fix(rbac): add specific authorization for Storidge management

2025-08-02 20:35:25 +02:00 · 2019-05-27 10:41:12 +12:00 · 2019-05-27 10:41:12 +12:00 · a2d29df21b
commit a2d29df21b
parent 4349f5803c
7 changed files with 12 additions and 9 deletions
--- a/api/bolt/init.go
+++ b/api/bolt/init.go
@ -164,6 +164,7 @@ func (store *Store) Init() error {
 				portainer.OperationPortainerWebhookList:               true,
 				portainer.OperationPortainerWebhookCreate:             true,
 				portainer.OperationPortainerWebhookDelete:             true,
+				portainer.OperationIntegrationStoridgeAdmin:           true,
 				portainer.EndpointResourcesAccess:                     true,
 			},
 		}
--- a/api/http/handler/endpointproxy/handler.go
+++ b/api/http/handler/endpointproxy/handler.go
@ -26,7 +26,7 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 		bouncer.RestrictedAccess(httperror.LoggerHandler(h.proxyRequestsToAzureAPI)))
 	h.PathPrefix("/{id}/docker").Handler(
 		bouncer.RestrictedAccess(httperror.LoggerHandler(h.proxyRequestsToDockerAPI)))
-	h.PathPrefix("/{id}/extensions/storidge").Handler(
+	h.PathPrefix("/{id}/storidge").Handler(
 		bouncer.RestrictedAccess(httperror.LoggerHandler(h.proxyRequestsToStoridgeAPI)))
 	return h
 }
--- a/api/http/handler/endpointproxy/proxy_storidge.go
+++ b/api/http/handler/endpointproxy/proxy_storidge.go
@ -53,6 +53,6 @@ func (handler *Handler) proxyRequestsToStoridgeAPI(w http.ResponseWriter, r *htt
 	}

 	id := strconv.Itoa(endpointID)
-	http.StripPrefix("/"+id+"/extensions/storidge", proxy).ServeHTTP(w, r)
+	http.StripPrefix("/"+id+"/storidge", proxy).ServeHTTP(w, r)
 	return nil
 }
--- a/api/http/handler/handler.go
+++ b/api/http/handler/handler.go
@ -71,7 +71,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		switch {
 		case strings.Contains(r.URL.Path, "/docker/"):
 			http.StripPrefix("/api/endpoints", h.EndpointProxyHandler).ServeHTTP(w, r)
-		case strings.Contains(r.URL.Path, "/extensions/storidge"):
+		case strings.Contains(r.URL.Path, "/storidge/"):
 			http.StripPrefix("/api/endpoints", h.EndpointProxyHandler).ServeHTTP(w, r)
 		case strings.Contains(r.URL.Path, "/azure/"):
 			http.StripPrefix("/api/endpoints", h.EndpointProxyHandler).ServeHTTP(w, r)
--- a/api/portainer.go
+++ b/api/portainer.go
@ -1223,6 +1223,8 @@ const (
 	OperationPortainerWebhookCreate           Authorization = "PortainerWebhookCreate"
 	OperationPortainerWebhookDelete           Authorization = "PortainerWebhookDelete"

+	OperationIntegrationStoridgeAdmin Authorization = "IntegrationStoridgeAdmin"
+
 	OperationDockerUndefined      Authorization = "DockerUndefined"
 	OperationDockerAgentUndefined Authorization = "DockerAgentUndefined"
 	OperationPortainerUndefined   Authorization = "PortainerUndefined"