|
|
@@ -124,13 +124,17 @@ func (kcl *KubeClient) UpdateNamespaceAccessPolicies(accessPolicies map[string]p
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// GetNonAdminNamespaces retrieves namespaces for a non-admin user, excluding the default namespace if restricted.
|
|
|
|
// GetNonAdminNamespaces retrieves namespaces for a non-admin user, excluding the default namespace if restricted.
|
|
|
|
func (kcl *KubeClient) GetNonAdminNamespaces(userID int) ([]string, error) {
|
|
|
|
func (kcl *KubeClient) GetNonAdminNamespaces(userID int, isRestrictDefaultNamespace bool) ([]string, error) {
|
|
|
|
accessPolicies, err := kcl.GetNamespaceAccessPolicies()
|
|
|
|
accessPolicies, err := kcl.GetNamespaceAccessPolicies()
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("an error occurred during the getNonAdminNamespaces operation, unable to get namespace access policies via portainer-config. check if portainer-config configMap exists in the Kubernetes cluster: %w", err)
|
|
|
|
return nil, fmt.Errorf("an error occurred during the getNonAdminNamespaces operation, unable to get namespace access policies via portainer-config. check if portainer-config configMap exists in the Kubernetes cluster: %w", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
nonAdminNamespaces := []string{defaultNamespace}
|
|
|
|
nonAdminNamespaces := []string{}
|
|
|
|
|
|
|
|
if !isRestrictDefaultNamespace {
|
|
|
|
|
|
|
|
nonAdminNamespaces = append(nonAdminNamespaces, defaultNamespace)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
for namespace, accessPolicy := range accessPolicies {
|
|
|
|
for namespace, accessPolicy := range accessPolicies {
|
|
|
|
if hasUserAccessToNamespace(userID, nil, accessPolicy) {
|
|
|
|
if hasUserAccessToNamespace(userID, nil, accessPolicy) {
|
|
|
|
nonAdminNamespaces = append(nonAdminNamespaces, namespace)
|
|
|
|
nonAdminNamespaces = append(nonAdminNamespaces, namespace)
|
|
|
|