feat(settings): add a setting to disable bind mounts for non-admins (#1237)

* feat(settings): add a setting to disable bind mounts for non-admins * refactor(gruntfile): remove temporary setting
2025-07-24 07:49:41 +02:00 · 2017-09-26 05:36:51 +02:00 · 2017-09-26 05:36:51 +02:00 · ca9d9b9a77
commit ca9d9b9a77
parent 6cfffb38f9
14 changed files with 105 additions and 35 deletions
--- a/api/http/handler/settings.go
+++ b/api/http/handler/settings.go
@ -45,18 +45,20 @@ func NewSettingsHandler(bouncer *security.RequestBouncer) *SettingsHandler {

 type (
 	publicSettingsResponse struct {
-		LogoURL                     string                         `json:"LogoURL"`
-		DisplayExternalContributors bool                           `json:"DisplayExternalContributors"`
-		AuthenticationMethod        portainer.AuthenticationMethod `json:"AuthenticationMethod"`
+		LogoURL                        string                         `json:"LogoURL"`
+		DisplayExternalContributors    bool                           `json:"DisplayExternalContributors"`
+		AuthenticationMethod           portainer.AuthenticationMethod `json:"AuthenticationMethod"`
+		AllowBindMountsForRegularUsers bool                           `json:"AllowBindMountsForRegularUsers"`
 	}

 	putSettingsRequest struct {
-		TemplatesURL                string                 `valid:"required"`
-		LogoURL                     string                 `valid:""`
-		BlackListedLabels           []portainer.Pair       `valid:""`
-		DisplayExternalContributors bool                   `valid:""`
-		AuthenticationMethod        int                    `valid:"required"`
-		LDAPSettings                portainer.LDAPSettings `valid:""`
+		TemplatesURL                   string                 `valid:"required"`
+		LogoURL                        string                 `valid:""`
+		BlackListedLabels              []portainer.Pair       `valid:""`
+		DisplayExternalContributors    bool                   `valid:""`
+		AuthenticationMethod           int                    `valid:"required"`
+		LDAPSettings                   portainer.LDAPSettings `valid:""`
+		AllowBindMountsForRegularUsers bool                   `valid:""`
 	}

 	putSettingsLDAPCheckRequest struct {
@ -85,9 +87,10 @@ func (handler *SettingsHandler) handleGetPublicSettings(w http.ResponseWriter, r
 	}

 	publicSettings := &publicSettingsResponse{
-		LogoURL:                     settings.LogoURL,
-		DisplayExternalContributors: settings.DisplayExternalContributors,
-		AuthenticationMethod:        settings.AuthenticationMethod,
+		LogoURL:                        settings.LogoURL,
+		DisplayExternalContributors:    settings.DisplayExternalContributors,
+		AuthenticationMethod:           settings.AuthenticationMethod,
+		AllowBindMountsForRegularUsers: settings.AllowBindMountsForRegularUsers,
 	}

 	encodeJSON(w, publicSettings, handler.Logger)
@ -109,11 +112,12 @@ func (handler *SettingsHandler) handlePutSettings(w http.ResponseWriter, r *http
 	}

 	settings := &portainer.Settings{
-		TemplatesURL:                req.TemplatesURL,
-		LogoURL:                     req.LogoURL,
-		BlackListedLabels:           req.BlackListedLabels,
-		DisplayExternalContributors: req.DisplayExternalContributors,
-		LDAPSettings:                req.LDAPSettings,
+		TemplatesURL:                   req.TemplatesURL,
+		LogoURL:                        req.LogoURL,
+		BlackListedLabels:              req.BlackListedLabels,
+		DisplayExternalContributors:    req.DisplayExternalContributors,
+		LDAPSettings:                   req.LDAPSettings,
+		AllowBindMountsForRegularUsers: req.AllowBindMountsForRegularUsers,
 	}

 	if req.AuthenticationMethod == 1 {