Check permission when operating on lease

internal/service/controller_service.go

@@ -20,6 +20,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"fmt"
 	"net"
 	"os"
 	"strings"
@@ -440,6 +441,10 @@ func (s *ControllerService) GetLease(
 		return nil, err
 	}
 
+	if lease.Spec.ClientName != client.Name {
+		return nil, fmt.Errorf("GetLease permission denied")
+	}
+
 	var matchExpressions []*pb.LabelSelectorRequirement
 	for _, exp := range lease.Spec.Selector.MatchExpressions {
 		matchExpressions = append(matchExpressions, &pb.LabelSelectorRequirement{
@@ -519,6 +524,10 @@ func (s *ControllerService) DeleteLease(
 		return nil, err
 	}
 
+	if lease.Spec.ClientName != client.Name {
+		return nil, fmt.Errorf("DeleteLease permission denied")
+	}
+
 	if err := s.Delete(ctx, &lease); err != nil {
 		return nil, err
 	}