refactor(portainer): introduce internal package (#3924)

* refactor(auth): move auth helpers to internal package * refactor(edge-compute): move edge helpers to internal package * refactor(tags): move tags helper to internal package * style(portainer): sort imports
2025-07-25 08:19:40 +02:00 · 2020-06-16 10:58:16 +03:00 · 2020-06-16 10:58:16 +03:00 · 7c3b83f6e5
commit 7c3b83f6e5
parent 5d7ba0baba
46 changed files with 1019 additions and 959 deletions
--- a/api/http/handler/stacks/handler.go
+++ b/api/http/handler/stacks/handler.go
@ -8,6 +8,7 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 // Handler is the HTTP handler used to handle stack operations.
@ -58,7 +59,7 @@ func (handler *Handler) userCanAccessStack(securityContext *security.RestrictedR
 		userTeamIDs = append(userTeamIDs, membership.TeamID)
 	}

-	if resourceControl != nil && portainer.UserCanAccessResource(securityContext.UserID, userTeamIDs, resourceControl) {
+	if resourceControl != nil && authorization.UserCanAccessResource(securityContext.UserID, userTeamIDs, resourceControl) {
 		return true, nil
 	}

--- a/api/http/handler/stacks/stack_create.go
+++ b/api/http/handler/stacks/stack_create.go
@ -12,6 +12,7 @@ import (
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 func (handler *Handler) cleanUp(stack *portainer.Stack, doCleanUp *bool) error {
@ -133,7 +134,7 @@ func (handler *Handler) isValidStackFile(stackFileContent []byte) (bool, error)
 }

 func (handler *Handler) decorateStackResponse(w http.ResponseWriter, stack *portainer.Stack, userID portainer.UserID) *httperror.HandlerError {
-	resourceControl := portainer.NewPrivateResourceControl(stack.Name, portainer.StackResourceControl, userID)
+	resourceControl := authorization.NewPrivateResourceControl(stack.Name, portainer.StackResourceControl, userID)

 	err := handler.DataStore.ResourceControl().CreateResourceControl(resourceControl)
 	if err != nil {
--- a/api/http/handler/stacks/stack_list.go
+++ b/api/http/handler/stacks/stack_list.go
@ -8,6 +8,7 @@ import (
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 type stackListOperationFilters struct {
@ -39,7 +40,7 @@ func (handler *Handler) stackList(w http.ResponseWriter, r *http.Request) *httpe
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
 	}

-	stacks = portainer.DecorateStacks(stacks, resourceControls)
+	stacks = authorization.DecorateStacks(stacks, resourceControls)

 	if !securityContext.IsAdmin {
 		rbacExtensionEnabled := true
@ -60,7 +61,7 @@ func (handler *Handler) stackList(w http.ResponseWriter, r *http.Request) *httpe
 			userTeamIDs = append(userTeamIDs, membership.TeamID)
 		}

-		stacks = portainer.FilterAuthorizedStacks(stacks, user, userTeamIDs, rbacExtensionEnabled)
+		stacks = authorization.FilterAuthorizedStacks(stacks, user, userTeamIDs, rbacExtensionEnabled)
 	}

 	return response.JSON(w, stacks)