* feat(settings): introduce settings to allow/disable
* feat(settings): update the setting
* feat(docker): prevent user from using caps if disabled
* refactor(stacks): revert file
* style(api): remove portainer ns
* feat(stacks): add a setting to disable the creation of stacks for non-admin users
* feat(settings): introduce a setting to prevent non-admin from stack creation
* feat(settings): update stack creation setting
* feat(settings): fail stack creation if user is non admin
* fix(settings): save preventStackCreation setting to state
* feat(stacks): disable add button when settings is enabled
* format(stacks): remove line
* feat(stacks): setting to hide stacks from users
* feat(settings): rename disable stacks setting
* refactor(settings): rename setting to disableStackManagementForRegularUsers
* feat(settings): hide stacks for non admin when settings is set
* refactor(settings): replace disableDeviceMapping with allow
* feat(dashboard): hide stacks if settings disabled and non admin
* refactor(sidebar): check if user is endpoint admin
* feat(settings): set the default value for stack management
* feat(settings): rename field label
* fix(sidebar): refresh show stacks state
* fix(docker): hide stacks when not admin
* feat(settings): add setting to disable device mapping for regular users
* feat(settings): introduce device mapping service
* feat(containers): hide devices field when setting is on
* feat(containers): prevent passing of devices when not allowed
* feat(stacks): prevent non admin from device mapping
* feat(stacks): disallow swarm stack creation for user
* refactor(settings): replace disableDeviceMapping with allow
* fix(stacks): remove check for disable device mappings from swarm
* feat(settings): rename field to disable
* feat(settings): supply default value for disableDeviceMapping
* feat(container): check for endpoint admin
* style(server): sort imports
* feat(containers): prevent non-admin users from running containers using the host namespace pid (#3970)
* feat(containers): Prevent non-admin users from running containers using the host namespace pid
* feat(containers): add rbac check for swarm stack too
* feat(containers): remove forgotten conflict
* feat(containers): init EnableHostNamespaceUse to true and return 403 on forbidden action
* feat(containers): change enableHostNamespaceUse to restrictHostNamespaceUse in html
* feat(settings): rename EnableHostNamespaceUse to AllowHostNamespaceForRegularUsers
* feat(database): trigger migration for AllowHostNamespace
* feat(containers): check container creation authorization
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
* feat(auth): introduce new timeout constant
* feat(auth): pass timeout from handler
* feat(auth): add timeout selector to auth settings view
* feat(settings): add user session timeout property
* feat(auth): load user session timeout from settings
* fix(settings): use correct time format
* feat(auth): remove no-auth flag
* refactor(auth): move timeout mgmt to jwt service
* refactor(client): remove no-auth checks from client
* refactor(cli): remove defaultNoAuth
* feat(settings): create settings with default user timeout value
* refactor(db): save user session timeout always
* refactor(jwt): return error
* feat(auth): set session timeout in jwt service on update
* feat(auth): add description and time settings
* feat(auth): parse duration
* feat(settings): validate user timeout format
* refactor(settings): remove unneccesary import
* refactor(tags): replace tags with tag ids
* refactor(tags): revert tags to be strings and add tagids
* refactor(tags): enable search by tag in home view
* refactor(tags): show endpoint tags
* refactor(endpoints): expect tagIds on create payload
* refactor(endpoints): expect tagIds on update payload
* refactor(endpoints): replace TagIds to TagIDs
* refactor(endpoints): set endpoint group to get TagIDs
* refactor(endpoints): refactor tag-selector to receive tag-ids
* refactor(endpoints): show tags in multi-endpoint-selector
* chore(tags): revert reformat
* refactor(endpoints): remove unneeded bind
* refactor(endpoints): change param tags to tagids in endpoint create
* refactor(endpoints): remove console.log
* refactor(tags): remove deleted tag from endpoint and endpoint group
* fix(endpoints): show loading label while loading tags
* chore(go): remove obsolete import labels
* chore(db): add db version comment
* fix(db): add tag service to migrator
* refactor(db): add error checks in migrator
* style(db): sort props in alphabetical order
* style(tags): fix typo
Co-Authored-By: Anthony Lapenna <anthony.lapenna@portainer.io>
* refactor(endpoints): replace tagsMap with tag string representation
* refactor(tags): rewrite tag delete to be more readable
* refactor(home): rearange code to match former style
* refactor(tags): guard against missing model in tag-selector
* refactor(tags): rename vars in tag_delete
* refactor(tags): allow any authenticated user to fetch tag list
* refactor(endpoints): replace controller function with class
* refactor(endpoints): replace function with helper
* refactor(endpoints): replace controller with class
* refactor(tags): revert tags-selector to use 1 way bindings
* refactor(endpoints): load empty tag array instead of nil
* refactor(endpoints): revert default tag ids
* refactor(endpoints): use function in place
* refactor(tags): use lodash
* style(tags): use parens in arrow functions
* fix(tags): remove tag from tag model
Co-authored-by: Anthony Lapenna <anthony.lapenna@portainer.io>
Chaim Lev-Ari