From 3800bc5afc1482e8aa4f91c8402eece13b1d4f9a Mon Sep 17 00:00:00 2001
From: Halo Dev Bot <87291978+halo-dev-bot@users.noreply.github.com>
Date: Mon, 26 Dec 2022 14:32:32 +0800
Subject: [PATCH] [release-2.0] Fix invalid attachment role templates (#3044)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is an automated cherry-pick of #3024

/assign JohnNiang

```release-note
修复附件权限定义的错误
```
---
 .../extensions/role-template-attachment.yaml          | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/main/resources/extensions/role-template-attachment.yaml b/src/main/resources/extensions/role-template-attachment.yaml
index d2d039e942..8bc99670a3 100644
--- a/src/main/resources/extensions/role-template-attachment.yaml
+++ b/src/main/resources/extensions/role-template-attachment.yaml
@@ -12,13 +12,16 @@ metadata:
       ["system:attachments:manage"]
 rules:
   - apiGroups: [ "storage.halo.run" ]
-    resources: [ "attachments" ]
+    resources: [ "attachments", "policies", "policytemplates", "groups" ]
     verbs: [ "*" ]
   - apiGroups: [ "api.console.halo.run" ]
     resources: [ "attachments" ]
     verbs: [ "*" ]
-  - nonResourceURLs: [ "/apis/api.console.halo.run/attachments/upload" ]
-    verbs: [ "post" ]
+  - apiGroups: [ "" ]
+    resources: [ "settings" ]
+    verbs: [ "get" ]
+  - nonResourceURLs: [ "/apis/api.console.halo.run/v1alpha1/attachments/upload" ]
+    verbs: [ "create" ]
 ---
 apiVersion: v1alpha1
 kind: "Role"
@@ -33,7 +36,7 @@ metadata:
       ["system:attachments:view"]
 rules:
   - apiGroups: [ "storage.halo.run" ]
-    resources: [ "attachments" ]
+    resources: [ "attachments", "policies", "policytemplates", "groups" ]
     verbs: [ "get", "list" ]
   - apiGroups: [ "api.console.halo.run" ]
     resources: [ "attachments" ]