Anthony Lapenna
9dcd223134
feat(stacks): prevent external stack removal by a non-administrator user ( #3800 )
...
* fix(stacks): prevent external stacks removal by non admin
* feat(stacks): add RBAC checks for external stack removals
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
2020-05-13 15:37:35 +12:00
Anthony Lapenna
19d4db13be
feat(api): rewrite access control management in Docker ( #3337 )
...
* feat(api): decorate Docker resource creation response with resource control
* fix(api): fix a potential resource control conflict between stacks/volumes
* feat(api): generate a default private resource control instead of admin only
* fix(api): fix default RC value
* fix(api): update RC authorizations check to support admin only flag
* refactor(api): relocate access control related methods
* fix(api): fix a potential conflict when fetching RC from database
* refactor(api): refactor access control logic
* refactor(api): remove the concept of DecoratedStack
* feat(api): automatically remove RC when removing a Docker resource
* refactor(api): update filter resource methods documentation
* refactor(api): update proxy package structure
* refactor(api): renamed proxy/misc package
* feat(api): re-introduce ResourceControlDelete operation as admin restricted
* refactor(api): relocate default endpoint authorizations
* feat(api): migrate RBAC data
* feat(app): ResourceControl management refactor
* fix(api): fix access control issue on stack deletion and automatically delete RC
* fix(api): fix stack filtering
* fix(api): fix UpdateResourceControl operation checks
* refactor(api): introduce a NewTransport builder method
* refactor(api): inject endpoint in Docker transport
* refactor(api): introduce Docker client into Docker transport
* refactor(api): refactor http/proxy package
* feat(api): inspect a Docker resource labels during access control validation
* fix(api): only apply automatic resource control creation on success response
* fix(api): fix stack access control check
* fix(api): use StatusCreated instead of StatusOK for automatic resource control creation
* fix(app): resource control fixes
* fix(api): fix an issue preventing administrator to inspect a resource with a RC
* refactor(api): remove useless error return
* refactor(api): document DecorateStacks function
* fix(api): fix invalid resource control type for container deletion
* feat(api): support Docker system networks
* feat(api): update Swagger docs
* refactor(api): rename transport variable
* refactor(api): rename transport variable
* feat(networks): add system tag for system networks
* feat(api): add support for resource control labels
* feat(api): upgrade to DBVersion 22
* refactor(api): refactor access control management in Docker proxy
* refactor(api): re-implement docker proxy taskListOperation
* refactor(api): review parameters declaration
* refactor(api): remove extra blank line
* refactor(api): review method comments
* fix(api): fix invalid ServerAddress property and review method visibility
* feat(api): update error message
* feat(api): update restrictedVolumeBrowserOperation method
* refactor(api): refactor method parameters
* refactor(api): minor refactor
* refactor(api): change Azure transport visibility
* refactor(api): update struct documentation
* refactor(api): update struct documentation
* feat(api): review restrictedResourceOperation method
* refactor(api): remove unused authorization methods
* feat(api): apply RBAC when enabled on stack operations
* fix(api): fix invalid data migration procedure for DBVersion = 22
* fix(app): RC duplicate on private resource
* feat(api): change Docker API version logic for libcompose/client factory
* fix(api): update access denied error message to be Docker API compliant
* fix(api): update volume browsing authorizations data migration
* fix(api): fix an issue with access control in multi-node agent Swarm cluster
2019-11-13 12:41:42 +13:00
Anthony Lapenna
8057aa45c4
feat(extensions): introduce RBAC extension ( #2900 )
2019-05-24 18:04:58 +12:00
Anthony Lapenna
14845a4a53
refactor(api): refactor base import path ( #2788 )
...
* refactor(api): refactor base import path
* fix(build-system): update build_binary_devops
* fix(build-system): fix build_binary_devops for linux
* fix(build-system): fix build_binary_devops for Windows
2019-03-21 14:20:14 +13:00
Anthony Lapenna
b24891a6bc
refactor(api): introduce libhttp usage ( #2263 )
2018-09-10 12:01:38 +02:00
Ricardo Cardona Ramirez
e1e263d8c8
feat(UAC): change default ownership to admininstrators ( #2137 )
...
* #960 feat(UAC): change ownership to admins for externally created ressources
* feat(UAC): change ownership to admins for externally created resources
Deprecated AdministratorsOnly js and go backend
* #960 feat(UAC): remove AdministratorsOnly property and minor GUI fixes
Update swagger definition changing AdministratorsOnly to Public
* #960 feat(UAC): fix create resource with access control data
* #960 feat(UAC): authorization of non-admin users for restricted operations
On stacks, containers networks, services , tasks and volumes.
* #960 feat(UAC): database migration to version 14
The administrator resources are deleted and Public resources are now managed by admins
* #960 feat(UAC): small fixes from PR #2137
* #960 feat(UAC): improve the readability of the source code
* feat(UAC) fix displayed ownership for Swarm related resources (#960 )
2018-08-19 07:57:28 +02:00
Anthony Lapenna
ea7615d71c
refactor(api): remove log statement
2018-07-22 20:51:43 +02:00
Anthony Lapenna
509e3fa795
fix(api): fix an issue with optional numeric query parameter parsing
2018-07-20 16:11:45 +02:00
Anthony Lapenna
d7ff14777f
refactor(api): restructure bolt package ( #1981 )
...
* refactor(api): bolt package refactor
* refactor(api): refactor bolt package
2018-06-19 13:15:10 +02:00
Anthony Lapenna
b4c2820ad7
refactor(api): use a standard stack identifier ( #1980 )
2018-06-18 12:07:56 +02:00
Anthony Lapenna
da5a430b8c
fix(api): add an authenticated access policy to the websocket endpoint ( #1979 )
...
* fix(api): add an authenticated access policy to the websocket endpoint
* refactor(api): centralize EndpointAccess validation
* feat(api): validate id query parameter for the /websocket/exec endpoint
2018-06-18 11:56:31 +02:00
Anthony Lapenna
e1345416b4
feat(stacks): migrate stack data from previous portainer version
2018-06-15 18:14:01 +03:00
Anthony Lapenna
e3d564325b
feat(stacks): support compose v2.0 stack ( #1963 )
2018-06-11 15:13:19 +02:00