发现一个问题:
插件自定义的接口匿名访问可以通过如下配置实现:
rbac.authorization.halo.run/aggregate-to-anonymous: "true"
但是我想实现仅登录用户才能访问插件的自定义接口时,配置了
rbac.authorization.halo.run/aggregate-to-authenticated: "true"
却无法达到预期效果(在使用普通用户登录halo后,访问自定义接口会报403错误)。
完整的配置如下:
apiVersion: v1alpha1
kind: Role
metadata:
name: template-halo-plugin-auto-backup-manage
labels:
halo.run/role-template: "true"
halo.run/hidden: "true"
rbac.authorization.halo.run/aggregate-to-authenticated: "true"
rules:
- apiGroups: [ "autobackup.wangwenzhu.cn" ]
resources: [ "config-interval" ]
verbs: [ "get" ]
