feat(settings): add new settings to disable volume browser (#3239)

* feat(settings): add new settings to disable volume browser * feat(api): update setting to be compliant with RBAC * refactor(api): update method comment * fix(api): remove volume browsing authorizations by default * feat(settings): rewrite volume management setting description * feat(settings): rewrite volume management setting tooltip * Update app/portainer/views/settings/settings.html Co-Authored-By: William <william.conquest@portainer.io>
2025-08-09 07:45:22 +02:00 · 2019-10-08 13:17:58 +13:00 · 2019-10-08 13:17:58 +13:00 · 9aa52a6975
commit 9aa52a6975
parent ef4c138e03
24 changed files with 239 additions and 48 deletions
--- a/app/docker/components/datatables/volumes-datatable/volumesDatatable.html
+++ b/app/docker/components/datatables/volumes-datatable/volumesDatatable.html
@ -149,9 +149,11 @@
                </span>
                <a ng-if="!$ctrl.offlineMode" ui-sref="docker.volumes.volume({ id: item.Id, nodeName: item.NodeName })" class="monospaced" title="{{ item.Id }}">{{ item.Id | truncate:40 }}</a>
                <span ng-if="$ctrl.offlineMode">{{ item.Id | truncate:40 }}</span>
-                <a authorization="DockerAgentBrowseList" ui-sref="docker.volumes.volume.browse({ id: item.Id, nodeName: item.NodeName })" class="btn btn-xs btn-primary space-left" ng-if="$ctrl.showBrowseAction && !$ctrl.offlineMode">
-                  <i class="fa fa-search"></i> browse</a>
-                </a>
+                <btn authorization="DockerAgentBrowseList" ng-if="$ctrl.showBrowseAction && !$ctrl.offlineMode">
+                  <a ui-sref="docker.volumes.volume.browse({ id: item.Id, nodeName: item.NodeName })" class="btn btn-xs btn-primary space-left">
+                    <i class="fa fa-search"></i> browse
+                  </a>
+                </btn>
                <span style="margin-left: 10px;" class="label label-warning image-tag space-left" ng-if="item.dangling">Unused</span>
              </td>
              <td>{{ item.StackName ? item.StackName : '-' }}</td>
--- a/app/docker/views/volumes/volumes.html
+++ b/app/docker/views/volumes/volumes.html
@ -16,7 +16,7 @@
      remove-action="removeAction"
      show-ownership-column="applicationState.application.authentication"
      show-host-column="applicationState.endpoint.mode.agentProxy && applicationState.endpoint.mode.provider === 'DOCKER_SWARM_MODE'"
-      show-browse-action="applicationState.endpoint.mode.agentProxy"
+      show-browse-action="showBrowseAction"
      offline-mode="offlineMode"
      refresh-callback="getVolumes"
    ></volumes-datatable>
--- a/app/docker/views/volumes/volumesController.js
+++ b/app/docker/views/volumes/volumesController.js
@ -1,6 +1,6 @@
 angular.module('portainer.docker')
-.controller('VolumesController', ['$q', '$scope', '$state', 'VolumeService', 'ServiceService', 'VolumeHelper', 'Notifications', 'HttpRequestHelper', 'EndpointProvider',
-function ($q, $scope, $state, VolumeService, ServiceService, VolumeHelper, Notifications, HttpRequestHelper, EndpointProvider) {
+.controller('VolumesController', ['$q', '$scope', '$state', 'VolumeService', 'ServiceService', 'VolumeHelper', 'Notifications', 'HttpRequestHelper', 'EndpointProvider', 'Authentication', 'ExtensionService',
+function ($q, $scope, $state, VolumeService, ServiceService, VolumeHelper, Notifications, HttpRequestHelper, EndpointProvider, Authentication, ExtensionService) {

  $scope.removeAction = function (selectedItems) {
    var actionCount = selectedItems.length;
@ -56,6 +56,18 @@ function ($q, $scope, $state, VolumeService, ServiceService, VolumeHelper, Notif

  function initView() {
    getVolumes();
+
+    $scope.showBrowseAction = $scope.applicationState.endpoint.mode.agentProxy;
+
+    ExtensionService.extensionEnabled(ExtensionService.EXTENSIONS.RBAC)
+    .then(function success(extensionEnabled) {
+      if (!extensionEnabled) {
+        var isAdmin = Authentication.isAdmin();
+        if (!$scope.applicationState.application.enableVolumeBrowserForNonAdminUsers && !isAdmin) {
+          $scope.showBrowseAction = false;
+        }
+      }
+    });
  }

  initView();
--- a/app/portainer/models/settings.js
+++ b/app/portainer/models/settings.js
@ -6,6 +6,7 @@ export function SettingsViewModel(data) {
  this.OAuthSettings = new OAuthSettingsViewModel(data.OAuthSettings);
  this.AllowBindMountsForRegularUsers = data.AllowBindMountsForRegularUsers;
  this.AllowPrivilegedModeForRegularUsers = data.AllowPrivilegedModeForRegularUsers;
+  this.AllowVolumeBrowserForRegularUsers = data.AllowVolumeBrowserForRegularUsers;
  this.SnapshotInterval = data.SnapshotInterval;
  this.TemplatesURL = data.TemplatesURL;
  this.ExternalTemplates = data.ExternalTemplates;
@ -16,6 +17,7 @@ export function SettingsViewModel(data) {
 export function PublicSettingsViewModel(settings) {
  this.AllowBindMountsForRegularUsers = settings.AllowBindMountsForRegularUsers;
  this.AllowPrivilegedModeForRegularUsers = settings.AllowPrivilegedModeForRegularUsers;
+  this.AllowVolumeBrowserForRegularUsers = settings.AllowVolumeBrowserForRegularUsers;
  this.AuthenticationMethod = settings.AuthenticationMethod;
  this.EnableHostManagementFeatures = settings.EnableHostManagementFeatures;
  this.ExternalTemplates = settings.ExternalTemplates;
--- a/app/portainer/services/stateManager.js
+++ b/app/portainer/services/stateManager.js
@ -58,6 +58,11 @@ function StateManagerFactory($q, SystemService, InfoHelper, LocalStorage, Settin
    LocalStorage.storeApplicationState(state.application);
  };

+  manager.updateEnableVolumeBrowserForNonAdminUsers = function(enableVolumeBrowserForNonAdminUsers) {
+    state.application.enableVolumeBrowserForNonAdminUsers = enableVolumeBrowserForNonAdminUsers;
+    LocalStorage.storeApplicationState(state.application);
+  };
+
 function assignStateFromStatusAndSettings(status, settings) {
   state.application.authentication = status.Authentication;
   state.application.analytics = status.Analytics;
@ -67,6 +72,7 @@ function StateManagerFactory($q, SystemService, InfoHelper, LocalStorage, Settin
   state.application.logo = settings.LogoURL;
   state.application.snapshotInterval = settings.SnapshotInterval;
   state.application.enableHostManagementFeatures = settings.EnableHostManagementFeatures;
+   state.application.enableVolumeBrowserForNonAdminUsers = settings.AllowVolumeBrowserForRegularUsers;
   state.application.validity = moment().unix();
 }

--- a/app/portainer/views/settings/settings.html
+++ b/app/portainer/views/settings/settings.html
@ -101,6 +101,17 @@
              </label>
            </div>
          </div>
+          <div class="form-group">
+            <div class="col-sm-12">
+              <label for="toggle_allowvolumebrowser" class="control-label text-left">
+                Enable volume management for non-administrators
+                <portainer-tooltip position="bottom" message="When enabled, non-admin users & users with helpdesk, standard and read-only roles from the RBAC extension will be able to use Portainer volume management features."></portainer-tooltip>
+              </label>
+              <label class="switch" style="margin-left: 20px;">
+                <input type="checkbox" name="toggle_allowvolumebrowser" ng-model="formValues.enableVolumeBrowser"><i></i>
+              </label>
+            </div>
+          </div>
          <div class="form-group">
            <div class="col-sm-12">
              <label for="toggle_enableHostManagementFeatures" class="control-label text-left">
--- a/app/portainer/views/settings/settingsController.js
+++ b/app/portainer/views/settings/settingsController.js
@ -27,7 +27,8 @@ function ($scope, $state, Notifications, SettingsService, StateManager) {
    restrictPrivilegedMode: false,
    labelName: '',
    labelValue: '',
-    enableHostManagementFeatures: false
+    enableHostManagementFeatures: false,
+    enableVolumeBrowser: false,
  };

  $scope.removeFilteredContainerLabel = function(index) {
@ -61,6 +62,7 @@ function ($scope, $state, Notifications, SettingsService, StateManager) {

    settings.AllowBindMountsForRegularUsers = !$scope.formValues.restrictBindMounts;
    settings.AllowPrivilegedModeForRegularUsers = !$scope.formValues.restrictPrivilegedMode;
+    settings.AllowVolumeBrowserForRegularUsers = $scope.formValues.enableVolumeBrowser;
    settings.EnableHostManagementFeatures = $scope.formValues.enableHostManagementFeatures;

    $scope.state.actionInProgress = true;
@ -74,6 +76,7 @@ function ($scope, $state, Notifications, SettingsService, StateManager) {
      StateManager.updateLogo(settings.LogoURL);
      StateManager.updateSnapshotInterval(settings.SnapshotInterval);
      StateManager.updateEnableHostManagementFeatures(settings.EnableHostManagementFeatures);
+      StateManager.updateEnableVolumeBrowserForNonAdminUsers(settings.AllowVolumeBrowserForRegularUsers);
      $state.reload();
    })
    .catch(function error(err) {
@ -97,6 +100,7 @@ function ($scope, $state, Notifications, SettingsService, StateManager) {
      }
      $scope.formValues.restrictBindMounts = !settings.AllowBindMountsForRegularUsers;
      $scope.formValues.restrictPrivilegedMode = !settings.AllowPrivilegedModeForRegularUsers;
+      $scope.formValues.enableVolumeBrowser = settings.AllowVolumeBrowserForRegularUsers;
      $scope.formValues.enableHostManagementFeatures = settings.EnableHostManagementFeatures;
    })
    .catch(function error(err) {