Skip to content
Snippets Groups Projects
Commit c56d51ce authored by Yas Naoi's avatar Yas Naoi Committed by root
Browse files

Issue #3183934 by yas: Add any / own permissions to Limit Range

parent dd40c43f
No related branches found
No related tags found
No related merge requests found
......@@ -251,16 +251,24 @@ add k8s limit range:
list k8s limit range:
title: 'List K8s limit range'
description: 'Allow users to list K8s limit range.'
view k8s limit range:
title: 'View K8s limit range'
description: 'Allow users to view K8s limit range.'
edit k8s limit range:
title: 'Edit K8s limit range'
description: 'Allow users to edit K8s limit range.'
delete k8s limit range:
title: 'Delete K8s limit range'
description: 'Allow users to delete K8s limit range.'
view any k8s limit range:
title: 'View any K8s limit range'
description: 'Allow users to view K8s any limit range.'
edit any k8s limit range:
title: 'Edit any K8s limit range'
description: 'Allow users to edit any K8s limit range.'
delete any k8s limit range:
title: 'Delete any K8s limit range'
description: 'Allow users to delete any K8s limit range.'
view own k8s limit range:
title: 'View own K8s limit range'
description: 'Allow users to view own K8s limit range.'
edit own k8s limit range:
title: 'Edit own K8s limit range'
description: 'Allow users to edit own K8s limit range.'
delete own k8s limit range:
title: 'Delete own K8s limit range'
description: 'Allow users to delete own K8s limit range.'
############################
# K8s Secret
......
......@@ -279,14 +279,14 @@ entity.k8s_limit_range.list_update:
# Desired permission is passed as an option in the "perm" variable
_custom_access: '\Drupal\cloud\Controller\CloudConfigController::access'
options:
perm: 'edit k8s limit range'
perm: 'edit any k8s limit range+edit own k8s limit range'
entity.k8s_limit_range.list_update.all:
path: '/clouds/k8s/limit_range/update'
defaults:
_controller: '\Drupal\k8s\Controller\ApiController::updateLimitRangeList'
requirements:
_permission: 'edit k8s limit range,view all cloud service providers'
_permission: 'edit any k8s limit range+edit own k8s limit range+view all cloud service providers'
entity.k8s_secret.list_update:
path: '/clouds/k8s/{cloud_context}/secret/update'
......
......@@ -25,25 +25,28 @@ class K8sLimitRangeAccessControlHandler extends EntityAccessControlHandler {
$view_namespace_perm = 'view k8s namespace ' . $entity->getNamespace();
switch ($operation) {
case 'view':
return $this->allowedIfCanAccessCloudConfig(
return $this->allowedIfCanAccessCloudConfigWithOwner(
$entity,
$account,
[$view_namespace_perm, 'view k8s limit range']
[$view_namespace_perm, 'view own k8s limit range'],
[$view_namespace_perm, 'view any k8s limit range']
);
case 'update':
case 'edit':
return $this->allowedIfCanAccessCloudConfig(
return $this->allowedIfCanAccessCloudConfigWithOwner(
$entity,
$account,
[$view_namespace_perm, 'edit k8s limit range']
[$view_namespace_perm, 'edit own k8s limit range'],
[$view_namespace_perm, 'edit any k8s limit range']
);
case 'delete':
return $this->allowedIfCanAccessCloudConfig(
return $this->allowedIfCanAccessCloudConfigWithOwner(
$entity,
$account,
[$view_namespace_perm, 'delete k8s limit range']
[$view_namespace_perm, 'delete own k8s limit range'],
[$view_namespace_perm, 'delete any k8s limit range']
);
}
......
......@@ -1009,6 +1009,14 @@ class K8sBatchOperations {
]);
}
// Owner ID.
$uid = NULL;
if (!empty($limit_range['metadata']['annotations'])
&& !empty($limit_range['metadata']['annotations'][K8sEntityBase::ANNOTATION_CREATED_BY_UID])) {
$uid = $limit_range['metadata']['annotations'][K8sEntityBase::ANNOTATION_CREATED_BY_UID];
}
$entity->setOwnerById($uid);
// Labels.
self::setKeyValueTypeFieldValue(
$entity,
......
......@@ -25,10 +25,10 @@ class K8sLimitRangeTest extends K8sTestBase {
return [
'view all cloud service providers',
'list k8s limit range',
'view k8s limit range',
'edit k8s limit range',
'view any k8s limit range',
'edit any k8s limit range',
'add k8s limit range',
'delete k8s limit range',
'delete any k8s limit range',
'view k8s namespace ' . $this->namespace,
];
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment