You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by mi...@apache.org on 2017/03/14 20:22:18 UTC

[3/4] incubator-trafficcontrol git commit: secures DB dumps

secures DB dumps


Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/3fd65ec9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/3fd65ec9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/3fd65ec9

Branch: refs/heads/master
Commit: 3fd65ec919e51f40b5165e42c5e36271463db860
Parents: 4dc701c
Author: Derek Gelinas <de...@cable.comcast.com>
Authored: Mon Mar 13 18:59:45 2017 -0400
Committer: Jeremy Mitchell <mi...@gmail.com>
Committed: Tue Mar 14 14:21:45 2017 -0600

----------------------------------------------------------------------
 traffic_ops/app/lib/UI/GenDbDump.pm             |  5 +++
 traffic_ops/app/templates/tools/db_dump.html.ep | 34 +++++++++++---------
 2 files changed, 24 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/3fd65ec9/traffic_ops/app/lib/UI/GenDbDump.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/UI/GenDbDump.pm b/traffic_ops/app/lib/UI/GenDbDump.pm
index 600b77d..80ce1bd 100644
--- a/traffic_ops/app/lib/UI/GenDbDump.pm
+++ b/traffic_ops/app/lib/UI/GenDbDump.pm
@@ -17,6 +17,7 @@ package UI::GenDbDump;
 #
 use Mojo::Base 'Mojolicious::Controller';
 use Data::Dumper;
+use UI::Utils;
 
 sub dbdump {
 	my $self = shift;
@@ -32,6 +33,10 @@ sub dbdump {
 		$self->internal_server_error( { Error => "Error dumping database" } );	
 		return;
 	}
+	if ( !&is_oper($self) ) {
+		$self->internal_server_error( { Error => "Insufficient permissions for DB Dump. Admin access is required." } );	
+		return;
+	}
 
 	# slurp it in..
 	undef $/;

http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/3fd65ec9/traffic_ops/app/templates/tools/db_dump.html.ep
----------------------------------------------------------------------
diff --git a/traffic_ops/app/templates/tools/db_dump.html.ep b/traffic_ops/app/templates/tools/db_dump.html.ep
index 52d97c4..8a5d353 100644
--- a/traffic_ops/app/templates/tools/db_dump.html.ep
+++ b/traffic_ops/app/templates/tools/db_dump.html.ep
@@ -31,19 +31,23 @@ $(function () {
 
 <body>
 %= include 'navbar'
-			<div id=accordion>
-					<h3><a href="#">Download a database dump</a></h3>
-					<div>
-						<script>
-							function downloadsqlfunction() {
-								window.location = "/dbdump?filename=" + $('#filename').val();
-							}
-						</script>
-						Filename: <input id="filename" value="<%= $filename %>" size=70/>
-						<br>
-						<br>
-						<button class="button" type="button" onclick="downloadsqlfunction()">Download DB dump</button>
-					</div>
-			</div>
-	</body>
+	<div id=accordion>
+			<h3><a href="#">Download a database dump</a></h3>
+			<% if ($priv_level >= 20) { %>
+				<div>
+					<script>
+						function downloadsqlfunction() {
+							window.location = "/dbdump?filename=" + $('#filename').val();
+						}
+					</script>
+					Filename: <input id="filename" value="<%= $filename %>" size=70/>
+					<br>
+					<br>
+					<button class="button" type="button" onclick="downloadsqlfunction()">Download DB dump</button>
+				</div>
+			<% } else { %>
+				<h2> This operation is for ADMINS only!!!!</h2>
+			<% } %>
+	</div>
+</body>
 </html>