Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-08-02 20:35:25 +02:00
Code Issues Releases Activity

chore(code): clean up the code EE-5719 (#9183)

Browse source
This commit is contained in:
andres-portainer 2023-07-10 23:26:54 -03:00 committed by GitHub
parent 979af5301e
commit 64b227b2e1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
24 changed files with 93 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

6
api/internal/authorization/authorizations.go
View file

@ -508,18 +508,21 @@ func getUserEndpointAuthorizations(user *portainer.User, endpoints []portainer.E
authorizations := getAuthorizationsFromUserEndpointPolicy(user, &endpoint, roles)
if len(authorizations) > 0 {
endpointAuthorizations[endpoint.ID] = authorizations
continue
}
authorizations = getAuthorizationsFromUserEndpointGroupPolicy(user, &endpoint, roles, groupUserAccessPolicies)
if len(authorizations) > 0 {
endpointAuthorizations[endpoint.ID] = authorizations
continue
}
authorizations = getAuthorizationsFromTeamEndpointPolicies(userMemberships, &endpoint, roles)
if len(authorizations) > 0 {
endpointAuthorizations[endpoint.ID] = authorizations
continue
}
@ -587,6 +590,7 @@ func getAuthorizationsFromRoles(roleIdentifiers []portainer.RoleID, roles []port
for _, role := range roles {
if role.ID == id {
associatedRoles = append(associatedRoles, role)
break
}
}
@ -609,6 +613,7 @@ func (service *Service) UserIsAdminOrAuthorized(userID portainer.UserID, endpoin
if err != nil {
return false, err
}
if user.Role == portainer.AdministratorRole {
return true, nil
}
@ -619,5 +624,6 @@ func (service *Service) UserIsAdminOrAuthorized(userID portainer.UserID, endpoin
return true, nil
}
}
return false, nil
}

13
api/internal/authorization/endpoint_role_with_override.go
View file

@ -74,20 +74,11 @@ func (service *Service) getUserEndpointAccessWithPolicies(
}
}
if userAccess(tx, userID, endpoint.UserAccessPolicies, endpoint.TeamAccessPolicies, memberships) {
return true, nil
}
if userAccess(tx, userID, endpointGroup.UserAccessPolicies, endpointGroup.TeamAccessPolicies, memberships) {
return true, nil
}
return false, nil
return userAccess(userID, endpoint.UserAccessPolicies, endpoint.TeamAccessPolicies, memberships) ||
userAccess(userID, endpointGroup.UserAccessPolicies, endpointGroup.TeamAccessPolicies, memberships), nil
}
func userAccess(
tx dataservices.DataStoreTx,
userID portainer.UserID,
userAccessPolicies portainer.UserAccessPolicies,
teamAccessPolicies portainer.TeamAccessPolicies,