mirror of
https://github.com/portainer/portainer.git
synced 2025-07-18 21:09:40 +02:00
fix(api/endpoints): filter out waiting room environments for non admins (#810)
This commit is contained in:
LP B
GitHub
parent
0556ffb4a1
commit
b43f864511
3 changed files with 11 additions and 3 deletions
|
|
@ -95,12 +95,11 @@ func (handler *Handler) endpointList(w http.ResponseWriter, r *http.Request) *ht
|
|||
return httperror.BadRequest("Invalid query parameters", err)
|
||||
}
|
||||
|
||||
filteredEndpoints := security.FilterEndpoints(endpoints, endpointGroups, securityContext)
|
||||
|
||||
filteredEndpoints, totalAvailableEndpoints, err := handler.filterEndpointsByQuery(filteredEndpoints, query, endpointGroups, edgeGroups, settings)
|
||||
filteredEndpoints, totalAvailableEndpoints, err := handler.filterEndpointsByQuery(endpoints, query, endpointGroups, edgeGroups, settings, securityContext)
|
||||
if err != nil {
|
||||
return httperror.InternalServerError("Unable to filter endpoints", err)
|
||||
}
|
||||
filteredEndpoints = security.FilterEndpoints(filteredEndpoints, endpointGroups, securityContext)
|
||||
|
||||
sortEnvironmentsByField(filteredEndpoints, endpointGroups, getSortKey(sortField), sortOrder == "desc")
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import (
|
|||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
"github.com/portainer/portainer/api/http/handler/edgegroups"
|
||||
"github.com/portainer/portainer/api/http/security"
|
||||
"github.com/portainer/portainer/api/internal/edge"
|
||||
"github.com/portainer/portainer/api/internal/endpointutils"
|
||||
"github.com/portainer/portainer/api/slicesx"
|
||||
|
|
@ -140,6 +141,7 @@ func (handler *Handler) filterEndpointsByQuery(
|
|||
groups []portainer.EndpointGroup,
|
||||
edgeGroups []portainer.EdgeGroup,
|
||||
settings *portainer.Settings,
|
||||
context *security.RestrictedRequestContext,
|
||||
) ([]portainer.Endpoint, int, error) {
|
||||
totalAvailableEndpoints := len(filteredEndpoints)
|
||||
|
||||
|
|
@ -181,11 +183,16 @@ func (handler *Handler) filterEndpointsByQuery(
|
|||
}
|
||||
|
||||
// filter edge environments by trusted/untrusted
|
||||
// only portainer admins are allowed to see untrusted environments
|
||||
filteredEndpoints = filter(filteredEndpoints, func(endpoint portainer.Endpoint) bool {
|
||||
if !endpointutils.IsEdgeEndpoint(&endpoint) {
|
||||
return true
|
||||
}
|
||||
|
||||
if query.edgeDeviceUntrusted {
|
||||
return !endpoint.UserTrusted && context.IsAdmin
|
||||
}
|
||||
|
||||
return endpoint.UserTrusted == !query.edgeDeviceUntrusted
|
||||
})
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/datastore"
|
||||
"github.com/portainer/portainer/api/http/security"
|
||||
"github.com/portainer/portainer/api/internal/testhelpers"
|
||||
"github.com/portainer/portainer/api/slicesx"
|
||||
|
||||
|
|
@ -263,6 +264,7 @@ func runTest(t *testing.T, test filterTest, handler *Handler, endpoints []portai
|
|||
[]portainer.EndpointGroup{},
|
||||
[]portainer.EdgeGroup{},
|
||||
&portainer.Settings{},
|
||||
&security.RestrictedRequestContext{IsAdmin: true},
|
||||
)
|
||||
|
||||
is.NoError(err)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue