From 30dd92474d5532333b5dcab82eac8e4b269f9dbc Mon Sep 17 00:00:00 2001 From: eholgu401 Date: Tue, 1 Aug 2023 13:19:07 -0600 Subject: [PATCH 1/3] fix conditional for secure parameters --- .../traffic_ops_golang/parameter/parameters.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/traffic_ops/traffic_ops_golang/parameter/parameters.go b/traffic_ops/traffic_ops_golang/parameter/parameters.go index 167019fbc3..7eceaa6058 100644 --- a/traffic_ops/traffic_ops_golang/parameter/parameters.go +++ b/traffic_ops/traffic_ops_golang/parameter/parameters.go @@ -176,10 +176,14 @@ func (param *TOParameter) Read(h http.Header, useIMS bool) ([]interface{}, error return nil, nil, errors.New("scanning " + param.GetType() + ": " + err.Error()), http.StatusInternalServerError, nil } if p.Secure != nil && *p.Secure { - if param.ReqInfo.Version.Major >= 4 && - param.ReqInfo.Config.RoleBasedPermissions && - !param.ReqInfo.User.Can("PARAMETER-SECURE:READ") { - p.Value = &HiddenField + if param.ReqInfo.Version.Major >= 4 { + if param.ReqInfo.Config.RoleBasedPermissions { + if !param.ReqInfo.User.Can("PARAMETER-SECURE:READ") { + p.Value = &HiddenField + } + } else if param.ReqInfo.User.PrivLevel < auth.PrivLevelAdmin { + p.Value = &HiddenField + } } else if param.ReqInfo.User.PrivLevel < auth.PrivLevelAdmin { p.Value = &HiddenField } From 992c7c3684e913f1f143fc44cdb537c1921cda1a Mon Sep 17 00:00:00 2001 From: eholgu401 Date: Tue, 1 Aug 2023 13:36:06 -0600 Subject: [PATCH 2/3] add change --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 55f97ce1e2..b9d0ac1b37 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -138,6 +138,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). - [#7575](https://github.com/apache/trafficcontrol/pull/7575) *Traffic Ops* Fixes `types` v5 apis to respond with `RFC3339` date/time Format. - [#7628](https://github.com/apache/trafficcontrol/pull/7628) *Traffic Ops* Fixes an issue where certificate chain validation failed based on leading or trailing whitespace. - [#7596](https://github.com/apache/trafficcontrol/pull/7596) *Traffic Ops* Fixes `federation_resolvers` v5 apis to respond with `RFC3339` date/time Format. +- [#7686](https://github.com/apache/trafficcontrol/pull/7686) *Traffic Ops* Fixes secured parameters being visible when role has proper permissions. ### Removed - [#7271](https://github.com/apache/trafficcontrol/pull/7271) Remove components in `infrastructre/docker/`, not in use as cdn-in-a-box performs the same functionality. From 72aeaffa44fad0f8d9c3e3c596490f5725549042 Mon Sep 17 00:00:00 2001 From: eholgu401 Date: Thu, 3 Aug 2023 14:21:43 -0600 Subject: [PATCH 3/3] handle v5 functionality --- traffic_ops/traffic_ops_golang/parameter/parameters.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/traffic_ops/traffic_ops_golang/parameter/parameters.go b/traffic_ops/traffic_ops_golang/parameter/parameters.go index 7eceaa6058..3595ced557 100644 --- a/traffic_ops/traffic_ops_golang/parameter/parameters.go +++ b/traffic_ops/traffic_ops_golang/parameter/parameters.go @@ -176,7 +176,11 @@ func (param *TOParameter) Read(h http.Header, useIMS bool) ([]interface{}, error return nil, nil, errors.New("scanning " + param.GetType() + ": " + err.Error()), http.StatusInternalServerError, nil } if p.Secure != nil && *p.Secure { - if param.ReqInfo.Version.Major >= 4 { + if param.ReqInfo.Version.Major >= 5 { + if !param.ReqInfo.User.Can("PARAMETER-SECURE:READ") { + p.Value = &HiddenField + } + } else if param.ReqInfo.Version.Major == 4 { if param.ReqInfo.Config.RoleBasedPermissions { if !param.ReqInfo.User.Can("PARAMETER-SECURE:READ") { p.Value = &HiddenField