blackroad-os/backroad
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(containers): disable edit container on security setting restricting regular users (#4033)

Browse Source 
* feat(settings): add info about container edit disable

* feat(settings): set security settings

* feat(containers): hide recreate button when setting is enabled

* feat(settings): rephrase security notice

* fix(settings): save allowHostNamespaceForRegularUsers to state
This commit is contained in:
Chaim Lev-Ari
2020-07-13 13:26:23 +03:00
committed by GitHub
parent cd58c16b4e
commit f8bd075ce4
5 changed files with 35 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/docker/views/containers/edit/containerController.js
View File

@@ -21,6 +21,7 @@ angular.module('portainer.docker').controller('ContainerController', [
'ImageService',
'HttpRequestHelper',
'Authentication',
'StateManager',
function (
$q,
$scope,
@@ -40,7 +41,8 @@ angular.module('portainer.docker').controller('ContainerController', [
RegistryService,
ImageService,
HttpRequestHelper,
Authentication
Authentication,
StateManager
) {
$scope.activityTime = 0;
$scope.portBindings = [];
@@ -94,9 +96,13 @@ angular.module('portainer.docker').controller('ContainerController', [
const inSwarm = $scope.container.Config.Labels['com.docker.swarm.service.id'];
const autoRemove = $scope.container.HostConfig.AutoRemove;
const admin = Authentication.isAdmin();
const appState = StateManager.getState();
const { allowHostNamespaceForRegularUsers, allowDeviceMappingForRegularUsers, allowBindMountsForRegularUsers, allowPrivilegedModeForRegularUsers } = appState.application;
const settingRestrictsRegularUsers =
!allowBindMountsForRegularUsers || !allowDeviceMappingForRegularUsers || !allowHostNamespaceForRegularUsers || !allowPrivilegedModeForRegularUsers;
ExtensionService.extensionEnabled(ExtensionService.EXTENSIONS.RBAC).then((rbacEnabled) => {
$scope.displayRecreateButton = !inSwarm && !autoRemove && (rbacEnabled ? admin : true);
$scope.displayRecreateButton = !inSwarm && !autoRemove && (settingRestrictsRegularUsers || rbacEnabled ? admin : true);
});
})
.catch(function error(err) {