Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-08-07 23:05:26 +02:00
Code Issues Releases Activity

fix(security): block non-admins from user info listing EE-5825 (#10241)

Browse source
This commit is contained in:
Dakota Walsh 2023-09-05 09:17:05 +12:00 committed by GitHub
parent e82b34b775
commit 6a08bbe7e9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/portainer/components/accessManagement/porAccessManagementController.js
View file

@ -6,10 +6,11 @@ import { isLimitedToBE } from '@/react/portainer/feature-flags/feature-flags.ser
class PorAccessManagementController {
/* @ngInject */
constructor($scope, Notifications, AccessService, RoleService) {
Object.assign(this, { $scope, Notifications, AccessService, RoleService });
constructor($scope, $state, Notifications, AccessService, RoleService) {
Object.assign(this, { $scope, $state, Notifications, AccessService, RoleService });
this.limitedToBE = false;
this.$state = $state;
this.unauthorizeAccess = this.unauthorizeAccess.bind(this);
this.updateAction = this.updateAction.bind(this);
@ -105,6 +106,7 @@ class PorAccessManagementController {
this.availableUsersAndTeams = _.orderBy(data.availableUsersAndTeams, 'Name', 'asc');
this.authorizedUsersAndTeams = data.authorizedUsersAndTeams;
} catch (err) {
this.$state.go('portainer.home');
this.availableUsersAndTeams = [];
this.authorizedUsersAndTeams = [];
this.Notifications.error('Failure', err, 'Unable to retrieve accesses');