fix(api): fix missing default Portainer permissions for users

6 years ago · 4349f5803c
parent 407328f9ed
commit 4349f5803c
4 changed files with 68 additions and 0 deletions
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@ -627,6 +627,23 @@ func main() {
 				Username: "admin",
 				Role:     portainer.AdministratorRole,
 				Password: adminPasswordHash,
+				PortainerAuthorizations: map[portainer.Authorization]bool{
+					portainer.OperationPortainerDockerHubInspect:        true,
+					portainer.OperationPortainerEndpointGroupList:       true,
+					portainer.OperationPortainerEndpointList:            true,
+					portainer.OperationPortainerEndpointInspect:         true,
+					portainer.OperationPortainerEndpointExtensionAdd:    true,
+					portainer.OperationPortainerEndpointExtensionRemove: true,
+					portainer.OperationPortainerExtensionList:           true,
+					portainer.OperationPortainerMOTD:                    true,
+					portainer.OperationPortainerRegistryList:            true,
+					portainer.OperationPortainerRegistryInspect:         true,
+					portainer.OperationPortainerTeamList:                true,
+					portainer.OperationPortainerTemplateList:            true,
+					portainer.OperationPortainerTemplateInspect:         true,
+					portainer.OperationPortainerUserList:                true,
+					portainer.OperationPortainerUserMemberships:         true,
+				},
 			}
 			err := store.UserService.CreateUser(user)
 			if err != nil {
--- a/api/http/handler/auth/authenticate.go
+++ b/api/http/handler/auth/authenticate.go
@ -100,6 +100,23 @@ func (handler *Handler) authenticateLDAPAndCreateUser(w http.ResponseWriter, use
 	user := &portainer.User{
 		Username: username,
 		Role:     portainer.StandardUserRole,
+		PortainerAuthorizations: map[portainer.Authorization]bool{
+			portainer.OperationPortainerDockerHubInspect:        true,
+			portainer.OperationPortainerEndpointGroupList:       true,
+			portainer.OperationPortainerEndpointList:            true,
+			portainer.OperationPortainerEndpointInspect:         true,
+			portainer.OperationPortainerEndpointExtensionAdd:    true,
+			portainer.OperationPortainerEndpointExtensionRemove: true,
+			portainer.OperationPortainerExtensionList:           true,
+			portainer.OperationPortainerMOTD:                    true,
+			portainer.OperationPortainerRegistryList:            true,
+			portainer.OperationPortainerRegistryInspect:         true,
+			portainer.OperationPortainerTeamList:                true,
+			portainer.OperationPortainerTemplateList:            true,
+			portainer.OperationPortainerTemplateInspect:         true,
+			portainer.OperationPortainerUserList:                true,
+			portainer.OperationPortainerUserMemberships:         true,
+		},
 	}

 	err = handler.UserService.CreateUser(user)
--- a/api/http/handler/auth/authenticate_oauth.go
+++ b/api/http/handler/auth/authenticate_oauth.go
@ -113,6 +113,23 @@ func (handler *Handler) validateOAuth(w http.ResponseWriter, r *http.Request) *h
 		user = &portainer.User{
 			Username: username,
 			Role:     portainer.StandardUserRole,
+			PortainerAuthorizations: map[portainer.Authorization]bool{
+				portainer.OperationPortainerDockerHubInspect:        true,
+				portainer.OperationPortainerEndpointGroupList:       true,
+				portainer.OperationPortainerEndpointList:            true,
+				portainer.OperationPortainerEndpointInspect:         true,
+				portainer.OperationPortainerEndpointExtensionAdd:    true,
+				portainer.OperationPortainerEndpointExtensionRemove: true,
+				portainer.OperationPortainerExtensionList:           true,
+				portainer.OperationPortainerMOTD:                    true,
+				portainer.OperationPortainerRegistryList:            true,
+				portainer.OperationPortainerRegistryInspect:         true,
+				portainer.OperationPortainerTeamList:                true,
+				portainer.OperationPortainerTemplateList:            true,
+				portainer.OperationPortainerTemplateInspect:         true,
+				portainer.OperationPortainerUserList:                true,
+				portainer.OperationPortainerUserMemberships:         true,
+			},
 		}

 		err = handler.UserService.CreateUser(user)
--- a/api/http/handler/users/admin_init.go
+++ b/api/http/handler/users/admin_init.go
@ -45,6 +45,23 @@ func (handler *Handler) adminInit(w http.ResponseWriter, r *http.Request) *httpe
 	user := &portainer.User{
 		Username: payload.Username,
 		Role:     portainer.AdministratorRole,
+		PortainerAuthorizations: map[portainer.Authorization]bool{
+			portainer.OperationPortainerDockerHubInspect:        true,
+			portainer.OperationPortainerEndpointGroupList:       true,
+			portainer.OperationPortainerEndpointList:            true,
+			portainer.OperationPortainerEndpointInspect:         true,
+			portainer.OperationPortainerEndpointExtensionAdd:    true,
+			portainer.OperationPortainerEndpointExtensionRemove: true,
+			portainer.OperationPortainerExtensionList:           true,
+			portainer.OperationPortainerMOTD:                    true,
+			portainer.OperationPortainerRegistryList:            true,
+			portainer.OperationPortainerRegistryInspect:         true,
+			portainer.OperationPortainerTeamList:                true,
+			portainer.OperationPortainerTemplateList:            true,
+			portainer.OperationPortainerTemplateInspect:         true,
+			portainer.OperationPortainerUserList:                true,
+			portainer.OperationPortainerUserMemberships:         true,
+		},
 	}

 	user.Password, err = handler.CryptoService.Hash(payload.Password)