From cf47fd0993318d4dfceb698bda03212fffa2fc35 Mon Sep 17 00:00:00 2001 From: orblazer Date: Wed, 16 Feb 2022 19:31:43 +0100 Subject: [PATCH] fix invalid access action Signed-off-by: orblazer --- src/server/v2.0/handler/project.go | 2 +- src/server/v2.0/handler/repository.go | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/server/v2.0/handler/project.go b/src/server/v2.0/handler/project.go index 9ab8345d724..dba800aed82 100644 --- a/src/server/v2.0/handler/project.go +++ b/src/server/v2.0/handler/project.go @@ -580,7 +580,7 @@ func (a *projectAPI) ListScannerCandidatesOfProject(ctx context.Context, params } projectNameOrID := parseProjectNameOrID(params.ProjectNameOrID, params.XIsResourceName) - if err := a.RequireProjectAccess(ctx, projectNameOrID, rbac.ActionCreate, rbac.ResourceScanner); err != nil { + if err := a.RequireProjectAccess(ctx, projectNameOrID, rbac.ActionList, rbac.ResourceScanner); err != nil { return a.SendError(ctx, err) } diff --git a/src/server/v2.0/handler/repository.go b/src/server/v2.0/handler/repository.go index acf314cef12..4c92b307471 100644 --- a/src/server/v2.0/handler/repository.go +++ b/src/server/v2.0/handler/repository.go @@ -17,6 +17,7 @@ package handler import ( "context" "fmt" + "github.com/goharbor/harbor/src/common/security/robot" robotCtr "github.com/goharbor/harbor/src/controller/robot" pkgModels "github.com/goharbor/harbor/src/pkg/project/models" @@ -198,7 +199,7 @@ func (r *repositoryAPI) ListRepositories(ctx context.Context, params operation.L } func (r *repositoryAPI) GetRepository(ctx context.Context, params operation.GetRepositoryParams) middleware.Responder { - if err := r.RequireProjectAccess(ctx, params.ProjectName, rbac.ActionList, rbac.ResourceRepository); err != nil { + if err := r.RequireProjectAccess(ctx, params.ProjectName, rbac.ActionRead, rbac.ResourceRepository); err != nil { return r.SendError(ctx, err) } repository, err := r.repoCtl.GetByName(ctx, fmt.Sprintf("%s/%s", params.ProjectName, params.RepositoryName))