zishuo/onepanel
1
0
Fork 0
mirror of https://github.com/onepanelio/onepanel.git synced 2025-09-26 17:51:13 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: Deny create namespace permission in community edition

Browse Source
This commit is contained in:
Andrey Melnikov
2021-10-26 15:47:13 -07:00
parent d934163fc8
commit 62896b2f52
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/auth/auth.go
View File

@@ -105,6 +105,10 @@ func getClient(ctx context.Context, kubeConfig *v1.Config, db *v1.DB, sysConfig
}
func IsAuthorized(c *v1.Client, namespace, verb, group, resource, name string) (allowed bool, err error) {
if resource == "namespaces" && verb == "create" {
return false, status.Error(codes.PermissionDenied, "creating namespaces is not supported in the community edition")
}
review, err := c.AuthorizationV1().SelfSubjectAccessReviews().Create(&authorizationv1.SelfSubjectAccessReview{
Spec: authorizationv1.SelfSubjectAccessReviewSpec{
ResourceAttributes: &authorizationv1.ResourceAttributes{