jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Only a Cloudron owner can install/update/exec apps with the docker addon

Browse Source 
this should have been part of f1975d8f2b
This commit is contained in:
Girish Ramakrishnan
2020-03-29 18:40:49 -07:00
parent 1da37b66d8
commit 7110240e73
3 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/routes/apps.js
View File

@@ -641,7 +641,9 @@ function exec(req, res, next) {
var rows = req.query.rows ? parseInt(req.query.rows, 10) : null;
if (isNaN(rows)) return next(new HttpError(400, 'rows must be a number'));
var tty = req.query.tty === 'true' ? true : false;
var tty = req.query.tty === 'true';
if (safe.query(req.resource, 'manifest.addons.docker') && req.user.role !== users.ROLE_OWNER) return next(new HttpError(403, 'Only owner can exec app with docker addon'));
apps.exec(req.resource, { cmd: cmd, rows: rows, columns: columns, tty: tty }, function (error, duplexStream) {
if (error) return next(BoxError.toHttpError(error));