* feat(settings): add info about container edit disable
* feat(settings): set security settings
* feat(containers): hide recreate button when setting is enabled
* feat(settings): rephrase security notice
* fix(settings): save allowHostNamespaceForRegularUsers to state
* feat(settings): introduce settings to allow/disable
* feat(settings): update the setting
* feat(docker): prevent user from using caps if disabled
* refactor(stacks): revert file
* style(api): remove portainer ns
* feat(stacks): add a setting to disable the creation of stacks for non-admin users
* feat(settings): introduce a setting to prevent non-admin from stack creation
* feat(settings): update stack creation setting
* feat(settings): fail stack creation if user is non admin
* fix(settings): save preventStackCreation setting to state
* feat(stacks): disable add button when settings is enabled
* format(stacks): remove line
* feat(stacks): setting to hide stacks from users
* feat(settings): rename disable stacks setting
* refactor(settings): rename setting to disableStackManagementForRegularUsers
* feat(settings): hide stacks for non admin when settings is set
* refactor(settings): replace disableDeviceMapping with allow
* feat(dashboard): hide stacks if settings disabled and non admin
* refactor(sidebar): check if user is endpoint admin
* feat(settings): set the default value for stack management
* feat(settings): rename field label
* fix(sidebar): refresh show stacks state
* fix(docker): hide stacks when not admin
* feat(settings): add setting to disable device mapping for regular users
* feat(settings): introduce device mapping service
* feat(containers): hide devices field when setting is on
* feat(containers): prevent passing of devices when not allowed
* feat(stacks): prevent non admin from device mapping
* feat(stacks): disallow swarm stack creation for user
* refactor(settings): replace disableDeviceMapping with allow
* fix(stacks): remove check for disable device mappings from swarm
* feat(settings): rename field to disable
* feat(settings): supply default value for disableDeviceMapping
* feat(container): check for endpoint admin
* style(server): sort imports
* feat(containers): prevent non-admin users from running containers using the host namespace pid (#3970)
* feat(containers): Prevent non-admin users from running containers using the host namespace pid
* feat(containers): add rbac check for swarm stack too
* feat(containers): remove forgotten conflict
* feat(containers): init EnableHostNamespaceUse to true and return 403 on forbidden action
* feat(containers): change enableHostNamespaceUse to restrictHostNamespaceUse in html
* feat(settings): rename EnableHostNamespaceUse to AllowHostNamespaceForRegularUsers
* feat(database): trigger migration for AllowHostNamespace
* feat(containers): check container creation authorization
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
* refactor(agent): replace root with index
* refactor(agent): use simple export
* refactor(agent): replace function with class
* refactor(agent): replace promise with async
* feat(containers): Ensure users cannot create privileged containers via the API
* feat(containers): add rbac check in stack creation
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
* fix(datatables): persist state changes
* fix(datatables): persist order
* feat(sidebar): use local storage to store toggle toolbar
* feat(config): use local storage instead of cookies
* refactor(agent): rename files
* refactor(agent): replace controller with regular export
* refactor(agent): replace function with class
* refactor(agent): replace promise with async
* refactor(agent): rename main file
* feat(aci): show basic details
* feat(aci): style container details page
* fix(aci): fix container ip
* feat(aci): provide functions to get single aci resource
* feat(aci): show readable data
* feat(aci): style container instance
* fix(app): use deps injection in router correctly
* feat(app): guard against using wrong endpoint type
* feat(sidebar): supply endpoint id
* feat(templates): move custom templates to docker
* fix(aci): show error failing container creation
* feat(aci): load network profile list
* feat(aci): allow selection of network profile
* feat(aci): remove public ip toggle
* feat(aci): auto deploy container with public ip
* fix(aci): revert changes
* feat(cluster): Show the cluster leader
* feat(cluster): Restrict leader label only to admin users
* feat(kubernetes): minor UI update
* feat(endpoint): move all KubernetesEndpoint related code to a single endpoint sub-folder and change few things
* fix(k8s/cluster): fix conflict leftover
* feat(k8s/cluster): review component leader UX
* refactor(k8s/node): remove useless call to endpoints
* refactor(k8s/endpoint): relocate variable declaration
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(logs): Add the ability to download application/stack logs
* feat(kubernetes): minor UI update
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(kubernetes): add ingress details
* fix(kubernetes): fix broken ingress generated links + ignore IP retrieval/display info on missing LB ingress ip
* refactor(kubernetes): each ingress rule in apps port mappings has now its own row
* feat(kubernetes): remove protocol column and concat it to container port
* feat(kubernetes): edit display of ingress rules in application details
* feat(kubernetes): minor UI update
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(kubernetes): Prevent deployment/edition of resources inside a system namespace
* feat(kubernetes): minor UI update
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>