From dd0fc6fab8f02adae2926073618426329f982a7c Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 19 Sep 2017 18:41:03 +0200
Subject: [PATCH] feat(swarm): restrict access to the node details view to
 administrators only (#1204)

---
 api/http/proxy/transport.go             | 13 +++++++++++++
 app/components/swarm/swarm.html         |  5 ++++-
 app/components/swarm/swarmController.js | 11 +++++++++--
 3 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/api/http/proxy/transport.go b/api/http/proxy/transport.go
index 35ee6cf2d..11d98c3d6 100644
--- a/api/http/proxy/transport.go
+++ b/api/http/proxy/transport.go
@@ -66,6 +66,8 @@ func (p *proxyTransport) proxyDockerRequest(request *http.Request) (*http.Respon
 		return p.proxySecretRequest(request)
 	case strings.HasPrefix(path, "/swarm"):
 		return p.proxySwarmRequest(request)
+	case strings.HasPrefix(path, "/nodes"):
+		return p.proxyNodeRequest(request)
 	default:
 		return p.executeDockerRequest(request)
 	}
@@ -186,6 +188,17 @@ func (p *proxyTransport) proxySecretRequest(request *http.Request) (*http.Respon
 	}
 }
 
+func (p *proxyTransport) proxyNodeRequest(request *http.Request) (*http.Response, error) {
+	requestPath := request.URL.Path
+
+	// assume /nodes/{id}
+	if path.Base(requestPath) != "nodes" {
+		return p.administratorOperation(request)
+	}
+
+	return p.executeDockerRequest(request)
+}
+
 func (p *proxyTransport) proxySwarmRequest(request *http.Request) (*http.Response, error) {
 	return p.administratorOperation(request)
 }
diff --git a/app/components/swarm/swarm.html b/app/components/swarm/swarm.html
index c585b0cb3..bb243ef32 100644
--- a/app/components/swarm/swarm.html
+++ b/app/components/swarm/swarm.html
@@ -223,7 +223,10 @@
           </thead>
           <tbody>
             <tr dir-paginate="node in (state.filteredNodes = (nodes | filter:state.filter | orderBy:sortType:sortReverse | itemsPerPage: state.pagination_count))">
-              <td><a ui-sref="node({id: node.Id})">{{ node.Hostname }}</a></td>
+              <td>
+                <a ui-sref="node({id: node.Id})" ng-if="isAdmin">{{ node.Hostname }}</a>
+                <span ng-if="!isAdmin">{{ node.Hostname }}</span>
+              </td>
               <td>{{ node.Role }}</td>
               <td>{{ node.CPUs / 1000000000 }}</td>
               <td>{{ node.Memory|humansize }}</td>
diff --git a/app/components/swarm/swarmController.js b/app/components/swarm/swarmController.js
index 99cdbf31c..131345df1 100644
--- a/app/components/swarm/swarmController.js
+++ b/app/components/swarm/swarmController.js
@@ -1,6 +1,6 @@
 angular.module('swarm', [])
-.controller('SwarmController', ['$q', '$scope', 'SystemService', 'NodeService', 'Pagination', 'Notifications',
-function ($q, $scope, SystemService, NodeService, Pagination, Notifications) {
+.controller('SwarmController', ['$q', '$scope', 'SystemService', 'NodeService', 'Pagination', 'Notifications', 'StateManager', 'Authentication',
+function ($q, $scope, SystemService, NodeService, Pagination, Notifications, StateManager, Authentication) {
   $scope.state = {};
   $scope.state.pagination_count = Pagination.getPaginationCount('swarm_nodes');
   $scope.sortType = 'Spec.Role';
@@ -73,6 +73,13 @@ function ($q, $scope, SystemService, NodeService, Pagination, Notifications) {
 
   function initView() {
     $('#loadingViewSpinner').show();
+
+    if (StateManager.getState().application.authentication) {
+      var userDetails = Authentication.getUserDetails();
+      var isAdmin = userDetails.role === 1 ? true: false;
+      $scope.isAdmin = isAdmin;
+    }
+
     var provider = $scope.applicationState.endpoint.mode.provider;
     $q.all({
       version: SystemService.version(),