diff --git a/pkg/permission/ruleset.go b/pkg/permission/ruleset.go
index a915a055759b3185825820233b623eb0d4b21762..0843afc79922be9a20c06009d4084a281b3cd68f 100644
--- a/pkg/permission/ruleset.go
+++ b/pkg/permission/ruleset.go
@@ -127,10 +127,10 @@ func (r Rule) GetPermission(action Action) *Permission {
case ActionRead:
p.Filter = r.ReadFilter
p.UnallowedFields = append(p.UnallowedFields, r.HiddenFields...)
- p.UnallowedFields = append(p.UnallowedFields, data.Difference(r.WriteonlyFields, r.ReadonlyFields)...)
+ p.UnallowedFields = append(p.UnallowedFields, r.WriteonlyFields...)
case ActionCreate, ActionUpdate, ActionDelete:
p.Filter = r.WriteFilter
- p.UnallowedFields = append(p.UnallowedFields, data.Difference(r.ReadonlyFields, r.WriteonlyFields)...)
+ p.UnallowedFields = append(p.UnallowedFields, r.ReadonlyFields...)
}
p.UnallowedFields = data.SetFromSlice(p.UnallowedFields)
diff --git a/pkg/permission/ruleset_test.go b/pkg/permission/ruleset_test.go
index a05753844b25dcc3e0484b27384e89a39c7e26f5..175c36261152afcf2b2c585382588f97b5465591 100644
--- a/pkg/permission/ruleset_test.go
+++ b/pkg/permission/ruleset_test.go
@@ -68,7 +68,7 @@ func TestRule_GetPermission(t *testing.T) {
name: "ActionRead readonly&writeonly",
action: ActionRead,
rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, ReadonlyFields: []string{"f1"}, HiddenFields: []string{"f2"}, WriteonlyFields: []string{"f1"}},
- unallowedFields: []string{"f2"},
+ unallowedFields: []string{"f1", "f2"},
},
{
name: "ActionUpdate",
@@ -80,7 +80,7 @@ func TestRule_GetPermission(t *testing.T) {
name: "ActionUpdate readonly&writeonly",
action: ActionUpdate,
rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, ReadonlyFields: []string{"f1"}, HiddenFields: []string{"f2"}, WriteonlyFields: []string{"f1"}},
- unallowedFields: []string{},
+ unallowedFields: []string{"f1"},
},
}
for _, tt := range tests {