Bypass volume and network access control with stack definition

[puitk-olp]

Before you start please confirm the following.

• Yes, I've searched similar issues on GitHub.
• Yes, I've checked whether this issue is covered in the Portainer documentation or knowledge base.

Problem Description

It is possible to deploy the stack, where we attach to stack's services network or volume defined as external (external: true) and for those network or/and volume normally we don't have rights in Portainer. We only have to know their names.

Expected Behavior

Deployment of the stack should fail, and containers should not be started.
An error message about unsuffcient right should be displayed to an user instead.

Actual Behavior

Stack is deployed bypassing access control

Steps to Reproduce

1. Define network or/and volume e.g. as administrator, and make it/them private.
2. Relog as normal user
3. Create a stack, which:
   a) defines external network and/or volume (external: true) with the names from 1.
   b) defines services with those network and/or volume attached to them.
4. Deploy the stack.

Portainer logs or screenshots

No response

Portainer version

2.19.2

Portainer Edition

Community Edition (CE)

Platform and Version

24.0.3

OS and Architecture

Ubuntu 22.04

Browser

No response

What command did you use to deploy Portainer?

No response

Additional Information

No response