Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-24 15:59:41 +02:00
Code Issues Releases Activity

feat(api): prevent non administrator users to use admin restricted API endpoints (#3227)

Browse source
This commit is contained in:
Anthony Lapenna 2019-10-07 16:10:51 +13:00 committed by GitHub
parent 1fbe6a12f1
commit f7480c4ad4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 118 additions and 93 deletions
Download patch file Download diff file Expand all files Collapse all files

6
api/http/handler/endpointproxy/handler.go
View file

@ -25,10 +25,10 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
requestBouncer: bouncer,
}
h.PathPrefix("/{id}/azure").Handler(
bouncer.RestrictedAccess(httperror.LoggerHandler(h.proxyRequestsToAzureAPI)))
bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.proxyRequestsToAzureAPI)))
h.PathPrefix("/{id}/docker").Handler(
bouncer.RestrictedAccess(httperror.LoggerHandler(h.proxyRequestsToDockerAPI)))
bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.proxyRequestsToDockerAPI)))
h.PathPrefix("/{id}/storidge").Handler(
bouncer.RestrictedAccess(httperror.LoggerHandler(h.proxyRequestsToStoridgeAPI)))
bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.proxyRequestsToStoridgeAPI)))
return h
}