feat(api): relocate authorizations outside of JWT (#3079)

* feat(api): relocate authorizations outside of JWT * fix(api): update user authorization after enabling the RBAC extension * feat(api): add PortainerEndpointList operation in the default portainer authorizations * feat(auth): retrieve authorization from API instead of JWT * refactor(auth): move permissions retrieval to function * refactor(api): document authorizations methods
2025-07-24 07:49:41 +02:00 · 2019-09-10 10:58:26 +12:00 · 2019-09-10 10:58:26 +12:00 · 7d76bc89e7
commit 7d76bc89e7
parent 7ebb3e62dd
29 changed files with 472 additions and 303 deletions
--- a/api/portainer.go
+++ b/api/portainer.go
@ -118,11 +118,12 @@ type (

 	// User represents a user account
 	User struct {
-		ID                      UserID         `json:"Id"`
-		Username                string         `json:"Username"`
-		Password                string         `json:"Password,omitempty"`
-		Role                    UserRole       `json:"Role"`
-		PortainerAuthorizations Authorizations `json:"PortainerAuthorizations"`
+		ID                      UserID                 `json:"Id"`
+		Username                string                 `json:"Username"`
+		Password                string                 `json:"Password,omitempty"`
+		Role                    UserRole               `json:"Role"`
+		PortainerAuthorizations Authorizations         `json:"PortainerAuthorizations"`
+		EndpointAuthorizations  EndpointAuthorizations `json:"EndpointAuthorizations"`
 	}

 	// UserID represents a user identifier
@ -160,11 +161,9 @@ type (

 	// TokenData represents the data embedded in a JWT token
 	TokenData struct {
-		ID                      UserID
-		Username                string
-		Role                    UserRole
-		EndpointAuthorizations  EndpointAuthorizations
-		PortainerAuthorizations Authorizations
+		ID       UserID
+		Username string
+		Role     UserRole
 	}

 	// StackID represents a stack identifier (it must be composed of Name + "_" + SwarmID to create a unique identifier)
@ -904,7 +903,7 @@ const (
 	// APIVersion is the version number of the Portainer API
 	APIVersion = "1.22.0"
 	// DBVersion is the version number of the Portainer database
-	DBVersion = 19
+	DBVersion = 20
 	// AssetsServerURL represents the URL of the Portainer asset server
 	AssetsServerURL = "https://portainer-io-assets.sfo2.digitaloceanspaces.com"
 	// MessageOfTheDayURL represents the URL where Portainer MOTD message can be retrieved