2021-12-14 19:14:53 +00:00
|
|
|
import { FeatureId } from '@/portainer/feature-flags/enums';
|
2021-11-02 20:57:21 +00:00
|
|
|
|
2021-02-09 08:09:06 +00:00
|
|
|
export default class DockerFeaturesConfigurationController {
|
|
|
|
/* @ngInject */
|
2021-12-14 19:14:53 +00:00
|
|
|
constructor($async, $scope, EndpointService, Notifications, StateManager) {
|
2021-02-09 08:09:06 +00:00
|
|
|
this.$async = $async;
|
2021-12-14 19:14:53 +00:00
|
|
|
this.$scope = $scope;
|
2021-02-09 08:09:06 +00:00
|
|
|
this.EndpointService = EndpointService;
|
|
|
|
this.Notifications = Notifications;
|
|
|
|
this.StateManager = StateManager;
|
|
|
|
|
2021-12-14 19:14:53 +00:00
|
|
|
this.limitedFeature = FeatureId.HIDE_AUTO_UPDATE_WINDOW;
|
2021-11-02 20:57:21 +00:00
|
|
|
|
2021-02-09 08:09:06 +00:00
|
|
|
this.formValues = {
|
|
|
|
enableHostManagementFeatures: false,
|
|
|
|
allowVolumeBrowserForRegularUsers: false,
|
|
|
|
disableBindMountsForRegularUsers: false,
|
|
|
|
disablePrivilegedModeForRegularUsers: false,
|
|
|
|
disableHostNamespaceForRegularUsers: false,
|
|
|
|
disableStackManagementForRegularUsers: false,
|
|
|
|
disableDeviceMappingForRegularUsers: false,
|
|
|
|
disableContainerCapabilitiesForRegularUsers: false,
|
2021-04-12 07:40:45 +00:00
|
|
|
disableSysctlSettingForRegularUsers: false,
|
2021-02-09 08:09:06 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
this.isAgent = false;
|
|
|
|
|
|
|
|
this.state = {
|
|
|
|
actionInProgress: false,
|
2021-12-14 19:14:53 +00:00
|
|
|
autoUpdateSettings: { Enabled: false },
|
|
|
|
timeZone: '',
|
2021-02-09 08:09:06 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
this.save = this.save.bind(this);
|
2021-12-14 19:14:53 +00:00
|
|
|
this.onChangeField = this.onChangeField.bind(this);
|
|
|
|
this.onToggleAutoUpdate = this.onToggleAutoUpdate.bind(this);
|
|
|
|
this.onChangeEnableHostManagementFeatures = this.onChangeField('enableHostManagementFeatures');
|
|
|
|
this.onChangeAllowVolumeBrowserForRegularUsers = this.onChangeField('allowVolumeBrowserForRegularUsers');
|
|
|
|
this.onChangeDisableBindMountsForRegularUsers = this.onChangeField('disableBindMountsForRegularUsers');
|
|
|
|
this.onChangeDisablePrivilegedModeForRegularUsers = this.onChangeField('disablePrivilegedModeForRegularUsers');
|
|
|
|
this.onChangeDisableHostNamespaceForRegularUsers = this.onChangeField('disableHostNamespaceForRegularUsers');
|
|
|
|
this.onChangeDisableStackManagementForRegularUsers = this.onChangeField('disableStackManagementForRegularUsers');
|
|
|
|
this.onChangeDisableDeviceMappingForRegularUsers = this.onChangeField('disableDeviceMappingForRegularUsers');
|
|
|
|
this.onChangeDisableContainerCapabilitiesForRegularUsers = this.onChangeField('disableContainerCapabilitiesForRegularUsers');
|
|
|
|
this.onChangeDisableSysctlSettingForRegularUsers = this.onChangeField('disableSysctlSettingForRegularUsers');
|
|
|
|
}
|
|
|
|
|
|
|
|
onToggleAutoUpdate(value) {
|
|
|
|
return this.$scope.$evalAsync(() => {
|
|
|
|
this.state.autoUpdateSettings.Enabled = value;
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
onChange(values) {
|
|
|
|
return this.$scope.$evalAsync(() => {
|
|
|
|
this.formValues = {
|
|
|
|
...this.formValues,
|
|
|
|
...values,
|
|
|
|
};
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
onChangeField(field) {
|
|
|
|
return (value) => {
|
|
|
|
this.onChange({
|
|
|
|
[field]: value,
|
|
|
|
});
|
|
|
|
};
|
2021-02-09 08:09:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
isContainerEditDisabled() {
|
|
|
|
const {
|
|
|
|
disableBindMountsForRegularUsers,
|
|
|
|
disableHostNamespaceForRegularUsers,
|
|
|
|
disablePrivilegedModeForRegularUsers,
|
|
|
|
disableDeviceMappingForRegularUsers,
|
|
|
|
disableContainerCapabilitiesForRegularUsers,
|
2021-04-12 07:40:45 +00:00
|
|
|
disableSysctlSettingForRegularUsers,
|
2021-02-09 08:09:06 +00:00
|
|
|
} = this.formValues;
|
|
|
|
return (
|
|
|
|
disableBindMountsForRegularUsers ||
|
|
|
|
disableHostNamespaceForRegularUsers ||
|
|
|
|
disablePrivilegedModeForRegularUsers ||
|
|
|
|
disableDeviceMappingForRegularUsers ||
|
2021-04-12 07:40:45 +00:00
|
|
|
disableContainerCapabilitiesForRegularUsers ||
|
|
|
|
disableSysctlSettingForRegularUsers
|
2021-02-09 08:09:06 +00:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
async save() {
|
|
|
|
return this.$async(async () => {
|
|
|
|
try {
|
|
|
|
this.state.actionInProgress = true;
|
|
|
|
const securitySettings = {
|
|
|
|
enableHostManagementFeatures: this.formValues.enableHostManagementFeatures,
|
|
|
|
allowBindMountsForRegularUsers: !this.formValues.disableBindMountsForRegularUsers,
|
|
|
|
allowPrivilegedModeForRegularUsers: !this.formValues.disablePrivilegedModeForRegularUsers,
|
|
|
|
allowVolumeBrowserForRegularUsers: this.formValues.allowVolumeBrowserForRegularUsers,
|
|
|
|
allowHostNamespaceForRegularUsers: !this.formValues.disableHostNamespaceForRegularUsers,
|
|
|
|
allowDeviceMappingForRegularUsers: !this.formValues.disableDeviceMappingForRegularUsers,
|
|
|
|
allowStackManagementForRegularUsers: !this.formValues.disableStackManagementForRegularUsers,
|
|
|
|
allowContainerCapabilitiesForRegularUsers: !this.formValues.disableContainerCapabilitiesForRegularUsers,
|
2021-04-12 07:40:45 +00:00
|
|
|
allowSysctlSettingForRegularUsers: !this.formValues.disableSysctlSettingForRegularUsers,
|
2021-02-09 08:09:06 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
await this.EndpointService.updateSecuritySettings(this.endpoint.Id, securitySettings);
|
|
|
|
|
|
|
|
this.endpoint.SecuritySettings = securitySettings;
|
|
|
|
this.Notifications.success('Saved settings successfully');
|
|
|
|
} catch (e) {
|
|
|
|
this.Notifications.error('Failure', e, 'Failed saving settings');
|
|
|
|
}
|
|
|
|
this.state.actionInProgress = false;
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
checkAgent() {
|
|
|
|
const applicationState = this.StateManager.getState();
|
|
|
|
return applicationState.endpoint.mode.agentProxy;
|
|
|
|
}
|
|
|
|
|
|
|
|
$onInit() {
|
|
|
|
const securitySettings = this.endpoint.SecuritySettings;
|
|
|
|
|
|
|
|
const isAgent = this.checkAgent();
|
|
|
|
this.isAgent = isAgent;
|
|
|
|
|
|
|
|
this.formValues = {
|
|
|
|
enableHostManagementFeatures: isAgent && securitySettings.enableHostManagementFeatures,
|
|
|
|
allowVolumeBrowserForRegularUsers: isAgent && securitySettings.allowVolumeBrowserForRegularUsers,
|
|
|
|
disableBindMountsForRegularUsers: !securitySettings.allowBindMountsForRegularUsers,
|
|
|
|
disablePrivilegedModeForRegularUsers: !securitySettings.allowPrivilegedModeForRegularUsers,
|
|
|
|
disableHostNamespaceForRegularUsers: !securitySettings.allowHostNamespaceForRegularUsers,
|
|
|
|
disableDeviceMappingForRegularUsers: !securitySettings.allowDeviceMappingForRegularUsers,
|
|
|
|
disableStackManagementForRegularUsers: !securitySettings.allowStackManagementForRegularUsers,
|
|
|
|
disableContainerCapabilitiesForRegularUsers: !securitySettings.allowContainerCapabilitiesForRegularUsers,
|
2021-04-12 07:40:45 +00:00
|
|
|
disableSysctlSettingForRegularUsers: !securitySettings.allowSysctlSettingForRegularUsers,
|
2021-02-09 08:09:06 +00:00
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|