| 379 | } |
| 380 | |
| 381 | func OpenAPIGetRole(c *gin.Context) { |
| 382 | ctx := internalhandler.NewContext(c) |
| 383 | defer func() { internalhandler.JSONResponse(c, ctx) }() |
| 384 | |
| 385 | err := userhandler.GenerateUserAuthInfo(ctx) |
| 386 | if err != nil { |
| 387 | ctx.UnAuthorized = true |
| 388 | ctx.RespErr = fmt.Errorf("failed to generate user authorization info, error: %s", err) |
| 389 | return |
| 390 | } |
| 391 | |
| 392 | projectName := c.Query("namespace") |
| 393 | if projectName == "" { |
| 394 | ctx.RespErr = e.ErrInvalidParam.AddDesc("args namespace can't be empty") |
| 395 | return |
| 396 | } |
| 397 | |
| 398 | if !ctx.Resources.IsSystemAdmin { |
| 399 | if projectName == "*" { |
| 400 | ctx.UnAuthorized = true |
| 401 | return |
| 402 | } |
| 403 | |
| 404 | if _, ok := ctx.Resources.ProjectAuthInfo[projectName]; !ok { |
| 405 | ctx.UnAuthorized = true |
| 406 | return |
| 407 | } |
| 408 | |
| 409 | if !ctx.Resources.ProjectAuthInfo[projectName].IsProjectAdmin { |
| 410 | ctx.UnAuthorized = true |
| 411 | return |
| 412 | } |
| 413 | } |
| 414 | |
| 415 | ctx.Resp, ctx.RespErr = permission.GetRole(projectName, c.Param("name"), ctx.Logger) |
| 416 | } |
| 417 | |
| 418 | func GetRole(c *gin.Context) { |
| 419 | ctx := internalhandler.NewContext(c) |