deblan-mirror/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2026-03-14 14:25:52 +01:00
Code Issues Projects Releases Packages Wiki Activity

WebAdmin and REST API: remove too granular permissions

Browse source 
Our permissions system for admin users is too granular and some
permissions overlap. For example, you can define an administrator
with the "manage_system" permission and not with the "manage_admins"
or "manage_user" permission, but the "manage_system" permission
allows you to restore a backup and then create users and
administrators. The following permissions will be removed:
"manage_admins", "manage_apikeys", "manage_system", "retention_checks",
"manage_event_rules", "manage_roles", "manage_ip_lists". Now you
need to add the "*" permission to replace the removed granular
permissions because the removed permissions allow actions that
should only be allowed to super administrators.
There is no point in having separate, overlapping permissions.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2024-11-10 10:35:23 +01:00
commit 3dd412f6e3
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
15 changed files with 127 additions and 162 deletions
Download patch file Download diff file Expand all files Collapse all files

6
templates/webadmin/admins.html
View file

@ -90,7 +90,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
</label>
</div>
</div>
{{- if .LoggedUser.HasPermission "manage_admins"}}
{{- if .LoggedUser.HasPermission "*"}}
<a href="{{.AdminURL}}" class="btn btn-primary ms-5">
<i class="ki-duotone ki-plus fs-2"></i>
<span data-i18n="general.add">Add</span>
@ -367,7 +367,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
<i class="ki-duotone ki-down fs-5 ms-1 rotate-180"></i>
</button>
<div class="menu menu-sub menu-sub-dropdown menu-column menu-rounded menu-gray-700 menu-state-bg-light-primary fw-semibold fs-6 w-200px py-4" data-kt-menu="true">`;
//{{- if .LoggedUser.HasPermission "manage_admins"}}
//{{- if .LoggedUser.HasPermission "*"}}
numActions++;
actions+=`<div class="menu-item px-3">
<a data-i18n="general.edit" href="#" class="menu-link px-3" data-table-action="edit_row">Edit</a>
@ -381,7 +381,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
</div>`;
}
//{{- end}}
//{{- if .LoggedUser.HasPermission "manage_admins"}}
//{{- if .LoggedUser.HasPermission "*"}}
if (username != row.username){
numActions++;
actions+=`<div class="menu-item px-3">

16
templates/webadmin/base.html
View file

@ -126,7 +126,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
</a>
</div>
{{- end}}
{{ if .LoggedUser.HasPermission "manage_event_rules"}}
{{ if .LoggedUser.HasPermission "*"}}
<div data-kt-menu-trigger="click" class="menu-item menu-accordion {{- if .IsEventManagerPage}} here show{{- end}}">
<span class="menu-link">
<span class="menu-icon">
@ -158,7 +158,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
</div>
</div>
{{- end}}
{{- if or (.LoggedUser.HasPermission "manage_ip_lists") (and .HasDefender (.LoggedUser.HasPermission "view_defender"))}}
{{- if or (.LoggedUser.HasPermission "*") (and .HasDefender (.LoggedUser.HasPermission "view_defender"))}}
<div data-kt-menu-trigger="click" class="menu-item menu-accordion {{- if .IsIPManagerPage}} here show{{- end}}">
<span class="menu-link">
<span class="menu-icon">
@ -168,7 +168,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
<span class="menu-arrow"></span>
</span>
<div class="menu-sub menu-sub-accordion">
{{- if .LoggedUser.HasPermission "manage_ip_lists"}}
{{- if .LoggedUser.HasPermission "*"}}
<div class="menu-item">
<a class="menu-link {{- if eq .CurrentURL .IPListsURL}} active{{- end}}" href="{{.IPListsURL}}">
<span class="menu-bullet">
@ -191,7 +191,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
</div>
</div>
{{- end}}
{{- if or (.LoggedUser.HasPermission "manage_system") (.LoggedUser.HasPermission "view_status") (and .HasSearcher (.LoggedUser.HasPermission "view_events"))}}
{{- if or (.LoggedUser.HasPermission "*") (.LoggedUser.HasPermission "view_status") (and .HasSearcher (.LoggedUser.HasPermission "view_events"))}}
<div data-kt-menu-trigger="click" class="menu-item menu-accordion {{- if .IsServerManagerPage}} here show{{- end}}">
<span class="menu-link">
<span class="menu-icon">
@ -207,7 +207,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
<span class="menu-arrow"></span>
</span>
<div class="menu-sub menu-sub-accordion">
{{- if .LoggedUser.HasPermission "manage_system"}}
{{- if .LoggedUser.HasPermission "*"}}
<div class="menu-item">
<a class="menu-link {{- if eq .CurrentURL .ConfigsURL}} active{{- end}}" href="{{.ConfigsURL}}">
<span class="menu-bullet">
@ -227,7 +227,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
</a>
</div>
{{- end}}
{{- if .LoggedUser.HasPermission "manage_system"}}
{{- if .LoggedUser.HasPermission "*"}}
<div class="menu-item">
<a class="menu-link {{- if eq .CurrentURL .MaintenanceURL}} active{{- end}}" href="{{.MaintenanceURL}}">
<span class="menu-bullet">
@ -250,7 +250,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
</div>
</div>
{{- end}}
{{- if .LoggedUser.HasPermission "manage_admins"}}
{{- if .LoggedUser.HasPermission "*"}}
<div class="menu-item">
<a class="menu-link {{- if eq .CurrentURL .AdminsURL}} active{{- end}}" href="{{.AdminsURL}}">
<span class="menu-icon">
@ -259,8 +259,6 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
<span data-i18n="title.admins" class="menu-title">Admins</span>
</a>
</div>
{{- end}}
{{- if .LoggedUser.HasPermission "manage_roles"}}
<div class="menu-item">
<a class="menu-link {{- if eq .CurrentURL .RolesURL}} active{{- end}}" href="{{.RolesURL}}">
<span class="menu-icon">

4
templates/webadmin/eventactions.html
View file

@ -38,7 +38,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
class="form-control rounded-1 w-250px ps-15 me-5" placeholder="Search" />
</div>
<div class="d-flex justify-content-end my-2" data-table-toolbar="base">
{{- if .LoggedUser.HasPermission "manage_event_rules"}}
{{- if .LoggedUser.HasPermission "*"}}
<a href="{{.EventActionURL}}" class="btn btn-primary ms-5">
<i class="ki-duotone ki-plus fs-2"></i>
<span data-i18n="general.add">Add</span>
@ -231,7 +231,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
</button>
<div class="menu menu-sub menu-sub-dropdown menu-column menu-rounded menu-gray-700 menu-state-bg-light-primary fw-semibold fs-6 w-200px py-4" data-kt-menu="true">`;
//{{- if .LoggedUser.HasPermission "manage_event_rules"}}
//{{- if .LoggedUser.HasPermission "*"}}
numActions++;
actions+=`<div class="menu-item px-3">
<a data-i18n="general.edit" href="#" class="menu-link px-3" data-table-action="edit_row">Edit</a>

4
templates/webadmin/eventrules.html
View file

@ -38,7 +38,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
class="form-control rounded-1 w-250px ps-15 me-5" placeholder="Search" />
</div>
<div class="d-flex justify-content-end my-2" data-table-toolbar="base">
{{- if .LoggedUser.HasPermission "manage_event_rules"}}
{{- if .LoggedUser.HasPermission "*"}}
<a href="{{.EventRuleURL}}" class="btn btn-primary ms-5">
<i class="ki-duotone ki-plus fs-2"></i>
<span data-i18n="general.add">Add</span>
@ -283,7 +283,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
</button>
<div class="menu menu-sub menu-sub-dropdown menu-column menu-rounded menu-gray-700 menu-state-bg-light-primary fw-semibold fs-6 w-200px py-4" data-kt-menu="true">`;
//{{- if .LoggedUser.HasPermission "manage_event_rules"}}
//{{- if .LoggedUser.HasPermission "*"}}
numActions++;
actions+=`<div class="menu-item px-3">
<a data-i18n="general.edit" href="#" class="menu-link px-3" data-table-action="edit_row">Edit</a>

2
templates/webadmin/folders.html
View file

@ -301,7 +301,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
<a data-i18n="general.edit" href="#" class="menu-link px-3" data-table-action="edit_row">Edit</a>
</div>`;
//{{- end}}
//{{- if .LoggedUser.HasPermission "manage_system"}}
//{{- if .LoggedUser.HasPermission "*"}}
numActions++;
actions+=`<div class="menu-item px-3">
<a data-i18n="general.template" href="#" class="menu-link px-3" data-table-action="template_row">Template</a>

4
templates/webadmin/roles.html
View file

@ -66,7 +66,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
</label>
</div>
</div>
{{- if .LoggedUser.HasPermission "manage_roles"}}
{{- if .LoggedUser.HasPermission "*"}}
<a href="{{.RoleURL}}" class="btn btn-primary ms-5">
<i class="ki-duotone ki-plus fs-2"></i>
<span data-i18n="general.add">Add</span>
@ -237,7 +237,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
</button>
<div class="menu menu-sub menu-sub-dropdown menu-column menu-rounded menu-gray-700 menu-state-bg-light-primary fw-semibold fs-6 w-200px py-4" data-kt-menu="true">`;
//{{- if .LoggedUser.HasPermission "manage_roles"}}
//{{- if .LoggedUser.HasPermission "*"}}
numActions++;
actions+=`<div class="menu-item px-3">
<a data-i18n="general.edit" href="#" class="menu-link px-3" data-table-action="edit_row">Edit</a>

2
templates/webadmin/users.html
View file

@ -547,7 +547,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
<a data-i18n="general.edit" href="#" class="menu-link px-3" data-table-action="edit_row">Edit</a>
</div>`;
//{{- end}}
//{{- if .LoggedUser.HasPermission "manage_system"}}
//{{- if .LoggedUser.HasPermission "*"}}
numActions++;
actions+=`<div class="menu-item px-3">
<a data-i18n="general.template" href="#" class="menu-link px-3" data-table-action="template_row">Template</a>