github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(docker): prevent non admins from passing security settings [EE-6765] (#11240)

pull/11260/head
Chaim Lev-Ari 2024-02-25 11:57:22 +02:00 committed by GitHub
parent 9ec7394124
commit c622f6da4e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/react/docker/containers/CreateView/CreateView.tsx
View File

@ -49,7 +49,9 @@ function CreateForm() {
const router = useRouter(); const router = useRouter();
const { trackEvent } = useAnalytics(); const { trackEvent } = useAnalytics();
const isAdminQuery = useIsEdgeAdmin(); const isAdminQuery = useIsEdgeAdmin();
const { authorized: isEnvironmentAdmin } = useIsEnvironmentAdmin(); const { authorized: isEnvironmentAdmin } = useIsEnvironmentAdmin({
adminOnlyCE: true,
});
const [isDockerhubRateLimited, setIsDockerhubRateLimited] = useState(false); const [isDockerhubRateLimited, setIsDockerhubRateLimited] = useState(false);
const mutation = useCreateOrReplaceMutation(); const mutation = useCreateOrReplaceMutation();

2
app/react/docker/containers/CreateView/InnerForm.tsx
View File

@ -41,7 +41,7 @@ export function InnerForm({
const environmentId = useEnvironmentId(); const environmentId = useEnvironmentId();
const [tab, setTab] = useState('commands'); const [tab, setTab] = useState('commands');
const apiVersion = useApiVersion(environmentId); const apiVersion = useApiVersion(environmentId);
const isEnvironmentAdminQuery = useIsEnvironmentAdmin(); const isEnvironmentAdminQuery = useIsEnvironmentAdmin({ adminOnlyCE: true });
const envQuery = useCurrentEnvironment(); const envQuery = useCurrentEnvironment();
if (!envQuery.data) { if (!envQuery.data) {

12
app/react/hooks/useUser.tsx
View File

@ -98,17 +98,17 @@ export function useAuthorizations(
params: { endpointId }, params: { endpointId },
} = useCurrentStateAndParams(); } = useCurrentStateAndParams();
const envQuery = useEnvironment(forceEnvironmentId || endpointId); const envQuery = useEnvironment(forceEnvironmentId || endpointId);
const isAdmin = useIsEdgeAdmin({ forceEnvironmentId }); const isAdminQuery = useIsEdgeAdmin({ forceEnvironmentId });
if (!user) { if (!user) {
return { authorized: false, isLoading: false }; return { authorized: false, isLoading: false };
} }
if (envQuery.isLoading) { if (envQuery.isLoading || isAdminQuery.isLoading) {
return { authorized: false, isLoading: true }; return { authorized: false, isLoading: true };
} }
if (isAdmin) { if (isAdminQuery.isAdmin) {
return { authorized: true, isLoading: false }; return { authorized: true, isLoading: false };
} }
@ -138,12 +138,18 @@ export function useIsEnvironmentAdmin({
/** /**
* will return true if the user has the authorizations. assumes the user is authenticated and not an admin * will return true if the user has the authorizations. assumes the user is authenticated and not an admin
*
* @private Please use `useAuthorizations` instead. Exported only for angular's authentication service app/portainer/services/authentication.js:154
*/ */
export function hasAuthorizations( export function hasAuthorizations(
user: User, user: User,
authorizations: string | string[], authorizations: string | string[],
environmentId?: EnvironmentId environmentId?: EnvironmentId
) { ) {
if (!isBE) {
return true;
}
const authorizationsArray = const authorizationsArray =
typeof authorizations === 'string' ? [authorizations] : authorizations; typeof authorizations === 'string' ? [authorizations] : authorizations;