Skip to content
This repository was archived by the owner on Nov 24, 2025. It is now read-only.

Display secure parameters when role has proper perms #7688

Merged
ericholguin merged 6 commits into from
Aug 9, 2023
Merged

Display secure parameters when role has proper perms #7688

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
30dd924
fix conditional for secure parameters
ericholguin Aug 1, 2023
992c7c3
add change
ericholguin Aug 1, 2023
5173a73
Merge branch 'master' into secure-params-fix
ericholguin Aug 1, 2023
72aeaff
handle v5 functionality
ericholguin Aug 3, 2023
8138372
Merge branch 'secure-params-fix' of github.com:ericholguin/trafficcon…
ericholguin Aug 3, 2023
a26618c
Merge branch 'master' into secure-params-fix
ericholguin Aug 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
- [#7628](https://github.com/apache/trafficcontrol/pull/7628) *Traffic Ops* Fixes an issue where certificate chain validation failed based on leading or trailing whitespace.
- [#7596](https://github.com/apache/trafficcontrol/pull/7596) *Traffic Ops* Fixes `federation_resolvers` v5 apis to respond with `RFC3339` date/time Format.
- [#7660](https://github.com/apache/trafficcontrol/pull/7660) *Traffic Ops* Fixes `deliveryServices` v5 apis to respond with `RFC3339` date/time Format.
- [#7686](https://github.com/apache/trafficcontrol/pull/7686) *Traffic Ops* Fixes secured parameters being visible when role has proper permissions.
- [#7697](https://github.com/apache/trafficcontrol/pull/7697) *Traffic Ops* Fixes `iloPassword` and `xmppPassword` checking for priv-level instead of using permissions.

### Removed
Expand Down
16 changes: 12 additions & 4 deletions traffic_ops/traffic_ops_golang/parameter/parameters.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,10 +176,18 @@ func (param *TOParameter) Read(h http.Header, useIMS bool) ([]interface{}, error
return nil, nil, errors.New("scanning " + param.GetType() + ": " + err.Error()), http.StatusInternalServerError, nil
}
if p.Secure != nil && *p.Secure {
if param.ReqInfo.Version.Major >= 4 &&
param.ReqInfo.Config.RoleBasedPermissions &&
!param.ReqInfo.User.Can("PARAMETER-SECURE:READ") {
p.Value = &HiddenField
if param.ReqInfo.Version.Major >= 5 {
if !param.ReqInfo.User.Can("PARAMETER-SECURE:READ") {
p.Value = &HiddenField
}
} else if param.ReqInfo.Version.Major == 4 {
if param.ReqInfo.Config.RoleBasedPermissions {
if !param.ReqInfo.User.Can("PARAMETER-SECURE:READ") {
p.Value = &HiddenField
}
} else if param.ReqInfo.User.PrivLevel < auth.PrivLevelAdmin {
p.Value = &HiddenField
}
} else if param.ReqInfo.User.PrivLevel < auth.PrivLevelAdmin {
p.Value = &HiddenField
}
Expand Down