Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-23 07:19:41 +02:00
Code Issues Releases Activity

feat(UAC): change default ownership to admininstrators (#2137)

Browse source 
* #960 feat(UAC): change ownership to admins for externally created ressources

* feat(UAC): change ownership to admins for externally created resources

Deprecated AdministratorsOnly js and go backend

* #960 feat(UAC): remove AdministratorsOnly property and minor GUI  fixes

Update swagger definition changing AdministratorsOnly to Public

* #960 feat(UAC): fix create resource with access control data

* #960 feat(UAC): authorization of non-admin users for restricted operations

On stacks, containers networks, services , tasks and volumes.

* #960 feat(UAC): database migration to version 14

 The administrator resources are deleted and Public resources are now managed by admins

* #960 feat(UAC):  small fixes from PR #2137

* #960 feat(UAC): improve the readability of the source code

* feat(UAC) fix displayed ownership for Swarm related  resources  (#960)
This commit is contained in:
Ricardo Cardona Ramirez 2018-08-19 00:57:28 -05:00 committed by Anthony Lapenna
parent 31c2a6d9e7
commit e1e263d8c8
30 changed files with 206 additions and 179 deletions
Download patch file Download diff file Expand all files Collapse all files

19
api/http/proxy/services.go
View file

@ -53,17 +53,17 @@ func serviceInspectOperation(response *http.Response, executor *operationExecuto
serviceID := responseObject[serviceIdentifier].(string)
responseObject, access := applyResourceAccessControl(responseObject, serviceID, executor.operationContext)
if !access {
return rewriteAccessDeniedResponse(response)
if access {
return rewriteResponse(response, responseObject, http.StatusOK)
}
serviceLabels := extractServiceLabelsFromServiceInspectObject(responseObject)
responseObject, access = applyResourceAccessControlFromLabel(serviceLabels, responseObject, serviceLabelForStackIdentifier, executor.operationContext)
if !access {
return rewriteAccessDeniedResponse(response)
if access {
return rewriteResponse(response, responseObject, http.StatusOK)
}
return rewriteResponse(response, responseObject, http.StatusOK)
return rewriteAccessDeniedResponse(response)
}
// extractServiceLabelsFromServiceInspectObject retrieve the Labels of the service if present.
@ -129,12 +129,13 @@ func filterServiceList(serviceData []interface{}, context *restrictedOperationCo
serviceID := serviceObject[serviceIdentifier].(string)
serviceObject, access := applyResourceAccessControl(serviceObject, serviceID, context)
if access {
if !access {
serviceLabels := extractServiceLabelsFromServiceListObject(serviceObject)
serviceObject, access = applyResourceAccessControlFromLabel(serviceLabels, serviceObject, serviceLabelForStackIdentifier, context)
if access {
filteredServiceData = append(filteredServiceData, serviceObject)
}
}
if access {
filteredServiceData = append(filteredServiceData, serviceObject)
}
}