Expected behavior and actual behavior:
According to https://github.com/goharbor/harbor/blob/main/src/server/v2.0/handler/robot.go#L263
A user/robot needs the "rbac.ActionUpdate" permission in order to update the security of a robot. (error seems to originate from this section of code:
|
resource := system.NewNamespace().Resource(subresource...) |
|
if !secCtx.Can(ctx, action, resource) { |
|
return errors.ForbiddenError(nil).WithMessage(secCtx.GetUsername()) |
|
} |
)
However, robots cannot be granted that robots.ActionUpdate permission per this menu inside of the edit robots permission.
Steps to reproduce the problem:
Create two system-level robots, one with every system permission, the other with none
Query the API with PATCH https://{harbor}/api/v2.0/robots/{robot_id}/ log-in should be bot with all permissions
Recieve a FORBIDDEN with "message": "{logged-in account name}"
Expected behavior and actual behavior:
According to https://github.com/goharbor/harbor/blob/main/src/server/v2.0/handler/robot.go#L263
A user/robot needs the "rbac.ActionUpdate" permission in order to update the security of a robot. (error seems to originate from this section of code:
harbor/src/server/v2.0/handler/base.go
Lines 135 to 138 in 8b82233
Steps to reproduce the problem:
Create two system-level robots, one with every system permission, the other with none
Query the API with PATCH https://{harbor}/api/v2.0/robots/{robot_id}/ log-in should be bot with all permissions
Recieve a FORBIDDEN with "message": "{logged-in account name}"