fix(api): filter sensitive information from API response (#2103)

6 years ago · 5f79547138
parent b8ed6d3d4a
commit 5f79547138
3 changed files with 10 additions and 7 deletions
--- a/api/http/handler/endpoints/endpoint_list.go
+++ b/api/http/handler/endpoints/endpoint_list.go
@ -27,8 +27,9 @@ func (handler *Handler) endpointList(w http.ResponseWriter, r *http.Request) *ht

 	filteredEndpoints := security.FilterEndpoints(endpoints, endpointGroups, securityContext)

-	for _, endpoint := range filteredEndpoints {
-		hideFields(&endpoint)
+	for idx := range filteredEndpoints {
+		hideFields(&filteredEndpoints[idx])
 	}
+
 	return response.JSON(w, filteredEndpoints)
 }
--- a/api/http/handler/registries/registry_list.go
+++ b/api/http/handler/registries/registry_list.go
@ -22,8 +22,9 @@ func (handler *Handler) registryList(w http.ResponseWriter, r *http.Request) *ht

 	filteredRegistries := security.FilterRegistries(registries, securityContext)

-	for _, registry := range filteredRegistries {
-		hideFields(&registry)
+	for idx := range filteredRegistries {
+		hideFields(&filteredRegistries[idx])
 	}
-	return response.JSON(w, registries)
+
+	return response.JSON(w, filteredRegistries)
 }
--- a/api/http/handler/users/user_list.go
+++ b/api/http/handler/users/user_list.go
@ -22,8 +22,9 @@ func (handler *Handler) userList(w http.ResponseWriter, r *http.Request) *httper

 	filteredUsers := security.FilterUsers(users, securityContext)

-	for _, user := range filteredUsers {
-		hideFields(&user)
+	for idx := range filteredUsers {
+		hideFields(&filteredUsers[idx])
 	}
+
 	return response.JSON(w, filteredUsers)
 }