-
+
diff --git a/app/docker/views/containers/edit/containerController.js b/app/docker/views/containers/edit/containerController.js
index 12f7ce7ca..860c2ccc0 100644
--- a/app/docker/views/containers/edit/containerController.js
+++ b/app/docker/views/containers/edit/containerController.js
@@ -1,8 +1,8 @@
import moment from 'moment';
angular.module('portainer.docker')
-.controller('ContainerController', ['$q', '$scope', '$state','$transition$', '$filter', 'Commit', 'ContainerHelper', 'ContainerService', 'ImageHelper', 'NetworkService', 'Notifications', 'ModalService', 'ResourceControlService', 'RegistryService', 'ImageService', 'HttpRequestHelper',
-function ($q, $scope, $state, $transition$, $filter, Commit, ContainerHelper, ContainerService, ImageHelper, NetworkService, Notifications, ModalService, ResourceControlService, RegistryService, ImageService, HttpRequestHelper) {
+.controller('ContainerController', ['$q', '$scope', '$state','$transition$', '$filter', 'Commit', 'ContainerHelper', 'ContainerService', 'ImageHelper', 'NetworkService', 'Notifications', 'ModalService', 'ResourceControlService', 'RegistryService', 'ImageService', 'HttpRequestHelper', 'Authentication',
+function ($q, $scope, $state, $transition$, $filter, Commit, ContainerHelper, ContainerService, ImageHelper, NetworkService, Notifications, ModalService, ResourceControlService, RegistryService, ImageService, HttpRequestHelper, Authentication) {
$scope.activityTime = 0;
$scope.portBindings = [];
@@ -205,7 +205,7 @@ function ($q, $scope, $state, $transition$, $filter, Commit, ContainerHelper, Co
.then(setMainNetworkAndCreateContainer)
.then(connectContainerToOtherNetworks)
.then(startContainerIfNeeded)
- .then(createResourceControlIfNeeded)
+ .then(createResourceControl)
.then(deleteOldContainer)
.then(notifyAndChangeView)
.catch(notifyOnError);
@@ -276,19 +276,11 @@ function ($q, $scope, $state, $transition$, $filter, Commit, ContainerHelper, Co
);
}
- function createResourceControlIfNeeded(newContainer) {
- if (!container.ResourceControl) {
- return $q.when();
- }
- var containerIdentifier = newContainer.Id;
- var resourceControl = container.ResourceControl;
- var users = resourceControl.UserAccesses.map(function(u) {
- return u.UserId;
- });
- var teams = resourceControl.TeamAccesses.map(function(t) {
- return t.TeamId;
- });
- return ResourceControlService.createResourceControl(resourceControl.Public, users, teams, containerIdentifier, 'container', []);
+ function createResourceControl(newContainer) {
+ const userId = Authentication.getUserDetails().ID;
+ const oldResourceControl = container.ResourceControl;
+ const newResourceControl = newContainer.Portainer.ResourceControl;
+ return ResourceControlService.duplicateResourceControl(userId, oldResourceControl, newResourceControl);
}
function notifyAndChangeView() {
diff --git a/app/docker/views/networks/create/createNetworkController.js b/app/docker/views/networks/create/createNetworkController.js
index 615c713ba..a592582a6 100644
--- a/app/docker/views/networks/create/createNetworkController.js
+++ b/app/docker/views/networks/create/createNetworkController.js
@@ -134,9 +134,10 @@ angular.module('portainer.docker')
$scope.state.actionInProgress = true;
NetworkService.create(context.networkConfiguration)
.then(function success(data) {
- var networkIdentifier = data.Id;
- var userId = context.userDetails.ID;
- return ResourceControlService.applyResourceControl('network', networkIdentifier, userId, context.accessControlData, []);
+ const userId = context.userDetails.ID;
+ const accessControlData = context.accessControlData;
+ const resourceControl = data.Portainer.ResourceControl;
+ return ResourceControlService.applyResourceControl(userId, accessControlData, resourceControl);
})
.then(function success() {
Notifications.success('Network successfully created');
diff --git a/app/docker/views/networks/edit/network.html b/app/docker/views/networks/edit/network.html
index 74d2078d0..b5ee95ce0 100644
--- a/app/docker/views/networks/edit/network.html
+++ b/app/docker/views/networks/edit/network.html
@@ -20,7 +20,7 @@
ID |
{{ network.Id }}
-
+
|
@@ -55,7 +55,8 @@
ng-if="network && applicationState.application.authentication"
resource-id="network.Id"
resource-control="network.ResourceControl"
- resource-type="'network'">
+ resource-type="'network'"
+ disable-ownership-change="isSystemNetwork()">
diff --git a/app/docker/views/networks/edit/networkController.js b/app/docker/views/networks/edit/networkController.js
index 27ec8787e..294c76c5e 100644
--- a/app/docker/views/networks/edit/networkController.js
+++ b/app/docker/views/networks/edit/networkController.js
@@ -1,8 +1,6 @@
angular.module('portainer.docker')
-.controller('NetworkController', ['$scope', '$state', '$transition$', '$filter', 'NetworkService', 'Container', 'Notifications', 'HttpRequestHelper', 'PREDEFINED_NETWORKS',
-function ($scope, $state, $transition$, $filter, NetworkService, Container, Notifications, HttpRequestHelper, PREDEFINED_NETWORKS) {
-
- $scope.network = {};
+.controller('NetworkController', ['$scope', '$state', '$transition$', '$filter', 'NetworkService', 'Container', 'Notifications', 'HttpRequestHelper', 'NetworkHelper',
+function ($scope, $state, $transition$, $filter, NetworkService, Container, Notifications, HttpRequestHelper, NetworkHelper) {
$scope.removeNetwork = function removeNetwork() {
NetworkService.remove($transition$.params().id, $transition$.params().id)
@@ -27,8 +25,12 @@ function ($scope, $state, $transition$, $filter, NetworkService, Container, Noti
});
};
- $scope.allowRemove = function allowRemove(item) {
- return !PREDEFINED_NETWORKS.includes(item.Name);
+ $scope.isSystemNetwork = function() {
+ return $scope.network && NetworkHelper.isSystemNetwork($scope.network);
+ }
+
+ $scope.allowRemove = function() {
+ return !$scope.isSystemNetwork();
};
function filterContainersInNetwork(network, containers) {
diff --git a/app/docker/views/secrets/create/createSecretController.js b/app/docker/views/secrets/create/createSecretController.js
index f0fddc55a..b488ed37d 100644
--- a/app/docker/views/secrets/create/createSecretController.js
+++ b/app/docker/views/secrets/create/createSecretController.js
@@ -59,9 +59,9 @@ function ($scope, $state, Notifications, SecretService, LabelHelper, Authenticat
$scope.create = function () {
- var accessControlData = $scope.formValues.AccessControlData;
- var userDetails = Authentication.getUserDetails();
- var isAdmin = Authentication.isAdmin();
+ const accessControlData = $scope.formValues.AccessControlData;
+ const userDetails = Authentication.getUserDetails();
+ const isAdmin = Authentication.isAdmin();
if (!validateForm(accessControlData, isAdmin)) {
return;
@@ -71,9 +71,9 @@ function ($scope, $state, Notifications, SecretService, LabelHelper, Authenticat
var secretConfiguration = prepareConfiguration();
SecretService.create(secretConfiguration)
.then(function success(data) {
- var secretIdentifier = data.ID;
- var userId = userDetails.ID;
- return ResourceControlService.applyResourceControl('secret', secretIdentifier, userId, accessControlData, []);
+ const userId = userDetails.ID;
+ const resourceControl = data.Portainer.ResourceControl;
+ return ResourceControlService.applyResourceControl(userId, accessControlData, resourceControl);
})
.then(function success() {
Notifications.success('Secret successfully created');
diff --git a/app/docker/views/services/create/createServiceController.js b/app/docker/views/services/create/createServiceController.js
index d23e5bf77..17ed83506 100644
--- a/app/docker/views/services/create/createServiceController.js
+++ b/app/docker/views/services/create/createServiceController.js
@@ -432,15 +432,14 @@ function ($q, $scope, $state, $timeout, Service, ServiceHelper, ConfigService, C
var authenticationDetails = registry.Authentication ? RegistryService.encodedCredentials(registry) : '';
HttpRequestHelper.setRegistryAuthenticationHeader(authenticationDetails);
- var serviceIdentifier;
Service.create(config).$promise
.then(function success(data) {
- serviceIdentifier = data.ID;
- return $q.when($scope.formValues.Webhook && WebhookService.createServiceWebhook(serviceIdentifier, EndpointProvider.endpointID()));
- })
- .then(function success() {
- var userId = Authentication.getUserDetails().ID;
- return ResourceControlService.applyResourceControl('service', serviceIdentifier, userId, accessControlData, []);
+ const serviceId = data.ID;
+ const resourceControl = data.Portainer.ResourceControl;
+ const userId = Authentication.getUserDetails().ID;
+ const rcPromise = ResourceControlService.applyResourceControl(userId, accessControlData, resourceControl);
+ const webhookPromise = $q.when($scope.formValues.Webhook && WebhookService.createServiceWebhook(serviceId, EndpointProvider.endpointID()));
+ return $q.all([rcPromise, webhookPromise]);
})
.then(function success() {
Notifications.success('Service successfully created');
diff --git a/app/docker/views/volumes/create/createVolumeController.js b/app/docker/views/volumes/create/createVolumeController.js
index 71335e3eb..fbf16f6a6 100644
--- a/app/docker/views/volumes/create/createVolumeController.js
+++ b/app/docker/views/volumes/create/createVolumeController.js
@@ -81,9 +81,9 @@ function ($q, $scope, $state, VolumeService, PluginService, ResourceControlServi
$scope.state.actionInProgress = true;
VolumeService.createVolume(volumeConfiguration)
.then(function success(data) {
- var volumeIdentifier = data.Id;
- var userId = userDetails.ID;
- return ResourceControlService.applyResourceControl('volume', volumeIdentifier, userId, accessControlData, []);
+ const userId = userDetails.ID;
+ const resourceControl = data.ResourceControl;
+ return ResourceControlService.applyResourceControl(userId, accessControlData, resourceControl);
})
.then(function success() {
Notifications.success('Volume successfully created');
diff --git a/app/portainer/components/accessControlForm/porAccessControlForm.html b/app/portainer/components/accessControlForm/porAccessControlForm.html
index 9b62663fc..2dbc533c9 100644
--- a/app/portainer/components/accessControlForm/porAccessControlForm.html
+++ b/app/portainer/components/accessControlForm/porAccessControlForm.html
@@ -71,7 +71,7 @@
-
-
+
|
Access control on this resource is inherited from the following service: {{ $ctrl.resourceControl.ResourceId | truncate }}
|
-
+
|
Access control on this resource is inherited from the following container: {{ $ctrl.resourceControl.ResourceId | truncate }}
|
-
+
|
Access control on this resource is inherited from the following stack: {{ $ctrl.resourceControl.ResourceId }}
@@ -61,11 +61,7 @@
|
-
+
|
Change ownership
|
@@ -76,7 +72,7 @@
|
-
+
|
Teams
@@ -149,7 +145,7 @@
|
-
+
|
Users
diff --git a/app/portainer/components/accessControlPanel/porAccessControlPanelController.js b/app/portainer/components/accessControlPanel/porAccessControlPanelController.js
index 1498981eb..92b366002 100644
--- a/app/portainer/components/accessControlPanel/porAccessControlPanelController.js
+++ b/app/portainer/components/accessControlPanel/porAccessControlPanelController.js
@@ -1,11 +1,17 @@
import _ from 'lodash-es';
+import { AccessControlPanelData } from './porAccessControlPanelModel';
+import { ResourceControlOwnership as RCO } from 'Portainer/models/resourceControl/resourceControlOwnership';
+import { ResourceControlTypeString as RCTS, ResourceControlTypeInt as RCTI} from 'Portainer/models/resourceControl/resourceControlTypes';
angular.module('portainer.app')
-.controller('porAccessControlPanelController', ['$q', '$state', 'UserService', 'TeamService', 'ResourceControlService', 'Notifications', 'Authentication', 'ModalService', 'FormValidator',
-function ($q, $state, UserService, TeamService, ResourceControlService, Notifications, Authentication, ModalService, FormValidator) {
+.controller('porAccessControlPanelController', ['$q', '$state', 'UserService', 'TeamService', 'ResourceControlHelper', 'ResourceControlService', 'Notifications', 'Authentication', 'ModalService', 'FormValidator',
+function ($q, $state, UserService, TeamService, ResourceControlHelper, ResourceControlService, Notifications, Authentication, ModalService, FormValidator) {
var ctrl = this;
+ ctrl.RCO = RCO;
+ ctrl.RCTS = RCTS;
+ ctrl.RCTI = RCTI;
ctrl.state = {
displayAccessControlPanel: false,
canEditOwnership: false,
@@ -13,17 +19,24 @@ function ($q, $state, UserService, TeamService, ResourceControlService, Notifica
formValidationError: ''
};
- ctrl.formValues = {
- Ownership: 'administrators',
- Ownership_Users: [],
- Ownership_Teams: []
- };
+ ctrl.formValues = new AccessControlPanelData();
ctrl.authorizedUsers = [];
ctrl.availableUsers = [];
ctrl.authorizedTeams = [];
ctrl.availableTeams = [];
+ ctrl.canEditOwnership = function() {
+ const hasRC = ctrl.resourceControl;
+ const inheritedVolume = hasRC && ctrl.resourceControl.Type === RCTI.CONTAINER && ctrl.resourceType === RCTS.VOLUME;
+ const inheritedContainer = hasRC && ctrl.resourceControl.Type === RCTI.SERVICE && ctrl.resourceType === RCTS.CONTAINER;
+ const inheritedFromStack = hasRC && ctrl.resourceControl.Type === RCTI.STACK && ctrl.resourceType !== RCTS.STACK;
+ const hasSpecialDisable = ctrl.disableOwnershipChange;
+
+ return !inheritedVolume && !inheritedContainer && !inheritedFromStack && !hasSpecialDisable
+ && !ctrl.state.editOwnership && (ctrl.isAdmin || ctrl.state.canEditOwnership);
+ }
+
ctrl.confirmUpdateOwnership = function () {
if (!validateForm()) {
return;
@@ -39,7 +52,7 @@ function ($q, $state, UserService, TeamService, ResourceControlService, Notifica
var error = '';
var accessControlData = {
- AccessControlEnabled: ctrl.formValues.Ownership === 'public' ? false : true,
+ AccessControlEnabled: ctrl.formValues.Ownership === RCO.PUBLIC ? false : true,
Ownership: ctrl.formValues.Ownership,
AuthorizedUsers: ctrl.formValues.Ownership_Users,
AuthorizedTeams: ctrl.formValues.Ownership_Teams
@@ -53,32 +66,8 @@ function ($q, $state, UserService, TeamService, ResourceControlService, Notifica
return true;
}
- function processOwnershipFormValues() {
- var userIds = [];
- angular.forEach(ctrl.formValues.Ownership_Users, function(user) {
- userIds.push(user.Id);
- });
- var teamIds = [];
- angular.forEach(ctrl.formValues.Ownership_Teams, function(team) {
- teamIds.push(team.Id);
- });
-
- var publicOnly = ctrl.formValues.Ownership === 'public' ? true : false;
-
- return {
- ownership: ctrl.formValues.Ownership,
- authorizedUserIds: publicOnly ? [] : userIds,
- authorizedTeamIds: publicOnly ? [] : teamIds,
- publicOnly: publicOnly
- };
- }
-
function updateOwnership() {
- var resourceId = ctrl.resourceId;
- var ownershipParameters = processOwnershipFormValues();
-
- ResourceControlService.applyResourceControlChange(ctrl.resourceType, resourceId,
- ctrl.resourceControl, ownershipParameters)
+ ResourceControlService.applyResourceControlChange(ctrl.resourceType, ctrl.resourceId, ctrl.resourceControl, ctrl.formValues)
.then(function success() {
Notifications.success('Access control successfully updated');
$state.reload();
@@ -95,17 +84,12 @@ function ($q, $state, UserService, TeamService, ResourceControlService, Notifica
ctrl.isAdmin = isAdmin;
var resourceControl = ctrl.resourceControl;
- if (isAdmin) {
- if (resourceControl) {
- ctrl.formValues.Ownership = resourceControl.Ownership === 'private' ? 'restricted' : resourceControl.Ownership;
- } else {
- ctrl.formValues.Ownership = 'administrators';
- }
+ if (isAdmin && resourceControl) {
+ ctrl.formValues.Ownership = resourceControl.Ownership === RCO.PRIVATE ? RCO.RESTRICTED : resourceControl.Ownership;
} else {
- ctrl.formValues.Ownership = 'administrators';
+ ctrl.formValues.Ownership = RCO.ADMINISTRATORS;
}
-
ResourceControlService.retrieveOwnershipDetails(resourceControl)
.then(function success(data) {
ctrl.authorizedUsers = data.authorizedUsers;
diff --git a/app/portainer/components/accessControlPanel/porAccessControlPanelModel.js b/app/portainer/components/accessControlPanel/porAccessControlPanelModel.js
new file mode 100644
index 000000000..0ad3e228b
--- /dev/null
+++ b/app/portainer/components/accessControlPanel/porAccessControlPanelModel.js
@@ -0,0 +1,7 @@
+import { ResourceControlOwnership } from 'Portainer/models/resourceControl/resourceControlOwnership';
+
+export function AccessControlPanelData() {
+ this.Ownership = ResourceControlOwnership.ADMINISTRATORS;
+ this.Ownership_Users = [];
+ this.Ownership_Teams = [];
+}
diff --git a/app/portainer/components/datatables/genericDatatableController.js b/app/portainer/components/datatables/genericDatatableController.js
index 7ba8d75ce..305e7bd36 100644
--- a/app/portainer/components/datatables/genericDatatableController.js
+++ b/app/portainer/components/datatables/genericDatatableController.js
@@ -1,5 +1,6 @@
import _ from 'lodash-es';
import './datatable.css';
+import { ResourceControlOwnership as RCO } from 'Portainer/models/resourceControl/resourceControlOwnership';
function isBetween(value, a, b) {
return (value >= a && value <= b) || (value >= b && value <= a) ;
@@ -9,6 +10,8 @@ angular.module('portainer.app')
.controller('GenericDatatableController', ['$interval', 'PaginationService', 'DatatableService', 'PAGINATION_MAX_ITEMS',
function ($interval, PaginationService, DatatableService, PAGINATION_MAX_ITEMS) {
+ this.RCO = RCO;
+
this.state = {
selectAll: false,
orderBy: this.orderBy,
diff --git a/app/portainer/components/datatables/stacks-datatable/stacksDatatable.html b/app/portainer/components/datatables/stacks-datatable/stacksDatatable.html
index 43f6104c6..281f344b6 100644
--- a/app/portainer/components/datatables/stacks-datatable/stacksDatatable.html
+++ b/app/portainer/components/datatables/stacks-datatable/stacksDatatable.html
@@ -109,7 +109,7 @@
|
- {{ item.ResourceControl.Ownership ? item.ResourceControl.Ownership : item.ResourceControl.Ownership = 'administrators' }}
+ {{ item.ResourceControl.Ownership ? item.ResourceControl.Ownership : item.ResourceControl.Ownership = $ctrl.RCO.ADMINISTRATORS }}
|
diff --git a/app/portainer/filters/filters.js b/app/portainer/filters/filters.js
index 00ec47107..313ea3925 100644
--- a/app/portainer/filters/filters.js
+++ b/app/portainer/filters/filters.js
@@ -2,6 +2,8 @@ import moment from 'moment';
import _ from 'lodash-es';
import filesize from 'filesize';
+import { ResourceControlOwnership as RCO } from 'Portainer/models/resourceControl/resourceControlOwnership';
+
angular.module('portainer.app')
.filter('truncate', function () {
'use strict';
@@ -145,11 +147,11 @@ angular.module('portainer.app')
'use strict';
return function (ownership) {
switch (ownership) {
- case 'private':
+ case RCO.PRIVATE:
return 'fa fa-eye-slash';
- case 'administrators':
+ case RCO.ADMINISTRATORS:
return 'fa fa-eye-slash';
- case 'restricted':
+ case RCO.RESTRICTED:
return 'fa fa-users';
default:
return 'fa fa-eye';
diff --git a/app/portainer/helpers/networkHelper.js b/app/portainer/helpers/networkHelper.js
new file mode 100644
index 000000000..f203f57a9
--- /dev/null
+++ b/app/portainer/helpers/networkHelper.js
@@ -0,0 +1,15 @@
+import _ from 'lodash-es';
+import angular from 'angular';
+
+class NetworkHelper {
+ constructor(PREDEFINED_NETWORKS) {
+ this.PREDEFINED_NETWORKS = PREDEFINED_NETWORKS;
+ }
+
+ isSystemNetwork(item) {
+ return _.includes(this.PREDEFINED_NETWORKS, item.Name);
+ }
+}
+
+export default NetworkHelper;
+angular.module('portainer.app').service('NetworkHelper', NetworkHelper);
diff --git a/app/portainer/helpers/resourceControlHelper.js b/app/portainer/helpers/resourceControlHelper.js
index 9791ff3f3..03100f085 100644
--- a/app/portainer/helpers/resourceControlHelper.js
+++ b/app/portainer/helpers/resourceControlHelper.js
@@ -1,44 +1,121 @@
import _ from 'lodash-es';
+import angular from 'angular';
+import { ResourceControlOwnership as RCO } from 'Portainer/models/resourceControl/resourceControlOwnership';
+import { ResourceControlOwnershipParameters } from '../models/resourceControl/resourceControlOwnershipParameters';
-angular.module('portainer.app')
-.factory('ResourceControlHelper', [function ResourceControlHelperFactory() {
- 'use strict';
- var helper = {};
+class ResourceControlHelper {
- helper.retrieveAuthorizedUsers = function(resourceControl, users) {
- var authorizedUsers = [];
- angular.forEach(resourceControl.UserAccesses, function(access) {
- var user = _.find(users, { Id: access.UserId });
+ /**
+ * Transform ResourceControlViewModel to ResourceControlOwnershipParameters
+ * @param {int} userId ID of User performing the action
+ * @param {ResourceControlViewModel} resourceControl ResourceControl view model
+ */
+ RCViewModelToOwnershipParameters(userId, resourceControl) {
+ if (!resourceControl) {
+ return new ResourceControlOwnershipParameters(true);
+ }
+ let adminOnly = false;
+ let publicOnly = false;
+ let users = [];
+ let teams = [];
+ switch (resourceControl.Ownership) {
+ case RCO.PUBLIC:
+ publicOnly = true;
+ break;
+ case RCO.PRIVATE:
+ users = [userId];
+ break;
+ case RCO.RESTRICTED:
+ users = _.map(resourceControl.UserAccesses, (user) => user.UserId);
+ teams = _.map(resourceControl.TeamAccesses, (team) => team.TeamId);
+ break;
+ default:
+ adminOnly = true;
+ break;
+ }
+ return new ResourceControlOwnershipParameters(adminOnly, publicOnly, users, teams);
+ }
+
+ /**
+ * Transform AccessControlFormData to ResourceControlOwnershipParameters
+ * @param {int} userId ID of user performing the operation
+ * @param {AccessControlFormData} formValues Form data (generated by AccessControlForm)
+ * @param {int[]} subResources Sub Resources restricted by the ResourceControl
+ */
+ RCFormDataToOwnershipParameters(userId, formValues, subResources=[]) {
+ if (!formValues.AccessControlEnabled) {
+ formValues.Ownership = RCO.PUBLIC;
+ }
+
+ let adminOnly = false;
+ let publicOnly = false;
+ let users = [];
+ let teams = [];
+ switch (formValues.Ownership) {
+ case RCO.PUBLIC:
+ publicOnly = true;
+ break;
+ case RCO.PRIVATE:
+ users.push(userId);
+ break;
+ case RCO.RESTRICTED:
+ users = _.map(formValues.AuthorizedUsers, (user) => user.Id);
+ teams = _.map(formValues.AuthorizedTeams, (team) => team.Id);
+ break;
+ default:
+ adminOnly = true;
+ break;
+ }
+ return new ResourceControlOwnershipParameters(adminOnly, publicOnly, users, teams, subResources);
+ }
+
+ /**
+ * Transform AccessControlPanelData to ResourceControlOwnershipParameters
+ * @param {AccessControlPanelData} formValues Form data (generated by AccessControlPanel)
+ */
+ RCPanelDataToOwnershipParameters(formValues) {
+ const adminOnly = formValues.Ownership === RCO.ADMINISTRATORS;
+ const publicOnly = formValues.Ownership === RCO.PUBLIC;
+ const userIds = publicOnly || adminOnly ? [] : _.map(formValues.Ownership_Users, (user) => user.Id);
+ const teamIds = publicOnly || adminOnly ? [] : _.map(formValues.Ownership_Teams, (team) => team.Id);
+
+ return new ResourceControlOwnershipParameters(adminOnly, publicOnly, userIds, teamIds);
+ }
+
+ retrieveAuthorizedUsers(resourceControl, users) {
+ const authorizedUsers = [];
+ _.forEach(resourceControl.UserAccesses, (access) => {
+ const user = _.find(users, { Id: access.UserId });
if (user) {
authorizedUsers.push(user);
}
});
return authorizedUsers;
- };
+ }
- helper.retrieveAuthorizedTeams = function(resourceControl, teams) {
- var authorizedTeams = [];
- angular.forEach(resourceControl.TeamAccesses, function(access) {
- var team = _.find(teams, { Id: access.TeamId });
+ retrieveAuthorizedTeams(resourceControl, teams) {
+ const authorizedTeams = [];
+ _.forEach(resourceControl.TeamAccesses, (access) => {
+ const team = _.find(teams, { Id: access.TeamId });
if (team) {
authorizedTeams.push(team);
}
});
return authorizedTeams;
- };
+ }
- helper.isLeaderOfAnyRestrictedTeams = function(userMemberships, resourceControl) {
- var isTeamLeader = false;
- for (var i = 0; i < userMemberships.length; i++) {
- var membership = userMemberships[i];
- var found = _.find(resourceControl.TeamAccesses, { TeamId :membership.TeamId });
+ isLeaderOfAnyRestrictedTeams(userMemberships, resourceControl) {
+ let isTeamLeader = false;
+ _.forEach(userMemberships, (membership) => {
+ const found = _.find(resourceControl.TeamAccesses, { TeamId: membership.TeamId });
if (found && membership.Role === 1) {
isTeamLeader = true;
- break;
+ return false;
}
- }
+ });
return isTeamLeader;
- };
+ }
+}
- return helper;
-}]);
+export default ResourceControlHelper;
+angular.module('portainer.app').service('ResourceControlHelper', ResourceControlHelper);
diff --git a/app/portainer/models/resourceControl.js b/app/portainer/models/resourceControl/resourceControl.js
similarity index 70%
rename from app/portainer/models/resourceControl.js
rename to app/portainer/models/resourceControl/resourceControl.js
index 40f9e576d..e6410bf33 100644
--- a/app/portainer/models/resourceControl.js
+++ b/app/portainer/models/resourceControl/resourceControl.js
@@ -1,3 +1,5 @@
+import { ResourceControlOwnership as RCO } from 'Portainer/models/resourceControl/resourceControlOwnership';
+
export function ResourceControlViewModel(data) {
this.Id = data.Id;
this.Type = data.Type;
@@ -5,17 +7,18 @@ export function ResourceControlViewModel(data) {
this.UserAccesses = data.UserAccesses;
this.TeamAccesses = data.TeamAccesses;
this.Public = data.Public;
+ this.System = data.System;
this.Ownership = determineOwnership(this);
}
function determineOwnership(resourceControl) {
if (resourceControl.Public) {
- return 'public';
+ return RCO.PUBLIC;
} else if (resourceControl.UserAccesses.length === 1 && resourceControl.TeamAccesses.length === 0) {
- return 'private';
+ return RCO.PRIVATE;
} else if (resourceControl.UserAccesses.length > 1 || resourceControl.TeamAccesses.length > 0) {
- return 'restricted';
+ return RCO.RESTRICTED;
} else {
- return 'administrators';
+ return RCO.ADMINISTRATORS;
}
}
diff --git a/app/portainer/models/resourceControl/resourceControlCreatePayload.js b/app/portainer/models/resourceControl/resourceControlCreatePayload.js
new file mode 100644
index 000000000..4e4825c4b
--- /dev/null
+++ b/app/portainer/models/resourceControl/resourceControlCreatePayload.js
@@ -0,0 +1,17 @@
+/**
+ * Payload for resourceControleCreate operation
+ * @param {string} resourceId ID of involved Resource
+ * @param {ResourceControlResourceType} resourceType Type of involved Resource
+ * @param {ResourceControlOwnershipParameters} data Transcient type from view data to payload
+ */
+export function ResourceControlCreatePayload(resourceId, resourceType, data) {
+ void data;
+
+ this.ResourceID = resourceId;
+ this.Type = resourceType;
+ this.Public = data.Public;
+ this.AdministratorsOnly = data.AdministratorsOnly;
+ this.Users = data.Users;
+ this.Teams = data.Teams;
+ this.SubResourceIDs = data.SubResourceIDs;
+}
diff --git a/app/portainer/models/resourceControl/resourceControlOwnership.js b/app/portainer/models/resourceControl/resourceControlOwnership.js
new file mode 100644
index 000000000..7dd25abbd
--- /dev/null
+++ b/app/portainer/models/resourceControl/resourceControlOwnership.js
@@ -0,0 +1,6 @@
+export const ResourceControlOwnership = Object.freeze({
+ PUBLIC: 'public',
+ PRIVATE: 'private',
+ RESTRICTED: 'restricted',
+ ADMINISTRATORS: 'administrators'
+});
\ No newline at end of file
diff --git a/app/portainer/models/resourceControl/resourceControlOwnershipParameters.js b/app/portainer/models/resourceControl/resourceControlOwnershipParameters.js
new file mode 100644
index 000000000..5ebabb355
--- /dev/null
+++ b/app/portainer/models/resourceControl/resourceControlOwnershipParameters.js
@@ -0,0 +1,15 @@
+/**
+ * Transcient type from view data to payload
+ * @param {bool} adminOnly is ResourceControl restricted to admin only
+ * @param {bool} publicOnly is ResourceControl exposed to public
+ * @param {[]int} users Authorized UserIDs array
+ * @param {[]int} teams Authorized TeamIDs array
+ * @param {[]int} subResources subResourceIDs array
+ */
+export function ResourceControlOwnershipParameters(adminOnly=false, publicOnly=false, users=[], teams=[], subResources=[]) {
+ this.AdministratorsOnly = adminOnly;
+ this.Public = publicOnly;
+ this.Users = users;
+ this.Teams = teams;
+ this.SubResourceIDs = subResources;
+}
\ No newline at end of file
diff --git a/app/portainer/models/resourceControl/resourceControlTypes.js b/app/portainer/models/resourceControl/resourceControlTypes.js
new file mode 100644
index 000000000..a92458a84
--- /dev/null
+++ b/app/portainer/models/resourceControl/resourceControlTypes.js
@@ -0,0 +1,22 @@
+export const ResourceControlTypeString = Object.freeze({
+ CONFIG: 'config',
+ CONTAINER: 'container',
+ NETWORK:'network',
+ SECRET:'secret',
+ SERVICE:'service',
+ STACK:'stack',
+ VOLUME:'volume'
+});
+
+/**
+ * ResourceType int defined in portainer.go as ResourceControlType
+ */
+export const ResourceControlTypeInt = Object.freeze({
+ CONTAINER: 1,
+ SERVICE: 2,
+ VOLUME: 3,
+ NETWORK: 4,
+ SECRET: 5,
+ STACK: 6,
+ CONFIG: 7
+});
diff --git a/app/portainer/models/resourceControl/resourceControlUpdatePayload.js b/app/portainer/models/resourceControl/resourceControlUpdatePayload.js
new file mode 100644
index 000000000..810ff2c31
--- /dev/null
+++ b/app/portainer/models/resourceControl/resourceControlUpdatePayload.js
@@ -0,0 +1,10 @@
+/**
+ * Payload for resourceControlUpdate operation
+ * @param {ResourceControlOwnershipParameters} data
+ */
+export function ResourceControlUpdatePayload(data) {
+ this.Public = data.Public;
+ this.AdministratorsOnly = data.AdministratorsOnly;
+ this.Users = data.Users;
+ this.Teams = data.Teams;
+}
\ No newline at end of file
diff --git a/app/portainer/models/stack.js b/app/portainer/models/stack.js
index 2e4a25baf..b21dc47b9 100644
--- a/app/portainer/models/stack.js
+++ b/app/portainer/models/stack.js
@@ -1,4 +1,4 @@
-import { ResourceControlViewModel } from '../../portainer/models/resourceControl';
+import { ResourceControlViewModel } from 'Portainer/models/resourceControl/resourceControl';
export function StackViewModel(data) {
this.Id = data.Id;
diff --git a/app/portainer/services/api/resourceControlService.js b/app/portainer/services/api/resourceControlService.js
index 0c3f85483..faf0c0e66 100644
--- a/app/portainer/services/api/resourceControlService.js
+++ b/app/portainer/services/api/resourceControlService.js
@@ -1,80 +1,108 @@
import _ from 'lodash-es';
angular.module('portainer.app')
-.factory('ResourceControlService', ['$q', 'ResourceControl', 'UserService', 'TeamService', 'ResourceControlHelper', function ResourceControlServiceFactory($q, ResourceControl, UserService, TeamService, ResourceControlHelper) {
+.factory('ResourceControlService', ['$q', 'ResourceControl', 'UserService', 'TeamService', 'ResourceControlHelper',
+ function ResourceControlServiceFactory($q, ResourceControl, UserService, TeamService, ResourceControlHelper) {
'use strict';
- var service = {};
+ const service = {};
- service.createResourceControl = function(publicOnly, userIDs, teamIDs, resourceID, type, subResourceIDs) {
+ service.duplicateResourceControl = duplicateResourceControl;
+ service.applyResourceControlChange = applyResourceControlChange;
+ service.applyResourceControl = applyResourceControl;
+ service.retrieveOwnershipDetails = retrieveOwnershipDetails;
+ service.retrieveUserPermissionsOnResource =retrieveUserPermissionsOnResource;
+
+ /**
+ * PRIVATE SECTION
+ */
+
+ /**
+ * Create a ResourceControl
+ * @param {ResourceControlTypeString} rcType Type of ResourceControl
+ * @param {string} rcID ID of involved resource
+ * @param {ResourceControlOwnershipParameters} ownershipParameters Transcient type from view data to payload
+ */
+ function createResourceControl(rcType, resourceID, ownershipParameters) {
var payload = {
- Type: type,
- Public: publicOnly,
+ Type: rcType,
+ Public: ownershipParameters.Public,
+ AdministratorsOnly: ownershipParameters.AdministratorsOnly,
ResourceID: resourceID,
- Users: userIDs,
- Teams: teamIDs,
- SubResourceIDs: subResourceIDs
+ Users: ownershipParameters.Users,
+ Teams: ownershipParameters.Teams,
+ SubResourceIds: ownershipParameters.SubResourceIDs
};
return ResourceControl.create({}, payload).$promise;
- };
+ }
- service.deleteResourceControl = function(rcID) {
- return ResourceControl.remove({id: rcID}).$promise;
- };
-
- service.updateResourceControl = function(publicOnly, userIDs, teamIDs, resourceControlId) {
- var payload = {
- Public: publicOnly,
- Users: userIDs,
- Teams: teamIDs
+ /**
+ * Update a ResourceControl
+ * @param {String} rcID ID of involved resource
+ * @param {ResourceControlOwnershipParameters} ownershipParameters Transcient type from view data to payload
+ */
+ function updateResourceControl(rcID, ownershipParameters) {
+ const payload = {
+ AdministratorsOnly: ownershipParameters.AdministratorsOnly,
+ Public: ownershipParameters.Public,
+ Users: ownershipParameters.Users,
+ Teams: ownershipParameters.Teams
};
- return ResourceControl.update({id: resourceControlId}, payload).$promise;
- };
- service.applyResourceControl = function(resourceControlType, resourceIdentifier, userId, accessControlData, subResources) {
- if (!accessControlData.AccessControlEnabled) {
- accessControlData.Ownership = 'public';
- }
+ return ResourceControl.update({id: rcID}, payload).$promise;
+ }
- var authorizedUserIds = [];
- var authorizedTeamIds = [];
- var publicOnly = false;
- switch (accessControlData.Ownership) {
- case 'public':
- publicOnly = true;
- break;
- case 'private':
- authorizedUserIds.push(userId);
- break;
- case 'restricted':
- angular.forEach(accessControlData.AuthorizedUsers, function(user) {
- authorizedUserIds.push(user.Id);
- });
- angular.forEach(accessControlData.AuthorizedTeams, function(team) {
- authorizedTeamIds.push(team.Id);
- });
- break;
- default:
- return;
- }
- return service.createResourceControl(publicOnly, authorizedUserIds,
- authorizedTeamIds, resourceIdentifier, resourceControlType, subResources);
- };
+ /**
+ * END PRIVATE SECTION
+ */
- service.applyResourceControlChange = function(resourceControlType, resourceId, resourceControl, ownershipParameters) {
+ /**
+ * PUBLIC SECTION
+ */
+
+ /**
+ * Apply a ResourceControl after Resource creation
+ * @param {int} userId ID of User performing the action
+ * @param {AccessControlFormData} accessControlData ResourceControl to apply
+ * @param {ResourceControlViewModel} resourceControl ResourceControl to update
+ * @param {[]int} subResources SubResources managed by the ResourceControl
+ */
+ function applyResourceControl(userId, accessControlData, resourceControl, subResources=[]) {
+ const ownershipParameters = ResourceControlHelper.RCFormDataToOwnershipParameters(userId, accessControlData, subResources);
+ return updateResourceControl(resourceControl.Id, ownershipParameters);
+ }
+
+ /**
+ * Duplicate an existing ResourceControl (default to AdministratorsOnly if undefined)
+ * @param {int} userId ID of User performing the action
+ * @param {ResourceControlViewModel} oldResourceControl ResourceControl to duplicate
+ * @param {ResourceControlViewModel} newResourceControl ResourceControl to apply duplication to
+ */
+ function duplicateResourceControl(userId, oldResourceControl, newResourceControl) {
+ const ownershipParameters = ResourceControlHelper.RCViewModelToOwnershipParameters(userId, oldResourceControl);
+ return updateResourceControl(newResourceControl.Id, ownershipParameters);
+ }
+
+ /**
+ * Update an existing ResourceControl or create a new one on existing resource without RC
+ * @param {ResourceControlTypeString} rcType Type of ResourceControl
+ * @param {String} resourceId ID of involved Resource
+ * @param {ResourceControlViewModel} resourceControl Previous ResourceControl (can be undefined)
+ * @param {AccessControlPanelData} formValues View data generated by AccessControlPanel
+ */
+ function applyResourceControlChange(rcType, resourceId, resourceControl, formValues) {
+ const ownershipParameters = ResourceControlHelper.RCPanelDataToOwnershipParameters(formValues);
if (resourceControl) {
- if (ownershipParameters.ownership === 'administrators') {
- return service.deleteResourceControl(resourceControl.Id);
- } else {
- return service.updateResourceControl(ownershipParameters.publicOnly, ownershipParameters.authorizedUserIds,
- ownershipParameters.authorizedTeamIds, resourceControl.Id);
- }
+ return updateResourceControl(resourceControl.Id, ownershipParameters);
} else {
- return service.createResourceControl(ownershipParameters.publicOnly, ownershipParameters.authorizedUserIds,
- ownershipParameters.authorizedTeamIds, resourceId, resourceControlType);
+ return createResourceControl(rcType, resourceId, ownershipParameters);
}
- };
+ }
- service.retrieveOwnershipDetails = function(resourceControl) {
+ /**
+ * Retrive users and team details for ResourceControlViewModel
+ * @param {ResourceControlViewModel} resourceControl ResourceControl view model
+ */
+ function retrieveOwnershipDetails(resourceControl) {
var deferred = $q.defer();
if (!resourceControl) {
@@ -96,9 +124,9 @@ angular.module('portainer.app')
});
return deferred.promise;
- };
+ }
- service.retrieveUserPermissionsOnResource = function(userID, isAdministrator, resourceControl) {
+ function retrieveUserPermissionsOnResource(userID, isAdministrator, resourceControl) {
var deferred = $q.defer();
if (!resourceControl || isAdministrator) {
@@ -123,7 +151,11 @@ angular.module('portainer.app')
}
return deferred.promise;
- };
+ }
+
+ /**
+ * END PUBLIC SECTION
+ */
return service;
}]);
diff --git a/app/portainer/services/api/stackService.js b/app/portainer/services/api/stackService.js
index 033a8ee49..c1fb848a3 100644
--- a/app/portainer/services/api/stackService.js
+++ b/app/portainer/services/api/stackService.js
@@ -208,11 +208,6 @@ function StackServiceFactory($q, Stack, ResourceControlService, FileUploadServic
var deferred = $q.defer();
Stack.remove({ id: stack.Id ? stack.Id : stack.Name, external: external, endpointId: endpointId }).$promise
- .then(function success() {
- if (stack.ResourceControl && stack.ResourceControl.Id) {
- return ResourceControlService.deleteResourceControl(stack.ResourceControl.Id);
- }
- })
.then(function success() {
deferred.resolve();
})
diff --git a/app/portainer/services/formValidator.js b/app/portainer/services/formValidator.js
index 6692bb914..cfe88c2a8 100644
--- a/app/portainer/services/formValidator.js
+++ b/app/portainer/services/formValidator.js
@@ -1,3 +1,5 @@
+import { ResourceControlOwnership as RCO } from 'Portainer/models/resourceControl/resourceControlOwnership';
+
angular.module('portainer.app')
.factory('FormValidator', [function FormValidatorFactory() {
'use strict';
@@ -9,11 +11,11 @@ angular.module('portainer.app')
return '';
}
- if (isAdmin && accessControlData.Ownership === 'restricted' &&
+ if (isAdmin && accessControlData.Ownership === RCO.RESTRICTED &&
accessControlData.AuthorizedUsers.length === 0 &&
accessControlData.AuthorizedTeams.length === 0) {
return 'You must specify at least one team or user.';
- } else if (!isAdmin && accessControlData.Ownership === 'restricted' &&
+ } else if (!isAdmin && accessControlData.Ownership === RCO.RESTRICTED &&
accessControlData.AuthorizedTeams.length === 0) {
return 'You must specify at least a team.';
}
diff --git a/app/portainer/views/stacks/create/createStackController.js b/app/portainer/views/stacks/create/createStackController.js
index 337edaf58..6b21b5115 100644
--- a/app/portainer/views/stacks/create/createStackController.js
+++ b/app/portainer/views/stacks/create/createStackController.js
@@ -98,7 +98,6 @@ function ($scope, $state, StackService, Authentication, Notifications, FormValid
var accessControlData = $scope.formValues.AccessControlData;
var userDetails = Authentication.getUserDetails();
var isAdmin = Authentication.isAdmin();
- var userId = userDetails.ID;
if (method === 'editor' && $scope.formValues.StackFileContent === '') {
$scope.state.formValidationError = 'Stack file content must not be empty';
@@ -116,8 +115,13 @@ function ($scope, $state, StackService, Authentication, Notifications, FormValid
}
$scope.state.actionInProgress = true;
action(name, method)
- .then(function success() {
- return ResourceControlService.applyResourceControl('stack', name, userId, accessControlData, []);
+ .then(function success(data) {
+ if (data.data) {
+ data = data.data;
+ }
+ const userId = userDetails.ID;
+ const resourceControl = data.ResourceControl;
+ return ResourceControlService.applyResourceControl(userId, accessControlData, resourceControl);
})
.then(function success() {
Notifications.success('Stack successfully deployed');
diff --git a/app/portainer/views/templates/templatesController.js b/app/portainer/views/templates/templatesController.js
index 31f3ad859..256fb2121 100644
--- a/app/portainer/views/templates/templatesController.js
+++ b/app/portainer/views/templates/templatesController.js
@@ -79,8 +79,8 @@ function ($scope, $q, $state, $transition$, $anchorScroll, ContainerService, Ima
return ContainerService.createAndStartContainer(templateConfiguration);
})
.then(function success(data) {
- var containerIdentifier = data.Id;
- return ResourceControlService.applyResourceControl('container', containerIdentifier, userId, accessControlData, generatedVolumeIds);
+ const resourceControl = data.Portainer.ResourceControl;
+ return ResourceControlService.applyResourceControl(userId, accessControlData, resourceControl, generatedVolumeIds);
})
.then(function success() {
Notifications.success('Container successfully created');
@@ -111,8 +111,9 @@ function ($scope, $q, $state, $transition$, $anchorScroll, ContainerService, Ima
var endpointId = EndpointProvider.endpointID();
StackService.createComposeStackFromGitRepository(stackName, repositoryOptions, template.Env, endpointId)
- .then(function success() {
- return ResourceControlService.applyResourceControl('stack', stackName, userId, accessControlData, []);
+ .then(function success(data) {
+ const resourceControl = data.Portainer.ResourceControl;
+ return ResourceControlService.applyResourceControl(userId, accessControlData, resourceControl);
})
.then(function success() {
Notifications.success('Stack successfully deployed');
@@ -148,8 +149,9 @@ function ($scope, $q, $state, $transition$, $anchorScroll, ContainerService, Ima
var endpointId = EndpointProvider.endpointID();
StackService.createSwarmStackFromGitRepository(stackName, repositoryOptions, env, endpointId)
- .then(function success() {
- return ResourceControlService.applyResourceControl('stack', stackName, userId, accessControlData, []);
+ .then(function success(data) {
+ const resourceControl = data.Portainer.ResourceControl;
+ return ResourceControlService.applyResourceControl(userId, accessControlData, resourceControl);
})
.then(function success() {
Notifications.success('Stack successfully deployed');
diff --git a/jsconfig.json b/jsconfig.json
new file mode 100644
index 000000000..e78006415
--- /dev/null
+++ b/jsconfig.json
@@ -0,0 +1,15 @@
+{
+ "compilerOptions": {
+ "target": "es2017",
+ "allowSyntheticDefaultImports": false,
+ "baseUrl": "app",
+ "paths": {
+ "Agent/*": ["agent/*"],
+ "Azure/*": ["azure/*"],
+ "Docker/*": ["docker/*"],
+ "Extensions/*": ["extensions/*"],
+ "Portainer/*": ["portainer/*"]
+ }
+ },
+ "exclude": ["api", "build", "dist", "distribution", "node_modules", "test", "webpack"]
+}
\ No newline at end of file