Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-08-04 13:25:26 +02:00
Code Issues Releases Activity

fix(permission): EE-3772 Team leaders are able to see all environments (#7331)

Browse source
This commit is contained in:
congs 2022-07-26 11:02:25 +12:00 committed by GitHub
parent f8b4663e0a
commit 149c414d08
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
api/http/security/filter.go
View file

@ -81,11 +81,11 @@ func FilterRegistries(registries []portainer.Registry, user *portainer.User, tea
} }
// FilterEndpoints filters environments(endpoints) based on user role and team memberships. // FilterEndpoints filters environments(endpoints) based on user role and team memberships.
// Non administrator and non-team-leader only have access to authorized environments(endpoints) (can be inherited via endpoint groups). // Non administrator only have access to authorized environments(endpoints) (can be inherited via endpoint groups).
func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.Endpoint { func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.Endpoint {
filteredEndpoints := endpoints filteredEndpoints := endpoints
if !context.IsAdmin && !context.IsTeamLeader { if !context.IsAdmin {
filteredEndpoints = make([]portainer.Endpoint, 0) filteredEndpoints = make([]portainer.Endpoint, 0)
for _, endpoint := range endpoints { for _, endpoint := range endpoints {
@ -101,11 +101,11 @@ func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.Endpoint
} }
// FilterEndpointGroups filters environment(endpoint) groups based on user role and team memberships. // FilterEndpointGroups filters environment(endpoint) groups based on user role and team memberships.
// Non administrator users and Non-team-leaders only have access to authorized environment(endpoint) groups. // Non administrator users only have access to authorized environment(endpoint) groups.
func FilterEndpointGroups(endpointGroups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.EndpointGroup { func FilterEndpointGroups(endpointGroups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.EndpointGroup {
filteredEndpointGroups := endpointGroups filteredEndpointGroups := endpointGroups
if !context.IsAdmin && !context.IsTeamLeader { if !context.IsAdmin {
filteredEndpointGroups = make([]portainer.EndpointGroup, 0) filteredEndpointGroups = make([]portainer.EndpointGroup, 0)
for _, group := range endpointGroups { for _, group := range endpointGroups {