Merge pull request goharbor#8560 from stonezdj/merge_user_group_roles…

…_v182 Merge user roles and group roles -- 1.8 cherry pick
xaleeks · Aug 5, 2019 · 1c3a3d5 · 1c3a3d5
2 parents 41b8e60 + 7d8fcf0
commit 1c3a3d5
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 4 deletions.
diff --git a/docs/manage_role_by_ldap_group.md b/docs/manage_role_by_ldap_group.md
@@ -49,4 +49,4 @@ If a user is in the LDAP groups with admin privilege (ldap_group_admin_dn), the
 
 ## User privileges and group privileges
 
-If a user has both user-level role and group-level role, only the user level role privileges will be considered.
+If a user has both user-level role and group-level role, these privileges are merged together.
diff --git a/src/common/security/local/context.go b/src/common/security/local/context.go
@@ -127,10 +127,24 @@ func (s *SecurityContext) GetProjectRoles(projectIDOrName interface{}) []int {
 			roles = append(roles, common.RoleGuest)
 		}
 	}
-	if len(roles) != 0 {
-		return roles
+	return mergeRoles(roles, s.GetRolesByGroup(projectIDOrName))
+}
+
+func mergeRoles(rolesA, rolesB []int) []int {
+	type void struct{}
+	var roles []int
+	var placeHolder void
+	roleSet := make(map[int]void)
+	for _, r := range rolesA {
+		roleSet[r] = placeHolder
 	}
-	return s.GetRolesByGroup(projectIDOrName)
+	for _, r := range rolesB {
+		roleSet[r] = placeHolder
+	}
+	for r := range roleSet {
+		roles = append(roles, r)
+	}
+	return roles
 }
 
 // GetRolesByGroup - Get the group role of current user to the project

diff --git a/src/common/security/local/context_test.go b/src/common/security/local/context_test.go
@@ -408,3 +408,27 @@ func TestSecurityContext_GetMyProjects(t *testing.T) {
 		})
 	}
 }
+
+func Test_mergeRoles(t *testing.T) {
+	type args struct {
+		rolesA []int
+		rolesB []int
+	}
+	tests := []struct {
+		name string
+		args args
+		want []int
+	}{
+		{"normal", args{[]int{3, 4}, []int{1, 2, 3, 4}}, []int{1, 2, 3, 4}},
+		{"empty", args{[]int{}, []int{}}, []int{}},
+		{"left empty", args{[]int{}, []int{1, 2, 3, 4}}, []int{1, 2, 3, 4}},
+		{"right empty", args{[]int{1, 2, 3, 4}, []int{}}, []int{1, 2, 3, 4}},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := mergeRoles(tt.args.rolesA, tt.args.rolesB); !test.CheckSetsEqual(got, tt.want) {
+				t.Errorf("mergeRoles() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/src/common/utils/test/test.go b/src/common/utils/test/test.go
@@ -142,3 +142,33 @@ func TraceCfgMap(cfgs map[string]interface{}) {
 		fmt.Printf("%v=%v\n", k, cfgs[k])
 	}
 }
+
+// CheckSetsEqual - check int set if they are equals
+func CheckSetsEqual(setA, setB []int) bool {
+	if len(setA) != len(setB) {
+		return false
+	}
+	type void struct{}
+	var exist void
+	setAll := make(map[int]void)
+	for _, r := range setA {
+		setAll[r] = exist
+	}
+	for _, r := range setB {
+		if _, ok := setAll[r]; !ok {
+			return false
+		}
+	}
+
+	setAll = make(map[int]void)
+	for _, r := range setB {
+		setAll[r] = exist
+	}
+	for _, r := range setA {
+		if _, ok := setAll[r]; !ok {
+			return false
+		}
+	}
+	return true
+
+}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -49,4 +49,4 @@ If a user is in the LDAP groups with admin privilege (ldap_group_admin_dn), the

		## User privileges and group privileges

		If a user has both user-level role and group-level role, only the user level role privileges will be considered.
		If a user has both user-level role and group-level role, these privileges are merged together.