github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(docker): prevent non admins from passing security settings [EE-6765] (#11239)

pull/11254/head
Chaim Lev-Ari 2024-02-25 11:57:19 +02:00 committed by GitHub
parent 988064a542
commit 0fd20277c1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/react/docker/containers/CreateView/CreateView.tsx
View File

@ -49,7 +49,9 @@ function CreateForm() {
const router = useRouter();
const { trackEvent } = useAnalytics();
const isAdminQuery = useIsEdgeAdmin();
const { authorized: isEnvironmentAdmin } = useIsEnvironmentAdmin();
const { authorized: isEnvironmentAdmin } = useIsEnvironmentAdmin({
adminOnlyCE: true,
});
const [isDockerhubRateLimited, setIsDockerhubRateLimited] = useState(false);
const mutation = useCreateOrReplaceMutation();

2
app/react/docker/containers/CreateView/InnerForm.tsx
View File

@ -41,7 +41,7 @@ export function InnerForm({
const environmentId = useEnvironmentId();
const [tab, setTab] = useState('commands');
const apiVersion = useApiVersion(environmentId);
const isEnvironmentAdminQuery = useIsEnvironmentAdmin();
const isEnvironmentAdminQuery = useIsEnvironmentAdmin({ adminOnlyCE: true });
const envQuery = useCurrentEnvironment();
if (!envQuery.data) {

12
app/react/hooks/useUser.tsx
View File

@ -98,17 +98,17 @@ export function useAuthorizations(
params: { endpointId },
} = useCurrentStateAndParams();
const envQuery = useEnvironment(forceEnvironmentId || endpointId);
const isAdmin = useIsEdgeAdmin({ forceEnvironmentId });
const isAdminQuery = useIsEdgeAdmin({ forceEnvironmentId });
if (!user) {
return { authorized: false, isLoading: false };
}
if (envQuery.isLoading) {
if (envQuery.isLoading || isAdminQuery.isLoading) {
return { authorized: false, isLoading: true };
}
if (isAdmin) {
if (isAdminQuery.isAdmin) {
return { authorized: true, isLoading: false };
}
@ -138,12 +138,18 @@ export function useIsEnvironmentAdmin({
/**
* will return true if the user has the authorizations. assumes the user is authenticated and not an admin
*
* @private Please use `useAuthorizations` instead. Exported only for angular's authentication service app/portainer/services/authentication.js:154
*/
export function hasAuthorizations(
user: User,
authorizations: string | string[],
environmentId?: EnvironmentId
) {
if (!isBE) {
return true;
}
const authorizationsArray =
typeof authorizations === 'string' ? [authorizations] : authorizations;