mirror of https://github.com/portainer/portainer
118 lines
3.0 KiB
Go
118 lines
3.0 KiB
Go
|
package extensions
|
||
|
|
||
|
import (
|
||
|
portainer "github.com/portainer/portainer/api"
|
||
|
)
|
||
|
|
||
|
func updateUserAccessPolicyToReadOnlyRole(policies portainer.UserAccessPolicies, key portainer.UserID) {
|
||
|
tmp := policies[key]
|
||
|
tmp.RoleID = 4
|
||
|
policies[key] = tmp
|
||
|
}
|
||
|
|
||
|
func updateTeamAccessPolicyToReadOnlyRole(policies portainer.TeamAccessPolicies, key portainer.TeamID) {
|
||
|
tmp := policies[key]
|
||
|
tmp.RoleID = 4
|
||
|
policies[key] = tmp
|
||
|
}
|
||
|
|
||
|
func (handler *Handler) upgradeRBACData() error {
|
||
|
endpointGroups, err := handler.EndpointGroupService.EndpointGroups()
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
for _, endpointGroup := range endpointGroups {
|
||
|
for key := range endpointGroup.UserAccessPolicies {
|
||
|
updateUserAccessPolicyToReadOnlyRole(endpointGroup.UserAccessPolicies, key)
|
||
|
}
|
||
|
|
||
|
for key := range endpointGroup.TeamAccessPolicies {
|
||
|
updateTeamAccessPolicyToReadOnlyRole(endpointGroup.TeamAccessPolicies, key)
|
||
|
}
|
||
|
|
||
|
err := handler.EndpointGroupService.UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
}
|
||
|
|
||
|
endpoints, err := handler.EndpointService.Endpoints()
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
for _, endpoint := range endpoints {
|
||
|
for key := range endpoint.UserAccessPolicies {
|
||
|
updateUserAccessPolicyToReadOnlyRole(endpoint.UserAccessPolicies, key)
|
||
|
}
|
||
|
|
||
|
for key := range endpoint.TeamAccessPolicies {
|
||
|
updateTeamAccessPolicyToReadOnlyRole(endpoint.TeamAccessPolicies, key)
|
||
|
}
|
||
|
|
||
|
err := handler.EndpointService.UpdateEndpoint(endpoint.ID, &endpoint)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return handler.AuthorizationService.UpdateUsersAuthorizations()
|
||
|
}
|
||
|
|
||
|
func updateUserAccessPolicyToNoRole(policies portainer.UserAccessPolicies, key portainer.UserID) {
|
||
|
tmp := policies[key]
|
||
|
tmp.RoleID = 0
|
||
|
policies[key] = tmp
|
||
|
}
|
||
|
|
||
|
func updateTeamAccessPolicyToNoRole(policies portainer.TeamAccessPolicies, key portainer.TeamID) {
|
||
|
tmp := policies[key]
|
||
|
tmp.RoleID = 0
|
||
|
policies[key] = tmp
|
||
|
}
|
||
|
|
||
|
func (handler *Handler) downgradeRBACData() error {
|
||
|
endpointGroups, err := handler.EndpointGroupService.EndpointGroups()
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
for _, endpointGroup := range endpointGroups {
|
||
|
for key := range endpointGroup.UserAccessPolicies {
|
||
|
updateUserAccessPolicyToNoRole(endpointGroup.UserAccessPolicies, key)
|
||
|
}
|
||
|
|
||
|
for key := range endpointGroup.TeamAccessPolicies {
|
||
|
updateTeamAccessPolicyToNoRole(endpointGroup.TeamAccessPolicies, key)
|
||
|
}
|
||
|
|
||
|
err := handler.EndpointGroupService.UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
}
|
||
|
|
||
|
endpoints, err := handler.EndpointService.Endpoints()
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
for _, endpoint := range endpoints {
|
||
|
for key := range endpoint.UserAccessPolicies {
|
||
|
updateUserAccessPolicyToNoRole(endpoint.UserAccessPolicies, key)
|
||
|
}
|
||
|
|
||
|
for key := range endpoint.TeamAccessPolicies {
|
||
|
updateTeamAccessPolicyToNoRole(endpoint.TeamAccessPolicies, key)
|
||
|
}
|
||
|
|
||
|
err := handler.EndpointService.UpdateEndpoint(endpoint.ID, &endpoint)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return handler.AuthorizationService.UpdateUsersAuthorizations()
|
||
|
}
|