portainer/api/http/handler/customtemplates/handler.go

package customtemplates

import (
	"net/http"

	"github.com/gorilla/mux"
	httperror "github.com/portainer/libhttp/error"
	"github.com/portainer/portainer/api"
	"github.com/portainer/portainer/api/http/security"
	"github.com/portainer/portainer/api/internal/authorization"
)

// Handler is the HTTP handler used to handle endpoint group operations.
type Handler struct {
	*mux.Router
	DataStore   portainer.DataStore
	FileService portainer.FileService
	GitService  portainer.GitService
}

// NewHandler creates a handler to manage endpoint group operations.
func NewHandler(bouncer *security.RequestBouncer) *Handler {
	h := &Handler{
		Router: mux.NewRouter(),
	}
	h.Handle("/custom_templates",
		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateCreate))).Methods(http.MethodPost)
	h.Handle("/custom_templates",
		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateList))).Methods(http.MethodGet)
	h.Handle("/custom_templates/{id}",
		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateInspect))).Methods(http.MethodGet)
	h.Handle("/custom_templates/{id}/file",
		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateFile))).Methods(http.MethodGet)
	h.Handle("/custom_templates/{id}",
		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateUpdate))).Methods(http.MethodPut)
	h.Handle("/custom_templates/{id}",
		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateDelete))).Methods(http.MethodDelete)
	return h
}

func userCanEditTemplate(customTemplate *portainer.CustomTemplate, securityContext *security.RestrictedRequestContext) bool {
	return securityContext.IsAdmin || customTemplate.CreatedByUserID == securityContext.UserID
}

func userCanAccessTemplate(customTemplate portainer.CustomTemplate, securityContext *security.RestrictedRequestContext, resourceControl *portainer.ResourceControl) bool {
	if securityContext.IsAdmin || customTemplate.CreatedByUserID == securityContext.UserID {
		return true
	}

	userTeamIDs := make([]portainer.TeamID, 0)
	for _, membership := range securityContext.UserMemberships {
		userTeamIDs = append(userTeamIDs, membership.TeamID)
	}

	if resourceControl != nil && authorization.UserCanAccessResource(securityContext.UserID, userTeamIDs, resourceControl) {
		return true
	}

	return false
}
feat(custom-templates): introduce custom templates (#3906) * feat(custom-templates): introduce types * feat(custom-templates): introduce data layer service * feat(custom-templates): introduce http handler * feat(custom-templates): create routes and view stubs * feat(custom-templates): add create custom template ui * feat(custom-templates): add json keys * feat(custom-templates): introduce custom templates list page * feat(custom-templates): introduce update page * feat(stack): create template from stack * feat(stacks): create stack from custom template * feat(custom-templates): disable edit/delete of templates * fix(custom-templates): fail update on non admin/owner * fix(custom-templates): add ng-inject decorator * chore(plop): revert template * feat(stacks): remove actions column * feat(stack): add button to create template from stack * feat(stacks): add empty state for templates * feat(custom-templates): show templates in a list * feat(custom-template): replace table with list * feat(custom-templates): move create template button * refactor(custom-templates): introduce more fields * feat(custom-templates): use stack type when creating template * feat(custom-templates): use same type as stack * feat(custom-templates): add edit and delete buttons to template item * feat(custom-templates): customize stack before deploy * feat(stack): show template details * feat(custom-templates): move customize * feat(custom-templates): create description required * fix(template): show platform icon * fix(custom-templates): show spinner when creating stack * feat(custom-templates): prevent user from edit templates * feat(custom-templates): use resource control for custom templates * feat(custom-templates): show created templates * feat(custom-templates): filter templates by stack type * fix(custom-templates): create swarm or standalone stack * feat(stacks): filter templates by type * feat(resource-control): disable resource control on public * feat(custom-template): apply access control on edit * feat(custom-template): add form validation * feat(stack): disable create custom template from external task * refactor(custom-templates): create template from file and type * feat(templates): introduce a file handler that returns template docker file * feat(template): introduce template duplication * feat(custom-template): enforce unique template name * fix(template): rename copy button * fix(custom-template): clear access control selection between templates * fix(custom-templates): show required fields * refactor(filesystem): use a constant for temp path 2020-07-06 23:18:39 +00:00			`package customtemplates`

			`import (`
			`"net/http"`

			`"github.com/gorilla/mux"`
			`httperror "github.com/portainer/libhttp/error"`
			`"github.com/portainer/portainer/api"`
			`"github.com/portainer/portainer/api/http/security"`
			`"github.com/portainer/portainer/api/internal/authorization"`
			`)`

			`// Handler is the HTTP handler used to handle endpoint group operations.`
			`type Handler struct {`
			`*mux.Router`
			`DataStore portainer.DataStore`
			`FileService portainer.FileService`
			`GitService portainer.GitService`
			`}`

			`// NewHandler creates a handler to manage endpoint group operations.`
			`func NewHandler(bouncer security.RequestBouncer) Handler {`
			`h := &Handler{`
			`Router: mux.NewRouter(),`
			`}`
			`h.Handle("/custom_templates",`
			`bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateCreate))).Methods(http.MethodPost)`
			`h.Handle("/custom_templates",`
			`bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateList))).Methods(http.MethodGet)`
			`h.Handle("/custom_templates/{id}",`
			`bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateInspect))).Methods(http.MethodGet)`
			`h.Handle("/custom_templates/{id}/file",`
			`bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateFile))).Methods(http.MethodGet)`
			`h.Handle("/custom_templates/{id}",`
			`bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateUpdate))).Methods(http.MethodPut)`
			`h.Handle("/custom_templates/{id}",`
			`bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateDelete))).Methods(http.MethodDelete)`
			`return h`
			`}`

			`func userCanEditTemplate(customTemplate portainer.CustomTemplate, securityContext security.RestrictedRequestContext) bool {`
			`return securityContext.IsAdmin \|\| customTemplate.CreatedByUserID == securityContext.UserID`
			`}`

			`func userCanAccessTemplate(customTemplate portainer.CustomTemplate, securityContext security.RestrictedRequestContext, resourceControl portainer.ResourceControl) bool {`
			`if securityContext.IsAdmin \|\| customTemplate.CreatedByUserID == securityContext.UserID {`
			`return true`
			`}`

			`userTeamIDs := make([]portainer.TeamID, 0)`
			`for _, membership := range securityContext.UserMemberships {`
			`userTeamIDs = append(userTeamIDs, membership.TeamID)`
			`}`

			`if resourceControl != nil && authorization.UserCanAccessResource(securityContext.UserID, userTeamIDs, resourceControl) {`
			`return true`
			`}`

			`return false`
			`}`