feat(extensions): introduce RBAC extension (#2900)

2025-08-02 20:35:25 +02:00 · 2019-05-24 18:04:58 +12:00 · 2019-05-24 18:04:58 +12:00 · 8057aa45c4
commit 8057aa45c4
parent 27a0188949
196 changed files with 3321 additions and 1316 deletions
--- a/api/http/proxy/secrets.go
+++ b/api/http/proxy/secrets.go
@ -24,7 +24,7 @@ func secretListOperation(response *http.Response, executor *operationExecutor) e
 		return err
 	}

-	if executor.operationContext.isAdmin {
+	if executor.operationContext.isAdmin || executor.operationContext.endpointResourceAccess {
 		responseArray, err = decorateSecretList(responseArray, executor.operationContext.resourceControls)
 	} else {
 		responseArray, err = filterSecretList(responseArray, executor.operationContext)
@ -87,7 +87,7 @@ func decorateSecretList(secretData []interface{}, resourceControls []portainer.R
 // Authorized secrets are decorated during the process.
 // Resource controls checks are based on: resource identifier.
 // Secret object schema reference: https://docs.docker.com/engine/api/v1.28/#operation/SecretList
-func filterSecretList(secretData []interface{}, context *restrictedOperationContext) ([]interface{}, error) {
+func filterSecretList(secretData []interface{}, context *restrictedDockerOperationContext) ([]interface{}, error) {
 	filteredSecretData := make([]interface{}, 0)

 	for _, secret := range secretData {