Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-19 13:29:41 +02:00
Code Issues Releases Activity
portainer/api/internal/registryutils/access/access.go
cong meng 98972dec0d
feat(webhook) EE-2125 send registry auth haeder when update swarms service via webhook (#6220) 
* feat(webhook) EE-2125 add some helpers to registry utils

* feat(webhook) EE-2125 persist registryID when creating a webhook

* feat(webhook) EE-2125 send registry auth header when executing a webhook

* feat(webhook) EE-2125 send registryID to backend when creating a service with webhook

* feat(webhook) EE-2125 use the initial registry ID to create webhook on editing service screen

* feat(webhook) EE-2125 update webhook when update registry

* feat(webhook) EE-2125 add endpoint of update webhook

* feat(webhook) EE-2125 code cleanup

* feat(webhook) EE-2125 fix a typo

* feat(webhook) EE-2125 fix circle import issue with unit test

Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-12-07 09:11:44 +13:00

58 lines
1.2 KiB
Go
Raw Blame History

package access
import (
"fmt"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/http/security"
)
func hasPermission(
dataStore portainer.DataStore,
userID portainer.UserID,
endpointID portainer.EndpointID,
registry *portainer.Registry,
) (hasPermission bool, err error) {
user, err := dataStore.User().User(userID)
if err != nil {
return
}
if user.Role == portainer.AdministratorRole {
return true, err
}
teamMemberships, err := dataStore.TeamMembership().TeamMembershipsByUserID(userID)
if err != nil {
return
}
hasPermission = security.AuthorizedRegistryAccess(registry, user, teamMemberships, endpointID)
return
}
// GetAccessibleRegistry get the registry if the user has permission
func GetAccessibleRegistry(
dataStore portainer.DataStore,
userID portainer.UserID,
endpointID portainer.EndpointID,
registryID portainer.RegistryID,
) (registry *portainer.Registry, err error) {
registry, err = dataStore.Registry().Registry(registryID)
if err != nil {
return
}
hasPermission, err := hasPermission(dataStore, userID, endpointID, registry)
if err != nil {
return
}
if !hasPermission {
err = fmt.Errorf("user does not has permission to get the registry")
return nil, err
}
return
}
View git blame Copy permalink