feat(registry-manager): allow regular users to use the registry browse feature (#2664)

* feat(registries): registries accessibility to all authorized people and not only admins * feat(registry): dockerhub settings for admin only * feat(registry): remove registry config access for non admin users * feat(api): use AuthenticatedAccess policy instead of RestrictedAccess for extensionList operation * refactor(api): minor update to security package * refactor(api): revert unexporting function changes * refactor(api): apply gofmt
2025-08-05 05:45:22 +02:00 · 2019-02-25 01:02:49 +01:00 · 2019-02-25 01:02:49 +01:00 · 7aa6a30614
commit 7aa6a30614
parent 99e50370bd
13 changed files with 70 additions and 19 deletions
--- a/app/extensions/registry-management/views/repositories/registryRepositories.html
+++ b/app/extensions/registry-management/views/repositories/registryRepositories.html
@ -5,7 +5,7 @@
    </a>
  </rd-header-title>
  <rd-header-content>
-    <a ui-sref="portainer.registries">Registries</a> &gt; <a ui-sref="portainer.registries.registry({id: registry.Id})">{{ registry.Name }}</a> &gt; Repositories
+    <a ui-sref="portainer.registries">Registries</a> &gt; <a ng-if="isAdmin" ui-sref="portainer.registries.registry({id: registry.Id})">{{ registry.Name }}</a><span ng-if="!isAdmin">{{ registry.Name}}</span> &gt; Repositories
  </rd-header-content>
 </rd-header>

--- a/app/extensions/registry-management/views/repositories/registryRepositoriesController.js
+++ b/app/extensions/registry-management/views/repositories/registryRepositoriesController.js
@ -1,6 +1,6 @@
 angular.module('portainer.extensions.registrymanagement')
-.controller('RegistryRepositoriesController', ['$transition$', '$scope',  'RegistryService', 'RegistryV2Service', 'Notifications',
-function ($transition$, $scope, RegistryService, RegistryV2Service, Notifications) {
+.controller('RegistryRepositoriesController', ['$transition$', '$scope',  'RegistryService', 'RegistryV2Service', 'Notifications', 'Authentication',
+function ($transition$, $scope, RegistryService, RegistryV2Service, Notifications, Authentication) {

  $scope.state = {
    displayInvalidConfigurationMessage: false
@ -9,6 +9,13 @@ function ($transition$, $scope, RegistryService, RegistryV2Service, Notification
  function initView() {
    var registryId = $transition$.params().id;

+    var authenticationEnabled = $scope.applicationState.application.authentication;
+    if (authenticationEnabled) {
+      var userDetails = Authentication.getUserDetails();
+      var isAdmin = userDetails.role === 1;
+      $scope.isAdmin = isAdmin;
+    }
+
    RegistryService.registry(registryId)
    .then(function success(data) {
      $scope.registry = data;
--- a/app/portainer/components/datatables/registries-datatable/registriesDatatable.html
+++ b/app/portainer/components/datatables/registries-datatable/registriesDatatable.html
@ -6,7 +6,7 @@
          <i class="fa" ng-class="$ctrl.titleIcon" aria-hidden="true" style="margin-right: 2px;"></i> {{ $ctrl.titleText }}
        </div>
      </div>
-      <div class="actionBar">
+      <div class="actionBar" ng-if="$ctrl.accessManagement">
        <button type="button" class="btn btn-sm btn-danger"
          ng-disabled="$ctrl.state.selectedItemCount === 0" ng-click="$ctrl.removeAction($ctrl.state.selectedItems)">
          <i class="fa fa-trash-alt space-right" aria-hidden="true"></i>Remove
@ -24,7 +24,7 @@
          <thead>
            <tr>
              <th>
-                <span class="md-checkbox">
+                <span class="md-checkbox" ng-if="$ctrl.accessManagement">
                  <input id="select_all" type="checkbox" ng-model="$ctrl.state.selectAll" ng-change="$ctrl.selectAll()" />
                  <label for="select_all"></label>
                </span>
@ -47,11 +47,12 @@
          <tbody>
            <tr dir-paginate="item in ($ctrl.state.filteredDataSet = ($ctrl.dataset | filter:$ctrl.state.textFilter | orderBy:$ctrl.state.orderBy:$ctrl.state.reverseOrder | itemsPerPage: $ctrl.state.paginatedItemLimit))" ng-class="{active: item.Checked}">
              <td>
-                <span class="md-checkbox">
+                <span class="md-checkbox" ng-if="$ctrl.accessManagement">
                  <input id="select_{{ $index }}" type="checkbox" ng-model="item.Checked" ng-change="$ctrl.selectItem(item)"/>
                  <label for="select_{{ $index }}"></label>
                </span>
-                <a ui-sref="portainer.registries.registry({id: item.Id})">{{ item.Name }}</a>
+                <a ui-sref="portainer.registries.registry({id: item.Id})" ng-if="$ctrl.accessManagement">{{ item.Name }}</a>
+                <span ng-if="!$ctrl.accessManagement">{{ item.Name }}</span>
                <span ng-if="item.Authentication" style="margin-left: 5px;" class="label label-info image-tag">authentication-enabled</span>
              </td>
              <td>
--- a/app/portainer/views/registries/registries.html
+++ b/app/portainer/views/registries/registries.html
@ -7,7 +7,7 @@
  <rd-header-content>Registry management</rd-header-content>
 </rd-header>

-<div class="row" ng-if="dockerhub">
+<div class="row" ng-if="dockerhub && isAdmin">
  <div class="col-sm-12">
    <rd-widget>
      <rd-widget-header icon="fa-database" title-text="DockerHub">
@ -74,7 +74,7 @@
    title-text="Registries" title-icon="fa-database"
    dataset="registries" table-key="registries"
    order-by="Name"
-    access-management="applicationState.application.authentication"
+    access-management="applicationState.application.authentication && isAdmin"
    remove-action="removeAction"
    registry-management="registryManagementAvailable"
    ></registries-datatable>
--- a/app/portainer/views/registries/registriesController.js
+++ b/app/portainer/views/registries/registriesController.js
@ -1,6 +1,6 @@
 angular.module('portainer.app')
-.controller('RegistriesController', ['$q', '$scope', '$state', 'RegistryService', 'DockerHubService', 'ModalService', 'Notifications', 'ExtensionService',
-function ($q, $scope, $state, RegistryService, DockerHubService, ModalService, Notifications, ExtensionService) {
+.controller('RegistriesController', ['$q', '$scope', '$state', 'RegistryService', 'DockerHubService', 'ModalService', 'Notifications', 'ExtensionService', 'Authentication',
+function ($q, $scope, $state, RegistryService, DockerHubService, ModalService, Notifications, ExtensionService, Authentication) {

  $scope.state = {
    actionInProgress: false
@ -67,6 +67,12 @@ function ($q, $scope, $state, RegistryService, DockerHubService, ModalService, N
      $scope.registries = data.registries;
      $scope.dockerhub = data.dockerhub;
      $scope.registryManagementAvailable = data.registryManagement;
+      var authenticationEnabled = $scope.applicationState.application.authentication;
+      if (authenticationEnabled) {
+        var userDetails = Authentication.getUserDetails();
+        var isAdmin = userDetails.role === 1;
+        $scope.isAdmin = isAdmin;
+      }
    })
    .catch(function error(err) {
      $scope.registries = [];
--- a/app/portainer/views/sidebar/sidebar.html
+++ b/app/portainer/views/sidebar/sidebar.html
@ -63,7 +63,7 @@
        <a ui-sref="portainer.tags" ui-sref-active="active">Tags</a>
      </div>
    </li>
-    <li class="sidebar-list" ng-if="!applicationState.application.authentication || isAdmin">
+    <li class="sidebar-list" ng-if="applicationState.application.authentication">
      <a ui-sref="portainer.registries" ui-sref-active="active">Registries <span class="menu-icon fa fa-database fa-fw"></span></a>
    </li>
    <li class="sidebar-list" ng-if="!applicationState.application.authentication || isAdmin">