mirror of https://github.com/portainer/portainer
118 lines
3.0 KiB
Go
118 lines
3.0 KiB
Go
package extensions
|
|
|
|
import (
|
|
portainer "github.com/portainer/portainer/api"
|
|
)
|
|
|
|
func updateUserAccessPolicyToReadOnlyRole(policies portainer.UserAccessPolicies, key portainer.UserID) {
|
|
tmp := policies[key]
|
|
tmp.RoleID = 4
|
|
policies[key] = tmp
|
|
}
|
|
|
|
func updateTeamAccessPolicyToReadOnlyRole(policies portainer.TeamAccessPolicies, key portainer.TeamID) {
|
|
tmp := policies[key]
|
|
tmp.RoleID = 4
|
|
policies[key] = tmp
|
|
}
|
|
|
|
func (handler *Handler) upgradeRBACData() error {
|
|
endpointGroups, err := handler.DataStore.EndpointGroup().EndpointGroups()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, endpointGroup := range endpointGroups {
|
|
for key := range endpointGroup.UserAccessPolicies {
|
|
updateUserAccessPolicyToReadOnlyRole(endpointGroup.UserAccessPolicies, key)
|
|
}
|
|
|
|
for key := range endpointGroup.TeamAccessPolicies {
|
|
updateTeamAccessPolicyToReadOnlyRole(endpointGroup.TeamAccessPolicies, key)
|
|
}
|
|
|
|
err := handler.DataStore.EndpointGroup().UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
endpoints, err := handler.DataStore.Endpoint().Endpoints()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, endpoint := range endpoints {
|
|
for key := range endpoint.UserAccessPolicies {
|
|
updateUserAccessPolicyToReadOnlyRole(endpoint.UserAccessPolicies, key)
|
|
}
|
|
|
|
for key := range endpoint.TeamAccessPolicies {
|
|
updateTeamAccessPolicyToReadOnlyRole(endpoint.TeamAccessPolicies, key)
|
|
}
|
|
|
|
err := handler.DataStore.Endpoint().UpdateEndpoint(endpoint.ID, &endpoint)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return handler.AuthorizationService.UpdateUsersAuthorizations()
|
|
}
|
|
|
|
func updateUserAccessPolicyToNoRole(policies portainer.UserAccessPolicies, key portainer.UserID) {
|
|
tmp := policies[key]
|
|
tmp.RoleID = 0
|
|
policies[key] = tmp
|
|
}
|
|
|
|
func updateTeamAccessPolicyToNoRole(policies portainer.TeamAccessPolicies, key portainer.TeamID) {
|
|
tmp := policies[key]
|
|
tmp.RoleID = 0
|
|
policies[key] = tmp
|
|
}
|
|
|
|
func (handler *Handler) downgradeRBACData() error {
|
|
endpointGroups, err := handler.DataStore.EndpointGroup().EndpointGroups()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, endpointGroup := range endpointGroups {
|
|
for key := range endpointGroup.UserAccessPolicies {
|
|
updateUserAccessPolicyToNoRole(endpointGroup.UserAccessPolicies, key)
|
|
}
|
|
|
|
for key := range endpointGroup.TeamAccessPolicies {
|
|
updateTeamAccessPolicyToNoRole(endpointGroup.TeamAccessPolicies, key)
|
|
}
|
|
|
|
err := handler.DataStore.EndpointGroup().UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
endpoints, err := handler.DataStore.Endpoint().Endpoints()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, endpoint := range endpoints {
|
|
for key := range endpoint.UserAccessPolicies {
|
|
updateUserAccessPolicyToNoRole(endpoint.UserAccessPolicies, key)
|
|
}
|
|
|
|
for key := range endpoint.TeamAccessPolicies {
|
|
updateTeamAccessPolicyToNoRole(endpoint.TeamAccessPolicies, key)
|
|
}
|
|
|
|
err := handler.DataStore.Endpoint().UpdateEndpoint(endpoint.ID, &endpoint)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return handler.AuthorizationService.UpdateUsersAuthorizations()
|
|
}
|