From e1df46b92bdd1fbe6b88a8d10b740f2c525367f2 Mon Sep 17 00:00:00 2001 From: Prabhat Khera <91852476+prabhat-org@users.noreply.github.com> Date: Wed, 6 Apr 2022 09:07:51 +1200 Subject: [PATCH] add missed migration for DB version 36 (#6678) --- api/datastore/migrator/migrate_ce.go | 6 ++++ api/datastore/migrator/migrate_dbversion35.go | 36 +++++++++++++++++++ api/internal/authorization/authorizations.go | 3 ++ api/portainer.go | 3 ++ 4 files changed, 48 insertions(+) create mode 100644 api/datastore/migrator/migrate_dbversion35.go diff --git a/api/datastore/migrator/migrate_ce.go b/api/datastore/migrator/migrate_ce.go index 9052b4f4d..3684439c5 100644 --- a/api/datastore/migrator/migrate_ce.go +++ b/api/datastore/migrator/migrate_ce.go @@ -183,6 +183,12 @@ func (m *Migrator) Migrate() error { } } + if m.currentDBVersion < 36 { + migrateLog.Info("Migrating to DB 36") + if err := m.migrateDBVersionToDB36(); err != nil { + return migrationError(err, "migrateDBVersionToDB36") + } + } err = m.versionService.StoreDBVersion(portainer.DBVersion) if err != nil { return migrationError(err, "StoreDBVersion") diff --git a/api/datastore/migrator/migrate_dbversion35.go b/api/datastore/migrator/migrate_dbversion35.go new file mode 100644 index 000000000..688cd971e --- /dev/null +++ b/api/datastore/migrator/migrate_dbversion35.go @@ -0,0 +1,36 @@ +package migrator + +import ( + portainer "github.com/portainer/portainer/api" + "github.com/portainer/portainer/api/internal/authorization" +) + +func (m *Migrator) migrateDBVersionToDB36() error { + migrateLog.Info("Updating user authorizations") + if err := m.migrateUsersToDB36(); err != nil { + return err + } + + return nil +} + +func (m *Migrator) migrateUsersToDB36() error { + users, err := m.userService.Users() + if err != nil { + return err + } + + for _, user := range users { + currentAuthorizations := authorization.DefaultPortainerAuthorizations() + currentAuthorizations[portainer.OperationPortainerUserListToken] = true + currentAuthorizations[portainer.OperationPortainerUserCreateToken] = true + currentAuthorizations[portainer.OperationPortainerUserRevokeToken] = true + user.PortainerAuthorizations = currentAuthorizations + err = m.userService.UpdateUser(user.ID, &user) + if err != nil { + return err + } + } + + return nil +} diff --git a/api/internal/authorization/authorizations.go b/api/internal/authorization/authorizations.go index 816cf7912..47e52e162 100644 --- a/api/internal/authorization/authorizations.go +++ b/api/internal/authorization/authorizations.go @@ -424,6 +424,9 @@ func DefaultPortainerAuthorizations() portainer.Authorizations { portainer.OperationPortainerUserList: true, portainer.OperationPortainerUserInspect: true, portainer.OperationPortainerUserMemberships: true, + portainer.OperationPortainerUserListToken: true, + portainer.OperationPortainerUserCreateToken: true, + portainer.OperationPortainerUserRevokeToken: true, } } diff --git a/api/portainer.go b/api/portainer.go index 1e5dcc76d..12e7da6eb 100644 --- a/api/portainer.go +++ b/api/portainer.go @@ -1792,6 +1792,9 @@ const ( OperationPortainerUserInspect Authorization = "PortainerUserInspect" OperationPortainerUserMemberships Authorization = "PortainerUserMemberships" OperationPortainerUserCreate Authorization = "PortainerUserCreate" + OperationPortainerUserListToken Authorization = "PortainerUserListToken" + OperationPortainerUserCreateToken Authorization = "PortainerUserCreateToken" + OperationPortainerUserRevokeToken Authorization = "PortainerUserRevokeToken" OperationPortainerUserUpdate Authorization = "PortainerUserUpdate" OperationPortainerUserUpdatePassword Authorization = "PortainerUserUpdatePassword" OperationPortainerUserDelete Authorization = "PortainerUserDelete"