* feat(rbac): EE-226 Add a new RBAC "Operator" Role
* feat(rbac): EE-226 prioritize Operator after EndpointAdmin and before Helpdesk
* feat(rbac): EE-226 access viewer shows incorrect effective role after introduce of Operator
* feat(rbac): EE-226 show roles order by priority other than name
* feat(rbac): EE-226 remove OperationK8sVolumeDetailsW authorization from operator role
* feat(rbac): EE-226 always increase bucket next sequence when create a role
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(docker) EE-131 relocate the Docker features/security settings to be available per endpoint
* feat(docker) EE-131 allow endpoint admin role user to update endpoint settings
* feat(docker) EE-131 populate volume browsing authorizations to user endpoint authorizations when user toggle the setting of volume management for non-administrators
* feat(docker) EE-131 remove parameter volumeBrowsingAuthorizations from all DefaultEndpointAuthorizationsForxxx functions
* feat(docker) EE-131 fix a layout bug of the browse button
* feat(ACI): EE-273 move migrator of 27 into migrate_dbversion26.go
* feat(docker) EE-131 in container creation view, show the privileged mode toggle if cureent user is admin or endpoint admin
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(docker/stacks): add creation and update dates
* feat(docker/stacks): put ownership column as the last column
* feat(docker/stacks): fix the no stacks message
* refactor(docker/stacks): make external stacks helpers more readable
* feat(docker/stacks): add updated and created by
* feat(docker/stacks): toggle updated column
* refactor(datatable): create column visibility component
Co-authored-by: alice groux <alice.grx@gmail.com>
* feat(k8s/resource-pool): add storage quota create/edit
* feat(kubernetes): persistent volume claim size validation on app create/edit
* feat(k8s/volume): quota validation on volume expansion
* fix(k8s/application): remove resource limitation message when then is no resource limitation but volume quota
* style(k8s/application): remove HTML layout debug string
* feat(k8s/resource-pool): remove warning message on storage quota reduction
* fix(k8s/application): available size on storage quota is now properly computed on init
* fix(k8s/application): 'flagged for removal' bindings are not considered free space anymore
* feat(k8s/application): allow users to use existing available volumes when quotas are exhausted
* feat(k8s/resource-pool): storage quota usage bar in edit view
* fix(k8s/resource-pool): create RP enable quota by default
* refactor(k8s): move all volume related units to base 10 instead of base 2 (remive i suffix)
* fix(k8s/application): visual issues caused by latency in computation
* feat(k8s/resource-pool): allow standard users to see storage quota usage
* feat(k8s/volume): show max available size on volume expand
* style(k8s/application): exhausted storage quota message
* fix(k8s/application): remove persisted folders entries when selecting RP with all exhausted storage quotas and no available volumes
* style(k8s/application): file format after rebase
* fix(k8s/application): evaluate quota onInit for app edit
* chore(grunt): add prod watch grunt rule and config
* fix(k8s/application): display 'no storages' message on all restricted quotas
* refactor(k8s/volumes): unify volume parsing
* refactor(app): proper prod watch + enforce parseInt radix
* feat(templates): show templates link
* feat(templates): protect deploying of templates
* feat(templates): allow fetching of templates to any user
* feat(rbac): allow template file fetching
* refactor(rbac): move client extension code
* feat(app): remove checks for extension
* feat(rbac): remove checks for extensions
* feat(extensions): remove reference to rbac extensions
* feat(roles): add changes from codebase before removal of rbac
* refactor(security): remove rbac service
* refactor(security): use AdminAccess as an alias
* fix(access): rename policies type
* style(security): add comment about Aliasing AdminAccess to RestrictedAccess
* feat(bolt): add auth migration from ce to ee
* feat(stacks): use authorized access to stop/start stacks
* fix(bolt): supply right params to migrator
* feat(rbac): get authorization on client side
* fix(container): select runtime by default
* fix(network): set default network config
* fix(container): set default network container placeholder
* fix(services): default service mount
* feat(services): update services details view
* feat(services): Add the ability to edit a service networks
* feat(services): show ingress network
* refactor(services): use lodash
* feat(networks): disable sending when updating
* feat(networks): limit size of select
* feat(services): update networks only when network is new
* feat(services): prevent submitting of empty networks
* feat(services): show unique networks
* fix(service): use empty array default for networks
* feat(service): show only swarm networks
* feat(services): show placeholder for network
* feat(services): show spaced select box
* feat(services): show macvlan ip
* feat(service): fetch the network subnet
* feat(services): show empty ip when network is not connected
Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
* feat(containers): enforce disable bind mounts
* refactor(docker): move check for endpoint admin to a function
* feat(docker): check if service has bind mounts
* feat(services): allow bind mounts for endpoint admin
* feat(container): enable bind mounts for endpoint admin
* fix(services): fix typo
* feat(settings): add info about container edit disable
* feat(settings): set security settings
* feat(containers): hide recreate button when setting is enabled
* feat(settings): rephrase security notice
* fix(settings): save allowHostNamespaceForRegularUsers to state
* feat(settings): introduce settings to allow/disable
* feat(settings): update the setting
* feat(docker): prevent user from using caps if disabled
* refactor(stacks): revert file
* style(api): remove portainer ns
* feat(stacks): add a setting to disable the creation of stacks for non-admin users
* feat(settings): introduce a setting to prevent non-admin from stack creation
* feat(settings): update stack creation setting
* feat(settings): fail stack creation if user is non admin
* fix(settings): save preventStackCreation setting to state
* feat(stacks): disable add button when settings is enabled
* format(stacks): remove line
* feat(stacks): setting to hide stacks from users
* feat(settings): rename disable stacks setting
* refactor(settings): rename setting to disableStackManagementForRegularUsers
* feat(settings): hide stacks for non admin when settings is set
* refactor(settings): replace disableDeviceMapping with allow
* feat(dashboard): hide stacks if settings disabled and non admin
* refactor(sidebar): check if user is endpoint admin
* feat(settings): set the default value for stack management
* feat(settings): rename field label
* fix(sidebar): refresh show stacks state
* fix(docker): hide stacks when not admin
* feat(settings): add setting to disable device mapping for regular users
* feat(settings): introduce device mapping service
* feat(containers): hide devices field when setting is on
* feat(containers): prevent passing of devices when not allowed
* feat(stacks): prevent non admin from device mapping
* feat(stacks): disallow swarm stack creation for user
* refactor(settings): replace disableDeviceMapping with allow
* fix(stacks): remove check for disable device mappings from swarm
* feat(settings): rename field to disable
* feat(settings): supply default value for disableDeviceMapping
* feat(container): check for endpoint admin
* style(server): sort imports
* fix(datatables): persist state changes
* fix(datatables): persist order
* feat(sidebar): use local storage to store toggle toolbar
* feat(config): use local storage instead of cookies
* fix(app): use deps injection in router correctly
* feat(app): guard against using wrong endpoint type
* feat(sidebar): supply endpoint id
* feat(templates): move custom templates to docker
* feat(networks): Support multiple excluded IPs for MACVLAN networks
* feat(networks): add a generated name
* feat(networks): prevent create macvlan network where exclude ip is the same as gateway
* feat(networks): remove auxaddresses validation on submit
* feat(networks): check exclude ip validation on change
* feat(networks): check form validation on change
* feat(networks): clean checkAuxiliaryAddress function
* feat(custom-templates): introduce types
* feat(custom-templates): introduce data layer service
* feat(custom-templates): introduce http handler
* feat(custom-templates): create routes and view stubs
* feat(custom-templates): add create custom template ui
* feat(custom-templates): add json keys
* feat(custom-templates): introduce custom templates list page
* feat(custom-templates): introduce update page
* feat(stack): create template from stack
* feat(stacks): create stack from custom template
* feat(custom-templates): disable edit/delete of templates
* fix(custom-templates): fail update on non admin/owner
* fix(custom-templates): add ng-inject decorator
* chore(plop): revert template
* feat(stacks): remove actions column
* feat(stack): add button to create template from stack
* feat(stacks): add empty state for templates
* feat(custom-templates): show templates in a list
* feat(custom-template): replace table with list
* feat(custom-templates): move create template button
* refactor(custom-templates): introduce more fields
* feat(custom-templates): use stack type when creating template
* feat(custom-templates): use same type as stack
* feat(custom-templates): add edit and delete buttons to template item
* feat(custom-templates): customize stack before deploy
* feat(stack): show template details
* feat(custom-templates): move customize
* feat(custom-templates): create description required
* fix(template): show platform icon
* fix(custom-templates): show spinner when creating stack
* feat(custom-templates): prevent user from edit templates
* feat(custom-templates): use resource control for custom templates
* feat(custom-templates): show created templates
* feat(custom-templates): filter templates by stack type
* fix(custom-templates): create swarm or standalone stack
* feat(stacks): filter templates by type
* feat(resource-control): disable resource control on public
* feat(custom-template): apply access control on edit
* feat(custom-template): add form validation
* feat(stack): disable create custom template from external task
* refactor(custom-templates): create template from file and type
* feat(templates): introduce a file handler that returns template docker file
* feat(template): introduce template duplication
* feat(custom-template): enforce unique template name
* fix(template): rename copy button
* fix(custom-template): clear access control selection between templates
* fix(custom-templates): show required fields
* refactor(filesystem): use a constant for temp path