1c938516ee
* feat(docker) EE-131 relocate the Docker features/security settings to be available per endpoint * feat(docker) EE-131 allow endpoint admin role user to update endpoint settings * feat(docker) EE-131 populate volume browsing authorizations to user endpoint authorizations when user toggle the setting of volume management for non-administrators * feat(docker) EE-131 remove parameter volumeBrowsingAuthorizations from all DefaultEndpointAuthorizationsForxxx functions * feat(docker) EE-131 fix a layout bug of the browse button * feat(ACI): EE-273 move migrator of 27 into migrate_dbversion26.go * feat(docker) EE-131 in container creation view, show the privileged mode toggle if cureent user is admin or endpoint admin Co-authored-by: Simon Meng <simon.meng@portainer.io>
81 lines
2.2 KiB
Go
81 lines
2.2 KiB
Go
package migrator
|
|
|
|
import (
|
|
portainer "github.com/portainer/portainer/api"
|
|
"github.com/portainer/portainer/api/internal/authorization"
|
|
)
|
|
|
|
func (m *Migrator) updateResourceControlsToDBVersion22() error {
|
|
legacyResourceControls, err := m.resourceControlService.ResourceControls()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, resourceControl := range legacyResourceControls {
|
|
resourceControl.AdministratorsOnly = false
|
|
|
|
err := m.resourceControlService.UpdateResourceControl(resourceControl.ID, &resourceControl)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m *Migrator) updateUsersAndRolesToDBVersion22() error {
|
|
legacyUsers, err := m.userService.Users()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, user := range legacyUsers {
|
|
user.PortainerAuthorizations = authorization.DefaultPortainerAuthorizations()
|
|
err = m.userService.UpdateUser(user.ID, &user)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
endpointAdministratorRole, err := m.roleService.Role(portainer.RoleID(1))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
endpointAdministratorRole.Priority = 1
|
|
endpointAdministratorRole.Authorizations = authorization.DefaultEndpointAuthorizationsForEndpointAdministratorRole()
|
|
|
|
err = m.roleService.UpdateRole(endpointAdministratorRole.ID, endpointAdministratorRole)
|
|
|
|
helpDeskRole, err := m.roleService.Role(portainer.RoleID(2))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
helpDeskRole.Priority = 2
|
|
helpDeskRole.Authorizations = authorization.DefaultEndpointAuthorizationsForHelpDeskRole()
|
|
|
|
err = m.roleService.UpdateRole(helpDeskRole.ID, helpDeskRole)
|
|
|
|
standardUserRole, err := m.roleService.Role(portainer.RoleID(3))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
standardUserRole.Priority = 3
|
|
standardUserRole.Authorizations = authorization.DefaultEndpointAuthorizationsForStandardUserRole()
|
|
|
|
err = m.roleService.UpdateRole(standardUserRole.ID, standardUserRole)
|
|
|
|
readOnlyUserRole, err := m.roleService.Role(portainer.RoleID(4))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
readOnlyUserRole.Priority = 4
|
|
readOnlyUserRole.Authorizations = authorization.DefaultEndpointAuthorizationsForReadOnlyUserRole()
|
|
|
|
err = m.roleService.UpdateRole(readOnlyUserRole.ID, readOnlyUserRole)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return m.authorizationService.UpdateUsersAuthorizations()
|
|
}
|