perf: improve s3link role permissions (#89)

1. 新建用户，仅赋予 s3link 权限 2. 测试关联s3文件功能是否正常使用请使用 <ff7af9f0d9> 之后的版本进行测试 ```release-note 完善 s3link 角色权限 ```
2025-10-15 06:39:08 +00:00 · 2023-10-26 13:44:12 +08:00
parent 08d6ff49c8
commit c79fee9ba1
5 changed files with 30 additions and 7 deletions
--- a/build.gradle
+++ b/build.gradle
@@ -2,7 +2,7 @@ plugins {
    id 'java'
    id "com.github.node-gradle.node" version "5.0.0"
    id "io.freefair.lombok" version "8.0.1"
-    id "run.halo.plugin.devtools" version "0.0.6"
+    id "run.halo.plugin.devtools" version "0.0.7"
 }

 group 'run.halo.s3os'
@@ -16,7 +16,7 @@ repositories {
 }

 dependencies {
-    implementation platform('run.halo.tools.platform:plugin:2.9.0-SNAPSHOT')
+    implementation platform('run.halo.tools.platform:plugin:2.10.0-SNAPSHOT')
    compileOnly 'run.halo.app:api'

    implementation platform('software.amazon.awssdk:bom:2.19.8')
@@ -33,7 +33,7 @@ configurations.runtimeClasspath {


 halo {
-    version = '2.9.0'
+    version = '2.10.0'
 }

 haloPlugin {
--- a/console/src/index.ts
+++ b/console/src/index.ts
@@ -1,6 +1,6 @@
 import {definePlugin} from "@halo-dev/console-shared";
 import type {PluginTab} from "@halo-dev/console-shared";
-import HomeView from "./views/HomeView.vue";
+import S3Link from "./views/S3Link.vue";
 import {markRaw} from "vue";

 export default definePlugin({
@@ -12,8 +12,8 @@ export default definePlugin({
        {
          id: "s3-link",
          label: "关联S3文件",
-          component: markRaw(HomeView),
-          permissions: []
+          component: markRaw(S3Link),
+          permissions: ["plugin:s3os:link"]
        },
      ];
    },
--- a/console/src/views/HomeView.vue
+++ b/console/src/views/HomeView.vue
--- a/src/main/resources/console/main.js
+++ b/src/main/resources/console/main.js
--- a/src/main/resources/extensions/s3os-role-template.yaml
+++ b/src/main/resources/extensions/s3os-role-template.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1alpha1
+kind: "Role"
+metadata:
+  name: role-template-s3os-link
+  labels:
+    halo.run/role-template: "true"
+  annotations:
+    rbac.authorization.halo.run/dependencies: |
+      [ "role-template-manage-attachments", "role-template-view-plugins" ]
+    rbac.authorization.halo.run/module: "S3 Attachments Management"
+    rbac.authorization.halo.run/display-name: "S3 Link"
+    rbac.authorization.halo.run/ui-permissions: |
+      ["plugin:s3os:link"]
+rules:
+  - apiGroups: [ "s3os.halo.run" ]
+    resources: [ "policies" ]
+    resourceNames: [ "s3" ]
+    verbs: [ "get", "list" ]
+  - apiGroups: [ "s3os.halo.run" ]
+    resources: [ "objects" ]
+    verbs: [ "get", "list" ]
+  - nonResourceURLs: ["/apis/s3os.halo.run/v1alpha1/attachments/link"]
+    verbs: [ "create" ]