mirror of https://github.com/portainer/portainer
fix(service-details): prevent regular users from using bind mounts (#1778)
parent
eca39b11a8
commit
8d32703456
|
@ -14,7 +14,7 @@
|
|||
<table class="table" >
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Type</th>
|
||||
<th ng-if="isAdmin || allowBindMounts">Type</th>
|
||||
<th>Source</th>
|
||||
<th>Target</th>
|
||||
<th>Read only</th>
|
||||
|
@ -23,14 +23,17 @@
|
|||
</thead>
|
||||
<tbody>
|
||||
<tr ng-repeat="mount in service.ServiceMounts">
|
||||
<td>
|
||||
<td ng-if="isAdmin || allowBindMounts">
|
||||
<select name="mountType" class="form-control" ng-model="mount.Type" ng-disabled="isUpdating">
|
||||
<option value="volume">Volume</option>
|
||||
<option value="bind">Bind</option>
|
||||
</select>
|
||||
</td>
|
||||
<td>
|
||||
<input type="text" class="form-control" ng-model="mount.Source" placeholder="e.g. /tmp/portainer/data" ng-change="updateMount(service, mount)" ng-disabled="isUpdating">
|
||||
<select class="form-control" ng-model="mount.Source" ng-options="vol.Id|truncate:30 as vol.Id for vol in availableVolumes" ng-if="mount.Type === 'volume'">
|
||||
<option selected disabled hidden value="">Select a volume</option>
|
||||
</select>
|
||||
<input type="text" class="form-control" ng-model="mount.Source" placeholder="e.g. /tmp/portainer/data" ng-change="updateMount(service, mount)" ng-disabled="isUpdating || (!isAdmin && !allowBindMounts && mount.Type === 'bind')" ng-if="mount.Type === 'bind'">
|
||||
</td>
|
||||
<td>
|
||||
<input type="text" class="form-control" ng-model="mount.Target" placeholder="e.g. /tmp/portainer/data" ng-change="updateMount(service, mount)" ng-disabled="isUpdating">
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
angular.module('portainer.docker')
|
||||
.controller('ServiceController', ['$q', '$scope', '$transition$', '$state', '$location', '$timeout', '$anchorScroll', 'ServiceService', 'ConfigService', 'ConfigHelper', 'SecretService', 'ImageService', 'SecretHelper', 'Service', 'ServiceHelper', 'LabelHelper', 'TaskService', 'NodeService', 'Notifications', 'ModalService', 'PluginService',
|
||||
function ($q, $scope, $transition$, $state, $location, $timeout, $anchorScroll, ServiceService, ConfigService, ConfigHelper, SecretService, ImageService, SecretHelper, Service, ServiceHelper, LabelHelper, TaskService, NodeService, Notifications, ModalService, PluginService) {
|
||||
.controller('ServiceController', ['$q', '$scope', '$transition$', '$state', '$location', '$timeout', '$anchorScroll', 'ServiceService', 'ConfigService', 'ConfigHelper', 'SecretService', 'ImageService', 'SecretHelper', 'Service', 'ServiceHelper', 'LabelHelper', 'TaskService', 'NodeService', 'Notifications', 'ModalService', 'PluginService', 'Authentication', 'SettingsService', 'VolumeService',
|
||||
function ($q, $scope, $transition$, $state, $location, $timeout, $anchorScroll, ServiceService, ConfigService, ConfigHelper, SecretService, ImageService, SecretHelper, Service, ServiceHelper, LabelHelper, TaskService, NodeService, Notifications, ModalService, PluginService, Authentication, SettingsService, VolumeService) {
|
||||
|
||||
$scope.state = {
|
||||
updateInProgress: false,
|
||||
|
@ -423,12 +423,14 @@ function ($q, $scope, $transition$, $state, $location, $timeout, $anchorScroll,
|
|||
originalService = angular.copy(service);
|
||||
|
||||
return $q.all({
|
||||
volumes: VolumeService.volumes(),
|
||||
tasks: TaskService.tasks({ service: [service.Name] }),
|
||||
nodes: NodeService.nodes(),
|
||||
secrets: apiVersion >= 1.25 ? SecretService.secrets() : [],
|
||||
configs: apiVersion >= 1.30 ? ConfigService.configs() : [],
|
||||
availableImages: ImageService.images(),
|
||||
availableLoggingDrivers: PluginService.loggingPlugins(apiVersion < 1.25)
|
||||
availableLoggingDrivers: PluginService.loggingPlugins(apiVersion < 1.25),
|
||||
settings: SettingsService.publicSettings()
|
||||
});
|
||||
})
|
||||
.then(function success(data) {
|
||||
|
@ -438,6 +440,10 @@ function ($q, $scope, $transition$, $state, $location, $timeout, $anchorScroll,
|
|||
$scope.secrets = data.secrets;
|
||||
$scope.availableImages = ImageService.getUniqueTagListFromImages(data.availableImages);
|
||||
$scope.availableLoggingDrivers = data.availableLoggingDrivers;
|
||||
$scope.availableVolumes = data.volumes;
|
||||
$scope.allowBindMounts = data.settings.AllowBindMountsForRegularUsers;
|
||||
var userDetails = Authentication.getUserDetails();
|
||||
$scope.isAdmin = userDetails.role === 1;
|
||||
|
||||
// Set max cpu value
|
||||
var maxCpus = 0;
|
||||
|
|
Loading…
Reference in New Issue