feat(ACI): EE-261 Add RBAC to ACI (#226)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
This commit is contained in:
@@ -287,6 +287,14 @@ func (m *Migrator) MigrateCE() error {
|
||||
}
|
||||
}
|
||||
|
||||
// Portainer EE-2.4.0
|
||||
if m.currentDBVersion < 30 {
|
||||
err := m.updateRbacRolesToDB30()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
log.Println("Update DB version to ", portainer.DBVersion)
|
||||
return m.versionService.StoreDBVersion(portainer.DBVersion)
|
||||
}
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
package migrator
|
||||
|
||||
import (
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/internal/authorization"
|
||||
)
|
||||
|
||||
func (m *Migrator) updateRbacRolesToDB30() error {
|
||||
defaultAuthorizationsOfRoles := map[portainer.RoleID]portainer.Authorizations{
|
||||
portainer.RoleIDEndpointAdmin: authorization.DefaultEndpointAuthorizationsForEndpointAdministratorRole(),
|
||||
portainer.RoleIDHelpdesk: authorization.DefaultEndpointAuthorizationsForHelpDeskRole(),
|
||||
portainer.RoleIDOperator: authorization.DefaultEndpointAuthorizationsForOperatorRole(),
|
||||
portainer.RoleIDStandardUser: authorization.DefaultEndpointAuthorizationsForStandardUserRole(),
|
||||
portainer.RoleIDReadonly: authorization.DefaultEndpointAuthorizationsForReadOnlyUserRole(),
|
||||
}
|
||||
|
||||
for roleID, defaultAuthorizations := range defaultAuthorizationsOfRoles {
|
||||
role, err := m.roleService.Role(roleID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
role.Authorizations = defaultAuthorizations
|
||||
|
||||
err = m.roleService.UpdateRole(role.ID, role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return m.authorizationService.UpdateUsersAuthorizations()
|
||||
}
|
||||
Reference in New Issue
Block a user