Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-23 07:19:41 +02:00
Code Issues Releases Activity

feat(settings): introduce setting to disable container caps for non-admins (#4109)

Browse source 
* feat(settings): introduce settings to allow/disable

* feat(settings): update the setting

* feat(docker): prevent user from using caps if disabled

* refactor(stacks): revert file

* style(api): remove portainer ns
This commit is contained in:
Chaim Lev-Ari 2020-07-28 10:08:15 +03:00 committed by GitHub
parent fec85c77d6
commit 1a3f77137a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 136 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

32
app/docker/views/containers/create/createContainerController.js
View file

@ -611,6 +611,10 @@ angular.module('portainer.docker').controller('CreateContainerController', [
$scope.formValues.NodeName = nodeName;
HttpRequestHelper.setPortainerAgentTargetHeader(nodeName);
$scope.isAdmin = Authentication.isAdmin();
$scope.showDeviceMapping = await shouldShowDevices();
$scope.areContainerCapabilitiesEnabled = await checkIfContainerCapabilitiesEnabled();
Volume.query(
{},
function (d) {
@ -647,7 +651,7 @@ angular.module('portainer.docker').controller('CreateContainerController', [
loadFromContainerSpec();
} else {
$scope.fromContainer = {};
$scope.formValues.capabilities = new ContainerCapabilities();
$scope.formValues.capabilities = $scope.areContainerCapabilitiesEnabled ? new ContainerCapabilities() : [];
}
},
function (e) {
@ -684,9 +688,6 @@ angular.module('portainer.docker').controller('CreateContainerController', [
PluginService.loggingPlugins(apiVersion < 1.25).then(function success(loggingDrivers) {
$scope.availableLoggingDrivers = loggingDrivers;
});
$scope.isAdmin = Authentication.isAdmin();
$scope.showDeviceMapping = await shouldShowDevices();
}
function validateForm(accessControlData, isAdmin) {
@ -899,17 +900,26 @@ angular.module('portainer.docker').controller('CreateContainerController', [
}
}
async function shouldShowDevices() {
async function isAdminOrEndpointAdmin() {
const isAdmin = Authentication.isAdmin();
const { allowDeviceMappingForRegularUsers } = $scope.applicationState.application;
if (isAdmin || allowDeviceMappingForRegularUsers) {
if (isAdmin) {
return true;
}
const rbacEnabled = await ExtensionService.extensionEnabled(ExtensionService.EXTENSIONS.RBAC);
if (rbacEnabled) {
return Authentication.hasAuthorizations(['EndpointResourcesAccess']);
}
return rbacEnabled ? Authentication.hasAuthorizations(['EndpointResourcesAccess']) : false;
}
async function shouldShowDevices() {
const { allowDeviceMappingForRegularUsers } = $scope.applicationState.application;
return allowDeviceMappingForRegularUsers || isAdminOrEndpointAdmin();
}
async function checkIfContainerCapabilitiesEnabled() {
const { allowContainerCapabilitiesForRegularUsers } = $scope.applicationState.application;
return allowContainerCapabilitiesForRegularUsers || isAdminOrEndpointAdmin();
}
initView();