Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-23 07:19:41 +02:00
Code Issues Releases Activity

feat(containers): disable edit container on security setting restricting regular users (#4111)

Browse source 
* feat(settings): add info about container edit disable

* feat(settings): set security settings

* feat(containers): hide recreate button when setting is enabled

* feat(settings): rephrase security notice

* fix(settings): save allowHostNamespaceForRegularUsers to state
This commit is contained in:
Chaim Lev-Ari 2020-07-29 05:52:23 +03:00 committed by GitHub
parent 1a3f77137a
commit 7539f09f98
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 54 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

21
app/docker/views/containers/edit/containerController.js
View file

@ -21,6 +21,7 @@ angular.module('portainer.docker').controller('ContainerController', [
'ImageService',
'HttpRequestHelper',
'Authentication',
'StateManager',
function (
$q,
$scope,
@ -40,7 +41,8 @@ angular.module('portainer.docker').controller('ContainerController', [
RegistryService,
ImageService,
HttpRequestHelper,
Authentication
Authentication,
StateManager
) {
$scope.activityTime = 0;
$scope.portBindings = [];
@ -94,9 +96,24 @@ angular.module('portainer.docker').controller('ContainerController', [
const inSwarm = $scope.container.Config.Labels['com.docker.swarm.service.id'];
const autoRemove = $scope.container.HostConfig.AutoRemove;
const admin = Authentication.isAdmin();
const appState = StateManager.getState();
const {
allowContainerCapabilitiesForRegularUsers,
allowHostNamespaceForRegularUsers,
allowDeviceMappingForRegularUsers,
allowBindMountsForRegularUsers,
allowPrivilegedModeForRegularUsers,
} = appState.application;
const settingRestrictsRegularUsers =
!allowContainerCapabilitiesForRegularUsers ||
!allowBindMountsForRegularUsers ||
!allowDeviceMappingForRegularUsers ||
!allowHostNamespaceForRegularUsers ||
!allowPrivilegedModeForRegularUsers;
ExtensionService.extensionEnabled(ExtensionService.EXTENSIONS.RBAC).then((rbacEnabled) => {
$scope.displayRecreateButton = !inSwarm && !autoRemove && (rbacEnabled ? admin : true);
$scope.displayRecreateButton = !inSwarm && !autoRemove && (settingRestrictsRegularUsers || rbacEnabled ? admin : true);
});
})
.catch(function error(err) {