Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-23 15:29:42 +02:00
Code Issues Releases Activity

fix(docker): prevent non admins from passing security settings [EE-6765] (#11240)
Some checks are pending
ci / build_images (map[arch:amd64 platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:amd64 platform:windows version:1809]) (push) Waiting to run
Details
ci / build_images (map[arch:amd64 platform:windows version:ltsc2022]) (push) Waiting to run
Details
ci / build_images (map[arch:arm platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:arm64 platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:ppc64le platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:s390x platform:linux version:]) (push) Waiting to run
Details
ci / build_manifests (push) Blocked by required conditions
Details
/ triage (push) Waiting to run
Details
Lint / Run linters (push) Waiting to run
Details
Test / test-server (map[arch:arm64 platform:linux]) (push) Waiting to run
Details
Test / test-client (push) Waiting to run
Details
Test / test-server (map[arch:amd64 platform:linux]) (push) Waiting to run
Details
Test / test-server (map[arch:amd64 platform:windows version:1809]) (push) Waiting to run
Details
Test / test-server (map[arch:amd64 platform:windows version:ltsc2022]) (push) Waiting to run
Details

Browse source
This commit is contained in:
Chaim Lev-Ari 2024-02-25 11:57:22 +02:00 committed by GitHub
parent 9ec7394124
commit c622f6da4e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/react/docker/containers/CreateView/CreateView.tsx
View file

@ -49,7 +49,9 @@ function CreateForm() {
const router = useRouter();
const { trackEvent } = useAnalytics();
const isAdminQuery = useIsEdgeAdmin();
const { authorized: isEnvironmentAdmin } = useIsEnvironmentAdmin();
const { authorized: isEnvironmentAdmin } = useIsEnvironmentAdmin({
adminOnlyCE: true,
});
const [isDockerhubRateLimited, setIsDockerhubRateLimited] = useState(false);
const mutation = useCreateOrReplaceMutation();

2
app/react/docker/containers/CreateView/InnerForm.tsx
View file

@ -41,7 +41,7 @@ export function InnerForm({
const environmentId = useEnvironmentId();
const [tab, setTab] = useState('commands');
const apiVersion = useApiVersion(environmentId);
const isEnvironmentAdminQuery = useIsEnvironmentAdmin();
const isEnvironmentAdminQuery = useIsEnvironmentAdmin({ adminOnlyCE: true });
const envQuery = useCurrentEnvironment();
if (!envQuery.data) {

12
app/react/hooks/useUser.tsx
View file

@ -98,17 +98,17 @@ export function useAuthorizations(
params: { endpointId },
} = useCurrentStateAndParams();
const envQuery = useEnvironment(forceEnvironmentId || endpointId);
const isAdmin = useIsEdgeAdmin({ forceEnvironmentId });
const isAdminQuery = useIsEdgeAdmin({ forceEnvironmentId });
if (!user) {
return { authorized: false, isLoading: false };
}
if (envQuery.isLoading) {
if (envQuery.isLoading || isAdminQuery.isLoading) {
return { authorized: false, isLoading: true };
}
if (isAdmin) {
if (isAdminQuery.isAdmin) {
return { authorized: true, isLoading: false };
}
@ -138,12 +138,18 @@ export function useIsEnvironmentAdmin({
/**
* will return true if the user has the authorizations. assumes the user is authenticated and not an admin
*
* @private Please use `useAuthorizations` instead. Exported only for angular's authentication service app/portainer/services/authentication.js:154
*/
export function hasAuthorizations(
user: User,
authorizations: string | string[],
environmentId?: EnvironmentId
) {
if (!isBE) {
return true;
}
const authorizationsArray =
typeof authorizations === 'string' ? [authorizations] : authorizations;