Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-24 07:49:41 +02:00
Code Issues Releases Activity

fix(access): support to list users or teams with specified endpoint [EE-1704] (#7610)

Browse source
This commit is contained in:
Oscar Zhou 2022-09-16 14:45:14 +12:00 committed by GitHub
parent f71fe87ba7
commit 53025178ef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
25 changed files with 632 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

41
api/http/handler/teams/team_list.go
View file

@ -6,6 +6,7 @@ import (
httperror "github.com/portainer/libhttp/error"
"github.com/portainer/libhttp/request"
"github.com/portainer/libhttp/response"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/http/security"
)
@ -15,6 +16,7 @@ import (
// @description **Access policy**: restricted
// @tags teams
// @param onlyLedTeams query boolean false "Only list teams that the user is leader of"
// @param environmentId query int false "Identifier of the environment(endpoint) that will be used to filter the authorized teams"
// @security ApiKeyAuth
// @security jwt
// @produce json
@ -34,13 +36,42 @@ func (handler *Handler) teamList(w http.ResponseWriter, r *http.Request) *httper
onlyLedTeams, _ := request.RetrieveBooleanQueryParameter(r, "onlyLedTeams", true)
filteredTeams := teams
var userTeams []portainer.Team
if onlyLedTeams {
filteredTeams = security.FilterLeaderTeams(filteredTeams, securityContext)
userTeams = security.FilterLeaderTeams(teams, securityContext)
} else {
userTeams = security.FilterUserTeams(teams, securityContext)
}
filteredTeams = security.FilterUserTeams(filteredTeams, securityContext)
endpointID, _ := request.RetrieveNumericQueryParameter(r, "environmentId", true)
if endpointID == 0 {
return response.JSON(w, userTeams)
}
return response.JSON(w, filteredTeams)
// filter out teams who do not have access to the specific endpoint
endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
if err != nil {
return httperror.InternalServerError("Unable to retrieve endpoint from the database", err)
}
endpointGroup, err := handler.DataStore.EndpointGroup().EndpointGroup(endpoint.GroupID)
if err != nil {
return httperror.InternalServerError("Unable to retrieve environment groups from the database", err)
}
allowedTeams := make(map[portainer.TeamID]struct{})
for teamID := range endpointGroup.TeamAccessPolicies {
allowedTeams[teamID] = struct{}{}
}
for teamID := range endpoint.TeamAccessPolicies {
allowedTeams[teamID] = struct{}{}
}
listableTeams := make([]portainer.Team, 0)
for _, team := range userTeams {
if _, ok := allowedTeams[team.ID]; ok {
listableTeams = append(listableTeams, team)
}
}
return response.JSON(w, listableTeams)
}