feat(custom-templates): introduce custom templates (#3906)

* feat(custom-templates): introduce types * feat(custom-templates): introduce data layer service * feat(custom-templates): introduce http handler * feat(custom-templates): create routes and view stubs * feat(custom-templates): add create custom template ui * feat(custom-templates): add json keys * feat(custom-templates): introduce custom templates list page * feat(custom-templates): introduce update page * feat(stack): create template from stack * feat(stacks): create stack from custom template * feat(custom-templates): disable edit/delete of templates * fix(custom-templates): fail update on non admin/owner * fix(custom-templates): add ng-inject decorator * chore(plop): revert template * feat(stacks): remove actions column * feat(stack): add button to create template from stack * feat(stacks): add empty state for templates * feat(custom-templates): show templates in a list * feat(custom-template): replace table with list * feat(custom-templates): move create template button * refactor(custom-templates): introduce more fields * feat(custom-templates): use stack type when creating template * feat(custom-templates): use same type as stack * feat(custom-templates): add edit and delete buttons to template item * feat(custom-templates): customize stack before deploy * feat(stack): show template details * feat(custom-templates): move customize * feat(custom-templates): create description required * fix(template): show platform icon * fix(custom-templates): show spinner when creating stack * feat(custom-templates): prevent user from edit templates * feat(custom-templates): use resource control for custom templates * feat(custom-templates): show created templates * feat(custom-templates): filter templates by stack type * fix(custom-templates): create swarm or standalone stack * feat(stacks): filter templates by type * feat(resource-control): disable resource control on public * feat(custom-template): apply access control on edit * feat(custom-template): add form validation * feat(stack): disable create custom template from external task * refactor(custom-templates): create template from file and type * feat(templates): introduce a file handler that returns template docker file * feat(template): introduce template duplication * feat(custom-template): enforce unique template name * fix(template): rename copy button * fix(custom-template): clear access control selection between templates * fix(custom-templates): show required fields * refactor(filesystem): use a constant for temp path
2025-07-23 07:19:41 +02:00 · 2020-07-07 02:18:39 +03:00 · 2020-07-07 02:18:39 +03:00 · 53b37ab8c8
commit 53b37ab8c8
parent 42aa8ceb00
58 changed files with 2513 additions and 154 deletions
--- a/api/internal/authorization/access_control.go
+++ b/api/internal/authorization/access_control.go
@ -1,6 +1,10 @@
 package authorization

-import "github.com/portainer/portainer/api"
+import (
+	"strconv"
+
+	"github.com/portainer/portainer/api"
+)

 // NewPrivateResourceControl will create a new private resource control associated to the resource specified by the
 // identifier and type parameters. It automatically assigns it to the user specified by the userID parameter.
@ -100,6 +104,20 @@ func DecorateStacks(stacks []portainer.Stack, resourceControls []portainer.Resou
 	return stacks
 }

+// DecorateCustomTemplates will iterate through a list of custom templates, check for an associated resource control for each
+// template and decorate the template element if a resource control is found.
+func DecorateCustomTemplates(templates []portainer.CustomTemplate, resourceControls []portainer.ResourceControl) []portainer.CustomTemplate {
+	for idx, template := range templates {
+
+		resourceControl := GetResourceControlByResourceIDAndType(strconv.Itoa(int(template.ID)), portainer.CustomTemplateResourceControl, resourceControls)
+		if resourceControl != nil {
+			templates[idx].ResourceControl = resourceControl
+		}
+	}
+
+	return templates
+}
+
 // FilterAuthorizedStacks returns a list of decorated stacks filtered through resource control access checks.
 func FilterAuthorizedStacks(stacks []portainer.Stack, user *portainer.User, userTeamIDs []portainer.TeamID, rbacEnabled bool) []portainer.Stack {
 	authorizedStacks := make([]portainer.Stack, 0)
@ -119,6 +137,19 @@ func FilterAuthorizedStacks(stacks []portainer.Stack, user *portainer.User, user
 	return authorizedStacks
 }

+// FilterAuthorizedCustomTemplates returns a list of decorated custom templates filtered through resource control access checks.
+func FilterAuthorizedCustomTemplates(customTemplates []portainer.CustomTemplate, user *portainer.User, userTeamIDs []portainer.TeamID) []portainer.CustomTemplate {
+	authorizedTemplates := make([]portainer.CustomTemplate, 0)
+
+	for _, customTemplate := range customTemplates {
+		if customTemplate.CreatedByUserID == user.ID || (customTemplate.ResourceControl != nil && UserCanAccessResource(user.ID, userTeamIDs, customTemplate.ResourceControl)) {
+			authorizedTemplates = append(authorizedTemplates, customTemplate)
+		}
+	}
+
+	return authorizedTemplates
+}
+
 // UserCanAccessResource will valide that a user has permissions defined in the specified resource control
 // based on its identifier and the team(s) he is part of.
 func UserCanAccessResource(userID portainer.UserID, userTeamIDs []portainer.TeamID, resourceControl *portainer.ResourceControl) bool {