feat(swarm): restrict access to the node details view to administrators only (#1204)

7 years ago · dd0fc6fab8
parent 910136ee9b
commit dd0fc6fab8
3 changed files with 26 additions and 3 deletions
--- a/api/http/proxy/transport.go
+++ b/api/http/proxy/transport.go
@ -66,6 +66,8 @@ func (p *proxyTransport) proxyDockerRequest(request *http.Request) (*http.Respon
 		return p.proxySecretRequest(request)
 	case strings.HasPrefix(path, "/swarm"):
 		return p.proxySwarmRequest(request)
+	case strings.HasPrefix(path, "/nodes"):
+		return p.proxyNodeRequest(request)
 	default:
 		return p.executeDockerRequest(request)
 	}
@ -186,6 +188,17 @@ func (p *proxyTransport) proxySecretRequest(request *http.Request) (*http.Respon
 	}
 }

+func (p *proxyTransport) proxyNodeRequest(request *http.Request) (*http.Response, error) {
+	requestPath := request.URL.Path
+
+	// assume /nodes/{id}
+	if path.Base(requestPath) != "nodes" {
+		return p.administratorOperation(request)
+	}
+
+	return p.executeDockerRequest(request)
+}
+
 func (p *proxyTransport) proxySwarmRequest(request *http.Request) (*http.Response, error) {
 	return p.administratorOperation(request)
 }
--- a/app/components/swarm/swarm.html
+++ b/app/components/swarm/swarm.html
@ -223,7 +223,10 @@
          </thead>
          <tbody>
            <tr dir-paginate="node in (state.filteredNodes = (nodes | filter:state.filter | orderBy:sortType:sortReverse | itemsPerPage: state.pagination_count))">
-              <td><a ui-sref="node({id: node.Id})">{{ node.Hostname }}</a></td>
+              <td>
+                <a ui-sref="node({id: node.Id})" ng-if="isAdmin">{{ node.Hostname }}</a>
+                <span ng-if="!isAdmin">{{ node.Hostname }}</span>
+              </td>
              <td>{{ node.Role }}</td>
              <td>{{ node.CPUs / 1000000000 }}</td>
              <td>{{ node.Memory|humansize }}</td>
--- a/app/components/swarm/swarmController.js
+++ b/app/components/swarm/swarmController.js
@ -1,6 +1,6 @@
 angular.module('swarm', [])
-.controller('SwarmController', ['$q', '$scope', 'SystemService', 'NodeService', 'Pagination', 'Notifications',
-function ($q, $scope, SystemService, NodeService, Pagination, Notifications) {
+.controller('SwarmController', ['$q', '$scope', 'SystemService', 'NodeService', 'Pagination', 'Notifications', 'StateManager', 'Authentication',
+function ($q, $scope, SystemService, NodeService, Pagination, Notifications, StateManager, Authentication) {
  $scope.state = {};
  $scope.state.pagination_count = Pagination.getPaginationCount('swarm_nodes');
  $scope.sortType = 'Spec.Role';
@ -73,6 +73,13 @@ function ($q, $scope, SystemService, NodeService, Pagination, Notifications) {

  function initView() {
    $('#loadingViewSpinner').show();
+
+    if (StateManager.getState().application.authentication) {
+      var userDetails = Authentication.getUserDetails();
+      var isAdmin = userDetails.role === 1 ? true: false;
+      $scope.isAdmin = isAdmin;
+    }
+
    var provider = $scope.applicationState.endpoint.mode.provider;
    $q.all({
      version: SystemService.version(),