From 4349f5803c9836da2dae6bf1b8db3819195d3bcb Mon Sep 17 00:00:00 2001 From: Anthony Lapenna Date: Mon, 27 May 2019 09:31:20 +1200 Subject: [PATCH] fix(api): fix missing default Portainer permissions for users --- api/cmd/portainer/main.go | 17 +++++++++++++++++ api/http/handler/auth/authenticate.go | 17 +++++++++++++++++ api/http/handler/auth/authenticate_oauth.go | 17 +++++++++++++++++ api/http/handler/users/admin_init.go | 17 +++++++++++++++++ 4 files changed, 68 insertions(+) diff --git a/api/cmd/portainer/main.go b/api/cmd/portainer/main.go index ea39c358e..8b34fc070 100644 --- a/api/cmd/portainer/main.go +++ b/api/cmd/portainer/main.go @@ -627,6 +627,23 @@ func main() { Username: "admin", Role: portainer.AdministratorRole, Password: adminPasswordHash, + PortainerAuthorizations: map[portainer.Authorization]bool{ + portainer.OperationPortainerDockerHubInspect: true, + portainer.OperationPortainerEndpointGroupList: true, + portainer.OperationPortainerEndpointList: true, + portainer.OperationPortainerEndpointInspect: true, + portainer.OperationPortainerEndpointExtensionAdd: true, + portainer.OperationPortainerEndpointExtensionRemove: true, + portainer.OperationPortainerExtensionList: true, + portainer.OperationPortainerMOTD: true, + portainer.OperationPortainerRegistryList: true, + portainer.OperationPortainerRegistryInspect: true, + portainer.OperationPortainerTeamList: true, + portainer.OperationPortainerTemplateList: true, + portainer.OperationPortainerTemplateInspect: true, + portainer.OperationPortainerUserList: true, + portainer.OperationPortainerUserMemberships: true, + }, } err := store.UserService.CreateUser(user) if err != nil { diff --git a/api/http/handler/auth/authenticate.go b/api/http/handler/auth/authenticate.go index 6462b03ca..9acfd78e3 100644 --- a/api/http/handler/auth/authenticate.go +++ b/api/http/handler/auth/authenticate.go @@ -100,6 +100,23 @@ func (handler *Handler) authenticateLDAPAndCreateUser(w http.ResponseWriter, use user := &portainer.User{ Username: username, Role: portainer.StandardUserRole, + PortainerAuthorizations: map[portainer.Authorization]bool{ + portainer.OperationPortainerDockerHubInspect: true, + portainer.OperationPortainerEndpointGroupList: true, + portainer.OperationPortainerEndpointList: true, + portainer.OperationPortainerEndpointInspect: true, + portainer.OperationPortainerEndpointExtensionAdd: true, + portainer.OperationPortainerEndpointExtensionRemove: true, + portainer.OperationPortainerExtensionList: true, + portainer.OperationPortainerMOTD: true, + portainer.OperationPortainerRegistryList: true, + portainer.OperationPortainerRegistryInspect: true, + portainer.OperationPortainerTeamList: true, + portainer.OperationPortainerTemplateList: true, + portainer.OperationPortainerTemplateInspect: true, + portainer.OperationPortainerUserList: true, + portainer.OperationPortainerUserMemberships: true, + }, } err = handler.UserService.CreateUser(user) diff --git a/api/http/handler/auth/authenticate_oauth.go b/api/http/handler/auth/authenticate_oauth.go index 7144d01f3..b87a759e0 100644 --- a/api/http/handler/auth/authenticate_oauth.go +++ b/api/http/handler/auth/authenticate_oauth.go @@ -113,6 +113,23 @@ func (handler *Handler) validateOAuth(w http.ResponseWriter, r *http.Request) *h user = &portainer.User{ Username: username, Role: portainer.StandardUserRole, + PortainerAuthorizations: map[portainer.Authorization]bool{ + portainer.OperationPortainerDockerHubInspect: true, + portainer.OperationPortainerEndpointGroupList: true, + portainer.OperationPortainerEndpointList: true, + portainer.OperationPortainerEndpointInspect: true, + portainer.OperationPortainerEndpointExtensionAdd: true, + portainer.OperationPortainerEndpointExtensionRemove: true, + portainer.OperationPortainerExtensionList: true, + portainer.OperationPortainerMOTD: true, + portainer.OperationPortainerRegistryList: true, + portainer.OperationPortainerRegistryInspect: true, + portainer.OperationPortainerTeamList: true, + portainer.OperationPortainerTemplateList: true, + portainer.OperationPortainerTemplateInspect: true, + portainer.OperationPortainerUserList: true, + portainer.OperationPortainerUserMemberships: true, + }, } err = handler.UserService.CreateUser(user) diff --git a/api/http/handler/users/admin_init.go b/api/http/handler/users/admin_init.go index d18fc3c3b..044bc2876 100644 --- a/api/http/handler/users/admin_init.go +++ b/api/http/handler/users/admin_init.go @@ -45,6 +45,23 @@ func (handler *Handler) adminInit(w http.ResponseWriter, r *http.Request) *httpe user := &portainer.User{ Username: payload.Username, Role: portainer.AdministratorRole, + PortainerAuthorizations: map[portainer.Authorization]bool{ + portainer.OperationPortainerDockerHubInspect: true, + portainer.OperationPortainerEndpointGroupList: true, + portainer.OperationPortainerEndpointList: true, + portainer.OperationPortainerEndpointInspect: true, + portainer.OperationPortainerEndpointExtensionAdd: true, + portainer.OperationPortainerEndpointExtensionRemove: true, + portainer.OperationPortainerExtensionList: true, + portainer.OperationPortainerMOTD: true, + portainer.OperationPortainerRegistryList: true, + portainer.OperationPortainerRegistryInspect: true, + portainer.OperationPortainerTeamList: true, + portainer.OperationPortainerTemplateList: true, + portainer.OperationPortainerTemplateInspect: true, + portainer.OperationPortainerUserList: true, + portainer.OperationPortainerUserMemberships: true, + }, } user.Password, err = handler.CryptoService.Hash(payload.Password)