|
|
@ -26,24 +26,23 @@ import (
|
|
|
|
// @failure 500 "Server error"
|
|
|
|
// @failure 500 "Server error"
|
|
|
|
// @router /users [get]
|
|
|
|
// @router /users [get]
|
|
|
|
func (handler *Handler) userList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
|
|
|
func (handler *Handler) userList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
|
|
|
users, err := handler.DataStore.User().ReadAll()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
return httperror.InternalServerError("Unable to retrieve users from the database", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
|
|
|
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return httperror.InternalServerError("Unable to retrieve info from request context", err)
|
|
|
|
return httperror.InternalServerError("Unable to retrieve info from request context", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
availableUsers := security.FilterUsers(users, securityContext)
|
|
|
|
if !securityContext.IsAdmin {
|
|
|
|
for i := range availableUsers {
|
|
|
|
return httperror.Forbidden("Permission denied to access users list", err)
|
|
|
|
hideFields(&availableUsers[i])
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
users, err := handler.DataStore.User().ReadAll()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
return httperror.InternalServerError("Unable to retrieve users from the database", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
endpointID, _ := request.RetrieveNumericQueryParameter(r, "environmentId", true)
|
|
|
|
endpointID, _ := request.RetrieveNumericQueryParameter(r, "environmentId", true)
|
|
|
|
if endpointID == 0 {
|
|
|
|
if endpointID == 0 {
|
|
|
|
return response.JSON(w, availableUsers)
|
|
|
|
return response.JSON(w, users)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// filter out users who do not have access to the specific endpoint
|
|
|
|
// filter out users who do not have access to the specific endpoint
|
|
|
@ -58,7 +57,7 @@ func (handler *Handler) userList(w http.ResponseWriter, r *http.Request) *httper
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
canAccessEndpoint := make([]portainer.User, 0)
|
|
|
|
canAccessEndpoint := make([]portainer.User, 0)
|
|
|
|
for _, user := range availableUsers {
|
|
|
|
for _, user := range users {
|
|
|
|
// the users who have the endpoint authorization
|
|
|
|
// the users who have the endpoint authorization
|
|
|
|
if _, ok := user.EndpointAuthorizations[endpoint.ID]; ok {
|
|
|
|
if _, ok := user.EndpointAuthorizations[endpoint.ID]; ok {
|
|
|
|
canAccessEndpoint = append(canAccessEndpoint, user)
|
|
|
|
canAccessEndpoint = append(canAccessEndpoint, user)
|
|
|
|