diff --git a/src/main/resources/extensions/role-template-authenticated.yaml b/src/main/resources/extensions/role-template-authenticated.yaml index 7045be170..434a77f6e 100644 --- a/src/main/resources/extensions/role-template-authenticated.yaml +++ b/src/main/resources/extensions/role-template-authenticated.yaml @@ -7,9 +7,12 @@ metadata: halo.run/hidden: "true" annotations: rbac.authorization.halo.run/dependencies: | - [ "role-template-own-user-info", "role-template-own-permissions", "role-template-change-own-password", - "role-template-manage-configmaps" ] -rules: [ ] + [ "role-template-own-user-info", "role-template-own-permissions", "role-template-change-own-password" ] +rules: + - apiGroups: [ "" ] + resources: [ "configmaps" ] + resourceNames: [ "system-states" ] + verbs: [ "get" ] --- apiVersion: v1alpha1 kind: "Role" diff --git a/src/main/resources/extensions/role-template-menu.yaml b/src/main/resources/extensions/role-template-menu.yaml index dca426b5d..24a4d71df 100644 --- a/src/main/resources/extensions/role-template-menu.yaml +++ b/src/main/resources/extensions/role-template-menu.yaml @@ -23,7 +23,7 @@ metadata: halo.run/role-template: "true" annotations: rbac.authorization.halo.run/module: "Menus Management" - rbac.authorization.halo.run/display-name: "Menu Manage" + rbac.authorization.halo.run/display-name: "Menu View" rbac.authorization.halo.run/ui-permissions: | ["system:menus:view"] rules: diff --git a/src/main/resources/extensions/role-template-plugin.yaml b/src/main/resources/extensions/role-template-plugin.yaml index 8c851227b..0edc23b9f 100644 --- a/src/main/resources/extensions/role-template-plugin.yaml +++ b/src/main/resources/extensions/role-template-plugin.yaml @@ -6,7 +6,7 @@ metadata: halo.run/role-template: "true" annotations: rbac.authorization.halo.run/dependencies: | - [ "role-template-view-plugins", "role-template-manage-configmaps" ] + [ "role-template-view-plugins" ] rbac.authorization.halo.run/module: "Plugins Management" rbac.authorization.halo.run/display-name: "Plugin Manage" rbac.authorization.halo.run/ui-permissions: | @@ -15,6 +15,8 @@ rules: - apiGroups: [ "plugin.halo.run" ] resources: [ "plugins" ] verbs: [ "create", "patch", "update", "delete", "deletecollection" ] + - nonResourceURLs: [ "/apis/api.console.halo.run/v1alpha1/plugins/install" ] + verbs: [ "create" ] --- apiVersion: v1alpha1 kind: "Role" @@ -23,7 +25,6 @@ metadata: labels: halo.run/role-template: "true" annotations: - rbac.authorization.halo.run/dependencies: "[ \"role-template-view-settings\" ]" rbac.authorization.halo.run/module: "Plugins Management" rbac.authorization.halo.run/display-name: "Plugin View" rbac.authorization.halo.run/ui-permissions: | @@ -32,3 +33,6 @@ rules: - apiGroups: [ "plugin.halo.run" ] resources: [ "plugins" ] verbs: [ "get", "list" ] + - apiGroups: [ "api.console.halo.run" ] + resources: [ "plugins" ] + verbs: [ "get", "list" ]