You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by mi...@apache.org on 2017/03/14 20:22:18 UTC
[3/4] incubator-trafficcontrol git commit: secures DB dumps
secures DB dumps
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/3fd65ec9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/3fd65ec9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/3fd65ec9
Branch: refs/heads/master
Commit: 3fd65ec919e51f40b5165e42c5e36271463db860
Parents: 4dc701c
Author: Derek Gelinas <de...@cable.comcast.com>
Authored: Mon Mar 13 18:59:45 2017 -0400
Committer: Jeremy Mitchell <mi...@gmail.com>
Committed: Tue Mar 14 14:21:45 2017 -0600
----------------------------------------------------------------------
traffic_ops/app/lib/UI/GenDbDump.pm | 5 +++
traffic_ops/app/templates/tools/db_dump.html.ep | 34 +++++++++++---------
2 files changed, 24 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/3fd65ec9/traffic_ops/app/lib/UI/GenDbDump.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/UI/GenDbDump.pm b/traffic_ops/app/lib/UI/GenDbDump.pm
index 600b77d..80ce1bd 100644
--- a/traffic_ops/app/lib/UI/GenDbDump.pm
+++ b/traffic_ops/app/lib/UI/GenDbDump.pm
@@ -17,6 +17,7 @@ package UI::GenDbDump;
#
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
+use UI::Utils;
sub dbdump {
my $self = shift;
@@ -32,6 +33,10 @@ sub dbdump {
$self->internal_server_error( { Error => "Error dumping database" } );
return;
}
+ if ( !&is_oper($self) ) {
+ $self->internal_server_error( { Error => "Insufficient permissions for DB Dump. Admin access is required." } );
+ return;
+ }
# slurp it in..
undef $/;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/3fd65ec9/traffic_ops/app/templates/tools/db_dump.html.ep
----------------------------------------------------------------------
diff --git a/traffic_ops/app/templates/tools/db_dump.html.ep b/traffic_ops/app/templates/tools/db_dump.html.ep
index 52d97c4..8a5d353 100644
--- a/traffic_ops/app/templates/tools/db_dump.html.ep
+++ b/traffic_ops/app/templates/tools/db_dump.html.ep
@@ -31,19 +31,23 @@ $(function () {
<body>
%= include 'navbar'
- <div id=accordion>
- <h3><a href="#">Download a database dump</a></h3>
- <div>
- <script>
- function downloadsqlfunction() {
- window.location = "/dbdump?filename=" + $('#filename').val();
- }
- </script>
- Filename: <input id="filename" value="<%= $filename %>" size=70/>
- <br>
- <br>
- <button class="button" type="button" onclick="downloadsqlfunction()">Download DB dump</button>
- </div>
- </div>
- </body>
+ <div id=accordion>
+ <h3><a href="#">Download a database dump</a></h3>
+ <% if ($priv_level >= 20) { %>
+ <div>
+ <script>
+ function downloadsqlfunction() {
+ window.location = "/dbdump?filename=" + $('#filename').val();
+ }
+ </script>
+ Filename: <input id="filename" value="<%= $filename %>" size=70/>
+ <br>
+ <br>
+ <button class="button" type="button" onclick="downloadsqlfunction()">Download DB dump</button>
+ </div>
+ <% } else { %>
+ <h2> This operation is for ADMINS only!!!!</h2>
+ <% } %>
+ </div>
+</body>
</html>