feat(settings): add new settings to disable volume browser (#3239)

* feat(settings): add new settings to disable volume browser * feat(api): update setting to be compliant with RBAC * refactor(api): update method comment * fix(api): remove volume browsing authorizations by default * feat(settings): rewrite volume management setting description * feat(settings): rewrite volume management setting tooltip * Update app/portainer/views/settings/settings.html Co-Authored-By: William <william.conquest@portainer.io>
2025-07-25 08:19:40 +02:00 · 2019-10-08 13:17:58 +13:00 · 2019-10-08 13:17:58 +13:00 · 9aa52a6975
commit 9aa52a6975
parent ef4c138e03
24 changed files with 239 additions and 48 deletions
--- a/api/http/handler/settings/handler.go
+++ b/api/http/handler/settings/handler.go
@ -17,11 +17,14 @@ func hideFields(settings *portainer.Settings) {
 // Handler is the HTTP handler used to handle settings operations.
 type Handler struct {
 	*mux.Router
-	SettingsService portainer.SettingsService
-	LDAPService     portainer.LDAPService
-	FileService     portainer.FileService
-	JobScheduler    portainer.JobScheduler
-	ScheduleService portainer.ScheduleService
+	SettingsService      portainer.SettingsService
+	LDAPService          portainer.LDAPService
+	FileService          portainer.FileService
+	JobScheduler         portainer.JobScheduler
+	ScheduleService      portainer.ScheduleService
+	RoleService          portainer.RoleService
+	ExtensionService     portainer.ExtensionService
+	AuthorizationService *portainer.AuthorizationService
 }

 // NewHandler creates a handler to manage settings operations.
--- a/api/http/handler/settings/settings_public.go
+++ b/api/http/handler/settings/settings_public.go
@ -14,6 +14,7 @@ type publicSettingsResponse struct {
 	AuthenticationMethod               portainer.AuthenticationMethod `json:"AuthenticationMethod"`
 	AllowBindMountsForRegularUsers     bool                           `json:"AllowBindMountsForRegularUsers"`
 	AllowPrivilegedModeForRegularUsers bool                           `json:"AllowPrivilegedModeForRegularUsers"`
+	AllowVolumeBrowserForRegularUsers  bool                           `json:"AllowVolumeBrowserForRegularUsers"`
 	EnableHostManagementFeatures       bool                           `json:"EnableHostManagementFeatures"`
 	ExternalTemplates                  bool                           `json:"ExternalTemplates"`
 	OAuthLoginURI                      string                         `json:"OAuthLoginURI"`
@ -31,6 +32,7 @@ func (handler *Handler) settingsPublic(w http.ResponseWriter, r *http.Request) *
 		AuthenticationMethod:               settings.AuthenticationMethod,
 		AllowBindMountsForRegularUsers:     settings.AllowBindMountsForRegularUsers,
 		AllowPrivilegedModeForRegularUsers: settings.AllowPrivilegedModeForRegularUsers,
+		AllowVolumeBrowserForRegularUsers:  settings.AllowVolumeBrowserForRegularUsers,
 		EnableHostManagementFeatures:       settings.EnableHostManagementFeatures,
 		ExternalTemplates:                  false,
 		OAuthLoginURI: fmt.Sprintf("%s?response_type=code&client_id=%s&redirect_uri=%s&scope=%s&prompt=login",
--- a/api/http/handler/settings/settings_update.go
+++ b/api/http/handler/settings/settings_update.go
@ -19,6 +19,7 @@ type settingsUpdatePayload struct {
 	OAuthSettings                      *portainer.OAuthSettings
 	AllowBindMountsForRegularUsers     *bool
 	AllowPrivilegedModeForRegularUsers *bool
+	AllowVolumeBrowserForRegularUsers  *bool
 	EnableHostManagementFeatures       *bool
 	SnapshotInterval                   *string
 	TemplatesURL                       *string
@ -93,6 +94,12 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		settings.AllowPrivilegedModeForRegularUsers = *payload.AllowPrivilegedModeForRegularUsers
 	}

+	updateAuthorizations := false
+	if payload.AllowVolumeBrowserForRegularUsers != nil {
+		settings.AllowVolumeBrowserForRegularUsers = *payload.AllowVolumeBrowserForRegularUsers
+		updateAuthorizations = true
+	}
+
 	if payload.EnableHostManagementFeatures != nil {
 		settings.EnableHostManagementFeatures = *payload.EnableHostManagementFeatures
 	}
@ -118,9 +125,37 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist settings changes inside the database", err}
 	}

+	if updateAuthorizations {
+		err := handler.updateVolumeBrowserSetting(settings)
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update RBAC authorizations", err}
+		}
+	}
+
 	return response.JSON(w, settings)
 }

+func (handler *Handler) updateVolumeBrowserSetting(settings *portainer.Settings) error {
+	err := handler.AuthorizationService.UpdateVolumeBrowsingAuthorizations(settings.AllowVolumeBrowserForRegularUsers)
+	if err != nil {
+		return err
+	}
+
+	extension, err := handler.ExtensionService.Extension(portainer.RBACExtension)
+	if err != nil && err != portainer.ErrObjectNotFound {
+		return err
+	}
+
+	if extension != nil {
+		err = handler.AuthorizationService.UpdateUsersAuthorizations()
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (handler *Handler) updateSnapshotInterval(settings *portainer.Settings, snapshotInterval string) error {
 	settings.SnapshotInterval = snapshotInterval