jnd/beszel-ipv6
1
0
Fork 0
mirror of https://github.com/henrygd/beszel.git synced 2025-12-17 02:36:17 +01:00
Code Issues Packages Projects Releases 2 Wiki Activity

fix SHARE_ALL_SYSTEMS not working for Containers

Browse Source 
#1334
This commit is contained in:
henrygd
2025-10-28 16:25:29 -04:00
parent 473cb7f437
commit d231ace28e
1 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
internal/hub/hub.go
View File

@@ -136,6 +136,7 @@ func setCollectionAuthSettings(app core.App) error {
if err != nil { if err != nil {
return err return err
} }
// disable email auth if DISABLE_PASSWORD_AUTH env var is set // disable email auth if DISABLE_PASSWORD_AUTH env var is set
disablePasswordAuth, _ := GetEnv("DISABLE_PASSWORD_AUTH") disablePasswordAuth, _ := GetEnv("DISABLE_PASSWORD_AUTH")
usersCollection.PasswordAuth.Enabled = disablePasswordAuth != "true" usersCollection.PasswordAuth.Enabled = disablePasswordAuth != "true"
@@ -147,6 +148,7 @@ func setCollectionAuthSettings(app core.App) error {
} else { } else {
usersCollection.CreateRule = nil usersCollection.CreateRule = nil
} }
// enable mfaOtp mfa if MFA_OTP env var is set // enable mfaOtp mfa if MFA_OTP env var is set
mfaOtp, _ := GetEnv("MFA_OTP") mfaOtp, _ := GetEnv("MFA_OTP")
usersCollection.OTP.Length = 6 usersCollection.OTP.Length = 6
@@ -161,23 +163,37 @@ func setCollectionAuthSettings(app core.App) error {
if err := app.Save(usersCollection); err != nil { if err := app.Save(usersCollection); err != nil {
return err return err
} }
shareAllSystems, _ := GetEnv("SHARE_ALL_SYSTEMS")
// allow all users to access systems if SHARE_ALL_SYSTEMS is set // allow all users to access systems if SHARE_ALL_SYSTEMS is set
systemsCollection, err := app.FindCollectionByNameOrId("systems") systemsCollection, err := app.FindCollectionByNameOrId("systems")
if err != nil { if err != nil {
return err return err
} }
shareAllSystems, _ := GetEnv("SHARE_ALL_SYSTEMS") var systemsReadRule string
systemsReadRule := "@request.auth.id != \"\"" if shareAllSystems == "true" {
if shareAllSystems != "true" { systemsReadRule = "@request.auth.id != \"\""
// default is to only show systems that the user id is assigned to } else {
systemsReadRule += " && users.id ?= @request.auth.id" systemsReadRule = "@request.auth.id != \"\" && users.id ?= @request.auth.id"
} }
updateDeleteRule := systemsReadRule + " && @request.auth.role != \"readonly\"" updateDeleteRule := systemsReadRule + " && @request.auth.role != \"readonly\""
systemsCollection.ListRule = &systemsReadRule systemsCollection.ListRule = &systemsReadRule
systemsCollection.ViewRule = &systemsReadRule systemsCollection.ViewRule = &systemsReadRule
systemsCollection.UpdateRule = &updateDeleteRule systemsCollection.UpdateRule = &updateDeleteRule
systemsCollection.DeleteRule = &updateDeleteRule systemsCollection.DeleteRule = &updateDeleteRule
return app.Save(systemsCollection) if err := app.Save(systemsCollection); err != nil {
return err
}
// allow all users to access all containers if SHARE_ALL_SYSTEMS is set
containersCollection, err := app.FindCollectionByNameOrId("containers")
if err != nil {
return err
}
containersListRule := strings.Replace(systemsReadRule, "users.id", "system.users.id", 1)
containersCollection.ListRule = &containersListRule
return app.Save(containersCollection)
} }
// registerCronJobs sets up scheduled tasks // registerCronJobs sets up scheduled tasks