github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6d401dcd59'
${ noResults }
portainer/api/http/proxy/service.go

65 lines
2.4 KiB
Raw Normal View History Unescape

feat(global): introduce user teams and new UAC system (#868)
8 years ago
package proxy
import (
"net/http"
"github.com/portainer/portainer"
)
const (
// ErrDockerServiceIdentifierNotFound defines an error raised when Portainer is unable to find a service identifier
ErrDockerServiceIdentifierNotFound = portainer.Error("Docker service identifier not found")
serviceIdentifier = "ID"
)
// serviceListOperation extracts the response as a JSON array, loop through the service array
// decorate and/or filter the services based on resource controls before rewriting the response
feat(settings): add settings management (#906)
8 years ago
func serviceListOperation(request *http.Request, response *http.Response, executor *operationExecutor) error {
feat(global): introduce user teams and new UAC system (#868)
8 years ago
var err error
// ServiceList response is a JSON array
// https://docs.docker.com/engine/api/v1.28/#operation/ServiceList
responseArray, err := getResponseAsJSONArray(response)
if err != nil {
return err
}
feat(settings): add settings management (#906)
8 years ago
if executor.operationContext.isAdmin {
responseArray, err = decorateServiceList(responseArray, executor.operationContext.resourceControls)
feat(global): introduce user teams and new UAC system (#868)
8 years ago
} else {
feat(settings): add settings management (#906)
8 years ago
responseArray, err = filterServiceList(responseArray, executor.operationContext.resourceControls, executor.operationContext.userID, executor.operationContext.userTeamIDs)
feat(global): introduce user teams and new UAC system (#868)
8 years ago
}
if err != nil {
return err
}
return rewriteResponse(response, responseArray, http.StatusOK)
}
// serviceInspectOperation extracts the response as a JSON object, verify that the user
// has access to the service based on resource control and either rewrite an access denied response
// or a decorated service.
feat(settings): add settings management (#906)
8 years ago
func serviceInspectOperation(request *http.Request, response *http.Response, executor *operationExecutor) error {
feat(global): introduce user teams and new UAC system (#868)
8 years ago
// ServiceInspect response is a JSON object
// https://docs.docker.com/engine/api/v1.28/#operation/ServiceInspect
responseObject, err := getResponseAsJSONOBject(response)
if err != nil {
return err
}
if responseObject[serviceIdentifier] == nil {
return ErrDockerServiceIdentifierNotFound
}
serviceID := responseObject[serviceIdentifier].(string)
feat(settings): add settings management (#906)
8 years ago
resourceControl := getResourceControlByResourceID(serviceID, executor.operationContext.resourceControls)
feat(global): introduce user teams and new UAC system (#868)
8 years ago
if resourceControl != nil {
feat(settings): add settings management (#906)
8 years ago
if executor.operationContext.isAdmin || canUserAccessResource(executor.operationContext.userID, executor.operationContext.userTeamIDs, resourceControl) {
feat(global): introduce user teams and new UAC system (#868)
8 years ago
responseObject = decorateObject(responseObject, resourceControl)
} else {
return rewriteAccessDeniedResponse(response)
}
}
return rewriteResponse(response, responseObject, http.StatusOK)
}