From 2bf2f481ef9ae46b4ba8faca98652a0c7844f26d Mon Sep 17 00:00:00 2001 From: SebPlv <53788114+SebPlv@users.noreply.github.com> Date: Wed, 12 Nov 2025 17:22:13 +0100 Subject: [PATCH] fix #3601 - fails to modify or delete namespaces using RBAC (#3671) --- internal/client/client.go | 4 ++++ internal/view/browser.go | 3 --- internal/watch/factory.go | 6 +----- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/internal/client/client.go b/internal/client/client.go index 125efca4..a580b017 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -150,6 +150,10 @@ func (a *APIClient) CanI(ns string, gvr *GVR, name string, verbs []string) (auth if !a.getConnOK() { return false, errors.New("ACCESS -- No API server connection") } + if gvr == NsGVR { + // The name of the namespace is required to check permissions in some cases + ns = name + } if IsClusterWide(ns) { ns = BlankNamespace } diff --git a/internal/view/browser.go b/internal/view/browser.go index a6ca0ed4..e748daad 100644 --- a/internal/view/browser.go +++ b/internal/view/browser.go @@ -519,9 +519,6 @@ func editRes(app *App, gvr *client.GVR, path string) error { if client.IsClusterScoped(ns) { ns = client.BlankNamespace } - if gvr == client.NsGVR { - n = ns - } if ok, err := app.Conn().CanI(ns, gvr, n, client.PatchAccess); !ok || err != nil { return fmt.Errorf("current user can't edit resource %s", gvr) } diff --git a/internal/watch/factory.go b/internal/watch/factory.go index 408239fb..e65d1eb1 100644 --- a/internal/watch/factory.go +++ b/internal/watch/factory.go @@ -201,11 +201,7 @@ func (f *Factory) isClusterWide() bool { // CanForResource return an informer is user has access. func (f *Factory) CanForResource(ns string, gvr *client.GVR, verbs []string) (informers.GenericInformer, error) { - var resName string - if gvr == client.NsGVR { - resName = ns - } - auth, err := f.Client().CanI(ns, gvr, resName, verbs) + auth, err := f.Client().CanI(ns, gvr, "", verbs) if err != nil { return nil, err }