| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 |
- // Copyright 2019 Yunion
- //
- // Licensed under the Apache License, Version 2.0 (the "License");
- // you may not use this file except in compliance with the License.
- // You may obtain a copy of the License at
- //
- // http://www.apache.org/licenses/LICENSE-2.0
- //
- // Unless required by applicable law or agreed to in writing, software
- // distributed under the License is distributed on an "AS IS" BASIS,
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- // See the License for the specific language governing permissions and
- // limitations under the License.
- package policy
- import (
- "yunion.io/x/jsonutils"
- "yunion.io/x/log"
- "yunion.io/x/pkg/util/rbacscope"
- "yunion.io/x/onecloud/pkg/util/rbacutils"
- )
- var (
- predefinedDefaultPolicies = []rbacutils.SRbacPolicy{
- {
- Auth: true,
- Scope: rbacscope.ScopeSystem,
- Rules: []rbacutils.SRbacRule{
- {
- Resource: "tasks",
- Action: PolicyActionPerform,
- Result: rbacutils.Allow,
- },
- {
- Resource: "metadatas",
- Action: PolicyActionList,
- Result: rbacutils.Allow,
- },
- },
- },
- {
- Auth: true,
- Scope: rbacscope.ScopeProject,
- Rules: []rbacutils.SRbacRule{
- {
- Resource: "tasks",
- Action: PolicyActionPerform,
- Result: rbacutils.Allow,
- },
- {
- // usages for any services
- Resource: "usages",
- Action: PolicyActionGet,
- Result: rbacutils.Allow,
- },
- },
- },
- {
- // for domain
- Auth: true,
- Scope: rbacscope.ScopeDomain,
- Rules: []rbacutils.SRbacRule{
- {
- // usages for any services
- Resource: "usages",
- Action: PolicyActionGet,
- Result: rbacutils.Allow,
- },
- },
- },
- }
- )
- func AppendDefaultPolicies(policies []rbacutils.SRbacPolicy) {
- log.Infof("Appending default policies: %s", jsonutils.Marshal(policies))
- predefinedDefaultPolicies = append(predefinedDefaultPolicies, policies...)
- }
|
