feat(registries): Registry browser for non-admins [EE-2459] (#6549)

* feat(registries): allow non-admin users to see environment registries * remove unused function * fix error message * fix test * fix imports order * feat(registry): check access first, add parameters name * use registryID * fix(sidebar): allow standard users to see endpoint registries view Co-authored-by: LP B <xAt0mZ@users.noreply.github.com>
2025-08-04 21:35:23 +02:00 · 2022-04-07 10:22:31 -03:00 · 2022-04-07 10:22:31 -03:00 · f9f937f844
commit f9f937f844
parent 77e48bfb74
15 changed files with 226 additions and 202 deletions
--- a/app/docker/components/docker-sidebar/docker-sidebar.html
+++ b/app/docker/components/docker-sidebar/docker-sidebar.html
@ -102,27 +102,20 @@
  is-sidebar-open="$ctrl.isSidebarOpen"
  children-paths="['docker.registries', 'docker.registries.access', 'docker.featuresConfiguration']"
 >
-  <div ng-if="$ctrl.adminAccess">
-    <sidebar-menu-item
-      authorization="PortainerEndpointUpdateSettings"
-      path="docker.featuresConfiguration"
-      path-params="{ endpointId: $ctrl.endpointId }"
-      class-name="sidebar-sublist"
-      data-cy="dockerSidebar-setup"
-    >
-      Setup
-    </sidebar-menu-item>
+  <sidebar-menu-item
+    ng-if="$ctrl.adminAccess"
+    authorization="PortainerEndpointUpdateSettings"
+    path="docker.featuresConfiguration"
+    path-params="{ endpointId: $ctrl.endpointId }"
+    class-name="sidebar-sublist"
+    data-cy="dockerSidebar-setup"
+  >
+    Setup
+  </sidebar-menu-item>

-    <sidebar-menu-item
-      authorization="PortainerRegistryList"
-      path="docker.registries"
-      path-params="{ endpointId: $ctrl.endpointId }"
-      class-name="sidebar-sublist"
-      data-cy="dockerSidebar-registries"
-    >
-      Registries
-    </sidebar-menu-item>
-  </div>
+  <sidebar-menu-item path="docker.registries" path-params="{ endpointId: $ctrl.endpointId }" class-name="sidebar-sublist" data-cy="dockerSidebar-registries">
+    Registries
+  </sidebar-menu-item>
 </sidebar-menu>

 <sidebar-menu
@ -134,25 +127,18 @@
  is-sidebar-open="$ctrl.isSidebarOpen"
  children-paths="['docker.registries', 'docker.registries.access', 'docker.featuresConfiguration']"
 >
-  <div ng-if="$ctrl.adminAccess">
-    <sidebar-menu-item
-      authorization="PortainerEndpointUpdateSettings"
-      path="docker.featuresConfiguration"
-      path-params="{ endpointId: $ctrl.endpointId }"
-      class-name="sidebar-sublist"
-      data-cy="swarmSidebar-setup"
-    >
-      Setup
-    </sidebar-menu-item>
+  <sidebar-menu-item
+    ng-if="$ctrl.adminAccess"
+    authorization="PortainerEndpointUpdateSettings"
+    path="docker.featuresConfiguration"
+    path-params="{ endpointId: $ctrl.endpointId }"
+    class-name="sidebar-sublist"
+    data-cy="swarmSidebar-setup"
+  >
+    Setup
+  </sidebar-menu-item>

-    <sidebar-menu-item
-      authorization="PortainerRegistryList"
-      path="docker.registries"
-      path-params="{ endpointId: $ctrl.endpointId }"
-      class-name="sidebar-sublist"
-      data-cy="swarmSidebar-registries"
-    >
-      Registries
-    </sidebar-menu-item>
-  </div>
+  <sidebar-menu-item path="docker.registries" path-params="{ endpointId: $ctrl.endpointId }" class-name="sidebar-sublist" data-cy="swarmSidebar-registries">
+    Registries
+  </sidebar-menu-item>
 </sidebar-menu>
--- a/app/docker/views/registries/access/registryAccessController.js
+++ b/app/docker/views/registries/access/registryAccessController.js
@ -2,12 +2,13 @@ import { TeamAccessViewModel, UserAccessViewModel } from 'Portainer/models/acces

 class DockerRegistryAccessController {
  /* @ngInject */
-  constructor($async, $state, Notifications, EndpointService, GroupService) {
+  constructor($async, $state, Notifications, EndpointService, GroupService, RegistryService) {
    this.$async = $async;
    this.$state = $state;
    this.Notifications = Notifications;
    this.EndpointService = EndpointService;
    this.GroupService = GroupService;
+    this.RegistryService = RegistryService;

    this.updateAccess = this.updateAccess.bind(this);
    this.filterUsers = this.filterUsers.bind(this);
@ -35,10 +36,10 @@ class DockerRegistryAccessController {
    const endpointGroupTeams = this.endpointGroup.TeamAccessPolicies;

    return users.filter((userOrTeam) => {
-      const userRole = userOrTeam instanceof UserAccessViewModel && (endpointUsers[userOrTeam.Id] || endpointGroupUsers[userOrTeam.Id]);
-      const teamRole = userOrTeam instanceof TeamAccessViewModel && (endpointTeams[userOrTeam.Id] || endpointGroupTeams[userOrTeam.Id]);
+      const userAccess = userOrTeam instanceof UserAccessViewModel && (endpointUsers[userOrTeam.Id] || endpointGroupUsers[userOrTeam.Id]);
+      const teamAccess = userOrTeam instanceof TeamAccessViewModel && (endpointTeams[userOrTeam.Id] || endpointGroupTeams[userOrTeam.Id]);

-      return userRole || teamRole;
+      return userAccess || teamAccess;
    });
  }

@ -51,7 +52,7 @@ class DockerRegistryAccessController {
          endpointId: this.$state.params.endpointId,
          registryId: this.$state.params.id,
        };
-        this.registry = await this.EndpointService.registry(this.state.endpointId, this.state.registryId);
+        this.registry = await this.RegistryService.registry(this.state.registryId, this.state.endpointId);
        this.registryEndpointAccesses = this.registry.RegistryAccesses[this.state.endpointId] || {};
        this.endpointGroup = await this.GroupService.group(this.endpoint.GroupId);
      } catch (err) {