feat(swarm): restrict access to the node details view to administrators only (#1204)

api/http/proxy/transport.go

@@ -66,6 +66,8 @@ func (p *proxyTransport) proxyDockerRequest(request *http.Request) (*http.Respon
 		return p.proxySecretRequest(request)
 	case strings.HasPrefix(path, "/swarm"):
 		return p.proxySwarmRequest(request)
+	case strings.HasPrefix(path, "/nodes"):
+		return p.proxyNodeRequest(request)
 	default:
 		return p.executeDockerRequest(request)
 	}
@@ -186,6 +188,17 @@ func (p *proxyTransport) proxySecretRequest(request *http.Request) (*http.Respon
 	}
 }
 
+func (p *proxyTransport) proxyNodeRequest(request *http.Request) (*http.Response, error) {
+	requestPath := request.URL.Path
+
+	// assume /nodes/{id}
+	if path.Base(requestPath) != "nodes" {
+		return p.administratorOperation(request)
+	}
+
+	return p.executeDockerRequest(request)
+}
+
 func (p *proxyTransport) proxySwarmRequest(request *http.Request) (*http.Response, error) {
 	return p.administratorOperation(request)
 }

app/components/swarm/swarm.html

@@ -223,7 +223,10 @@
           </thead>
           <tbody>
             <tr dir-paginate="node in (state.filteredNodes = (nodes | filter:state.filter | orderBy:sortType:sortReverse | itemsPerPage: state.pagination_count))">
-              <td><a ui-sref="node({id: node.Id})">{{ node.Hostname }}</a></td>
+              <td>
+                <a ui-sref="node({id: node.Id})" ng-if="isAdmin">{{ node.Hostname }}</a>
+                <span ng-if="!isAdmin">{{ node.Hostname }}</span>
+              </td>
               <td>{{ node.Role }}</td>
               <td>{{ node.CPUs / 1000000000 }}</td>
               <td>{{ node.Memory|humansize }}</td>

app/components/swarm/swarmController.js

@@ -1,6 +1,6 @@
 angular.module('swarm', [])
-.controller('SwarmController', ['$q', '$scope', 'SystemService', 'NodeService', 'Pagination', 'Notifications',
+.controller('SwarmController', ['$q', '$scope', 'SystemService', 'NodeService', 'Pagination', 'Notifications', 'StateManager', 'Authentication',
-function ($q, $scope, SystemService, NodeService, Pagination, Notifications) {
+function ($q, $scope, SystemService, NodeService, Pagination, Notifications, StateManager, Authentication) {
   $scope.state = {};
   $scope.state.pagination_count = Pagination.getPaginationCount('swarm_nodes');
   $scope.sortType = 'Spec.Role';
@@ -73,6 +73,13 @@ function ($q, $scope, SystemService, NodeService, Pagination, Notifications) {
 
   function initView() {
     $('#loadingViewSpinner').show();
+
+    if (StateManager.getState().application.authentication) {
+      var userDetails = Authentication.getUserDetails();
+      var isAdmin = userDetails.role === 1 ? true: false;
+      $scope.isAdmin = isAdmin;
+    }
+
     var provider = $scope.applicationState.endpoint.mode.provider;
     $q.all({
       version: SystemService.version(),