feat(stacks): support compose v2.0 stack (#1963)

api/http/handler/teams/handler.go

@@ -0,0 +1,39 @@
+package teams
+
+import (
+	"net/http"
+
+	"github.com/gorilla/mux"
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/security"
+)
+
+// Handler is the HTTP handler used to handle team operations.
+type Handler struct {
+	*mux.Router
+	TeamService            portainer.TeamService
+	TeamMembershipService  portainer.TeamMembershipService
+	ResourceControlService portainer.ResourceControlService
+}
+
+// NewHandler creates a handler to manage team operations.
+func NewHandler(bouncer *security.RequestBouncer) *Handler {
+	h := &Handler{
+		Router: mux.NewRouter(),
+	}
+	h.Handle("/teams",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.teamCreate))).Methods(http.MethodPost)
+	h.Handle("/teams",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.teamList))).Methods(http.MethodGet)
+	h.Handle("/teams/{id}",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.teamInspect))).Methods(http.MethodGet)
+	h.Handle("/teams/{id}",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.teamUpdate))).Methods(http.MethodPut)
+	h.Handle("/teams/{id}",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.teamDelete))).Methods(http.MethodDelete)
+	h.Handle("/teams/{id}/memberships",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.teamMemberships))).Methods(http.MethodGet)
+
+	return h
+}

api/http/handler/teams/team_create.go

@@ -0,0 +1,49 @@
+package teams
+
+import (
+	"net/http"
+
+	"github.com/asaskevich/govalidator"
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+)
+
+type teamCreatePayload struct {
+	Name string
+}
+
+func (payload *teamCreatePayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.Name) {
+		return portainer.Error("Invalid team name")
+	}
+	return nil
+}
+
+func (handler *Handler) teamCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var payload teamCreatePayload
+	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
+	}
+
+	team, err := handler.TeamService.TeamByName(payload.Name)
+	if err != nil && err != portainer.ErrTeamNotFound {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve teams from the database", err}
+	}
+	if team != nil {
+		return &httperror.HandlerError{http.StatusConflict, "A team with the same name already exists", portainer.ErrTeamAlreadyExists}
+	}
+
+	team = &portainer.Team{
+		Name: payload.Name,
+	}
+
+	err = handler.TeamService.CreateTeam(team)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the team inside the database", err}
+	}
+
+	return response.JSON(w, team)
+}

api/http/handler/teams/team_delete.go

@@ -0,0 +1,37 @@
+package teams
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+)
+
+// DELETE request on /api/teams/:id
+func (handler *Handler) teamDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	teamID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid team identifier route variable", err}
+	}
+
+	_, err = handler.TeamService.Team(portainer.TeamID(teamID))
+	if err == portainer.ErrTeamNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a team with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a team with the specified identifier inside the database", err}
+	}
+
+	err = handler.TeamService.DeleteTeam(portainer.TeamID(teamID))
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to delete the team from the database", err}
+	}
+
+	err = handler.TeamMembershipService.DeleteTeamMembershipByTeamID(portainer.TeamID(teamID))
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to delete associated team memberships from the database", err}
+	}
+
+	return response.Empty(w)
+}

api/http/handler/teams/team_inspect.go

@@ -0,0 +1,37 @@
+package teams
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+	"github.com/portainer/portainer/http/security"
+)
+
+// GET request on /api/teams/:id
+func (handler *Handler) teamInspect(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	teamID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid team identifier route variable", err}
+	}
+
+	securityContext, err := security.RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
+	}
+
+	if !security.AuthorizedTeamManagement(portainer.TeamID(teamID), securityContext) {
+		return &httperror.HandlerError{http.StatusForbidden, "Access denied to team", portainer.ErrResourceAccessDenied}
+	}
+
+	team, err := handler.TeamService.Team(portainer.TeamID(teamID))
+	if err == portainer.ErrTeamNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a team with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a team with the specified identifier inside the database", err}
+	}
+
+	return response.JSON(w, team)
+}

api/http/handler/teams/team_list.go

@@ -0,0 +1,26 @@
+package teams
+
+import (
+	"net/http"
+
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/response"
+	"github.com/portainer/portainer/http/security"
+)
+
+// GET request on /api/teams
+func (handler *Handler) teamList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	teams, err := handler.TeamService.Teams()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve teams from the database", err}
+	}
+
+	securityContext, err := security.RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
+	}
+
+	filteredTeams := security.FilterUserTeams(teams, securityContext)
+
+	return response.JSON(w, filteredTeams)
+}

api/http/handler/teams/team_memberships.go

@@ -0,0 +1,35 @@
+package teams
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+	"github.com/portainer/portainer/http/security"
+)
+
+// GET request on /api/teams/:id/memberships
+func (handler *Handler) teamMemberships(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	teamID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid team identifier route variable", err}
+	}
+
+	securityContext, err := security.RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
+	}
+
+	if !security.AuthorizedTeamManagement(portainer.TeamID(teamID), securityContext) {
+		return &httperror.HandlerError{http.StatusForbidden, "Access denied to team", portainer.ErrResourceAccessDenied}
+	}
+
+	memberships, err := handler.TeamMembershipService.TeamMembershipsByTeamID(portainer.TeamID(teamID))
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve associated team memberships from the database", err}
+	}
+
+	return response.JSON(w, memberships)
+}

api/http/handler/teams/team_update.go

@@ -0,0 +1,50 @@
+package teams
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+)
+
+type teamUpdatePayload struct {
+	Name string
+}
+
+func (payload *teamUpdatePayload) Validate(r *http.Request) error {
+	return nil
+}
+
+// PUT request on /api/teams/:id
+func (handler *Handler) teamUpdate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	teamID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid team identifier route variable", err}
+	}
+
+	var payload teamUpdatePayload
+	err = request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
+	}
+
+	team, err := handler.TeamService.Team(portainer.TeamID(teamID))
+	if err == portainer.ErrTeamNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a team with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a team with the specified identifier inside the database", err}
+	}
+
+	if payload.Name != "" {
+		team.Name = payload.Name
+	}
+
+	err = handler.TeamService.UpdateTeam(team.ID, team)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to persist team changes inside the database", err}
+	}
+
+	return response.JSON(w, team)
+}