mirror of https://github.com/portainer/portainer
fix(permission): EE-3772 Team leaders are able to see all environments (#7331)
parent
f8b4663e0a
commit
149c414d08
|
@ -81,11 +81,11 @@ func FilterRegistries(registries []portainer.Registry, user *portainer.User, tea
|
||||||
}
|
}
|
||||||
|
|
||||||
// FilterEndpoints filters environments(endpoints) based on user role and team memberships.
|
// FilterEndpoints filters environments(endpoints) based on user role and team memberships.
|
||||||
// Non administrator and non-team-leader only have access to authorized environments(endpoints) (can be inherited via endpoint groups).
|
// Non administrator only have access to authorized environments(endpoints) (can be inherited via endpoint groups).
|
||||||
func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.Endpoint {
|
func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.Endpoint {
|
||||||
filteredEndpoints := endpoints
|
filteredEndpoints := endpoints
|
||||||
|
|
||||||
if !context.IsAdmin && !context.IsTeamLeader {
|
if !context.IsAdmin {
|
||||||
filteredEndpoints = make([]portainer.Endpoint, 0)
|
filteredEndpoints = make([]portainer.Endpoint, 0)
|
||||||
|
|
||||||
for _, endpoint := range endpoints {
|
for _, endpoint := range endpoints {
|
||||||
|
@ -101,11 +101,11 @@ func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.Endpoint
|
||||||
}
|
}
|
||||||
|
|
||||||
// FilterEndpointGroups filters environment(endpoint) groups based on user role and team memberships.
|
// FilterEndpointGroups filters environment(endpoint) groups based on user role and team memberships.
|
||||||
// Non administrator users and Non-team-leaders only have access to authorized environment(endpoint) groups.
|
// Non administrator users only have access to authorized environment(endpoint) groups.
|
||||||
func FilterEndpointGroups(endpointGroups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.EndpointGroup {
|
func FilterEndpointGroups(endpointGroups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.EndpointGroup {
|
||||||
filteredEndpointGroups := endpointGroups
|
filteredEndpointGroups := endpointGroups
|
||||||
|
|
||||||
if !context.IsAdmin && !context.IsTeamLeader {
|
if !context.IsAdmin {
|
||||||
filteredEndpointGroups = make([]portainer.EndpointGroup, 0)
|
filteredEndpointGroups = make([]portainer.EndpointGroup, 0)
|
||||||
|
|
||||||
for _, group := range endpointGroups {
|
for _, group := range endpointGroups {
|
||||||
|
|
Loading…
Reference in New Issue