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudgroups",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudgroups",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
},
{
Auth: true,
Scope: rbacscope.ScopeUser,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudusers",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudusers",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
},
{
Auth: true,
Scope: rbacscope.ScopeUser,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "cloudusers",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "cloudusers",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
},
{
Auth: true,
Scope: rbacscope.ScopeUser,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "samlusers",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "samlusers",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
},
{
Auth: true,
Scope: rbacscope.ScopeUser,
Rules: []rbacutils.SRbacRule{
{
Service: api.SERVICE_TYPE,
Resource: "samlusers",
Action: PolicyActionList,
Result: rbacutils.Allow,
},
{
Service: api.SERVICE_TYPE,
Resource: "samlusers",
Action: PolicyActionGet,
Result: rbacutils.Allow,
},
},
*/
},
}
)

Expand Down
Loading

0 comments on commit 003ad67

Please sign in to comment.