fix(permission): EE-3772 Team leaders are able to see all environments (#7331)

2025-08-02 20:35:25 +02:00 · 2022-07-26 11:02:25 +12:00 · 2022-07-26 11:02:25 +12:00 · 149c414d08
commit 149c414d08
parent f8b4663e0a
1 changed files with 4 additions and 4 deletions
--- a/api/http/security/filter.go
+++ b/api/http/security/filter.go
@ -81,11 +81,11 @@ func FilterRegistries(registries []portainer.Registry, user *portainer.User, tea
 }

 // FilterEndpoints filters environments(endpoints) based on user role and team memberships.
-// Non administrator and non-team-leader only have access to authorized environments(endpoints) (can be inherited via endpoint groups).
+// Non administrator only have access to authorized environments(endpoints) (can be inherited via endpoint groups).
 func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.Endpoint {
 	filteredEndpoints := endpoints

-	if !context.IsAdmin && !context.IsTeamLeader {
+	if !context.IsAdmin {
 		filteredEndpoints = make([]portainer.Endpoint, 0)

 		for _, endpoint := range endpoints {
@ -101,11 +101,11 @@ func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.Endpoint
 }

 // FilterEndpointGroups filters environment(endpoint) groups based on user role and team memberships.
-// Non administrator users and Non-team-leaders only have access to authorized environment(endpoint) groups.
+// Non administrator users only have access to authorized environment(endpoint) groups.
 func FilterEndpointGroups(endpointGroups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.EndpointGroup {
 	filteredEndpointGroups := endpointGroups

-	if !context.IsAdmin && !context.IsTeamLeader {
+	if !context.IsAdmin {
 		filteredEndpointGroups = make([]portainer.EndpointGroup, 0)

 		for _, group := range endpointGroups {