From b22cdb35595fdaf64f095c5e06502640c5bda43c Mon Sep 17 00:00:00 2001
From: Oscar Zhou <100548325+oscarzhou-portainer@users.noreply.github.com>
Date: Thu, 15 Dec 2022 21:27:18 +1300
Subject: [PATCH] fix(access/team): team member cannot change ownership to its
 own team  [EE-4423] (#8052)

---
 .../containers/create/createContainerController.js   | 12 ++++++++++--
 .../access-control/EditDetails/EditDetails.tsx       |  6 ++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/app/docker/views/containers/create/createContainerController.js b/app/docker/views/containers/create/createContainerController.js
index 47bed8e49..38fb33813 100644
--- a/app/docker/views/containers/create/createContainerController.js
+++ b/app/docker/views/containers/create/createContainerController.js
@@ -742,9 +742,17 @@ angular.module('portainer.docker').controller('CreateContainerController', [
       Container.get({ id: $transition$.params().from })
         .$promise.then(function success(d) {
           var fromContainer = new ContainerDetailsViewModel(d);
-          if (fromContainer.ResourceControl && fromContainer.ResourceControl.Public) {
-            $scope.formValues.AccessControlData.AccessControlEnabled = false;
+          if (fromContainer.ResourceControl) {
+            if (fromContainer.ResourceControl.Public) {
+              $scope.formValues.AccessControlData.AccessControlEnabled = false;
+            }
+
+            // When the container is create by duplicate/edit, the access permission
+            // shouldn't be copied
+            fromContainer.ResourceControl.UserAccesses = [];
+            fromContainer.ResourceControl.TeamAccesses = [];
           }
+
           $scope.fromContainer = fromContainer;
           $scope.state.mode = 'duplicate';
           $scope.config = ContainerHelper.configFromContainer(fromContainer.Model);
diff --git a/app/react/portainer/access-control/EditDetails/EditDetails.tsx b/app/react/portainer/access-control/EditDetails/EditDetails.tsx
index 0bb725286..1f9720953 100644
--- a/app/react/portainer/access-control/EditDetails/EditDetails.tsx
+++ b/app/react/portainer/access-control/EditDetails/EditDetails.tsx
@@ -109,6 +109,12 @@ export function EditDetails({
     if (ownership === ResourceControlOwnership.RESTRICTED) {
       authorizedUsers = [];
       authorizedTeams = [];
+      // Non admin team leaders/members under only one team can
+      // automatically grant the resource access to all members
+      // under the team
+      if (!isAdmin && teams && teams.length === 1) {
+        authorizedTeams = teams.map((team) => team.Id);
+      }
     }
 
     handleChange({ ownership, authorizedTeams, authorizedUsers });