fix(api): filter sensitive information from API response (#2103)

2018-07-31 11:50:04 +02:00 · 2018-07-31 11:50:04 +02:00 · 5f79547138
parent b8ed6d3d4a
commit 5f79547138
3 changed files with 10 additions and 7 deletions
--- a/api/http/handler/endpoints/endpoint_list.go
+++ b/api/http/handler/endpoints/endpoint_list.go
@ -27,8 +27,9 @@ func (handler *Handler) endpointList(w http.ResponseWriter, r *http.Request) *ht
 	filteredEndpoints := security.FilterEndpoints(endpoints, endpointGroups, securityContext)
-	for _, endpoint := range filteredEndpoints {
+	for idx := range filteredEndpoints {
-		hideFields(&endpoint)
+		hideFields(&filteredEndpoints[idx])
 	}
 	return response.JSON(w, filteredEndpoints)
 }
--- a/api/http/handler/registries/registry_list.go
+++ b/api/http/handler/registries/registry_list.go
@ -22,8 +22,9 @@ func (handler *Handler) registryList(w http.ResponseWriter, r *http.Request) *ht
 	filteredRegistries := security.FilterRegistries(registries, securityContext)
-	for _, registry := range filteredRegistries {
+	for idx := range filteredRegistries {
-		hideFields(&registry)
+		hideFields(&filteredRegistries[idx])
 	}
-	return response.JSON(w, registries)
+
 	return response.JSON(w, filteredRegistries)
 }
--- a/api/http/handler/users/user_list.go
+++ b/api/http/handler/users/user_list.go
@ -22,8 +22,9 @@ func (handler *Handler) userList(w http.ResponseWriter, r *http.Request) *httper
 	filteredUsers := security.FilterUsers(users, securityContext)
-	for _, user := range filteredUsers {
+	for idx := range filteredUsers {
-		hideFields(&user)
+		hideFields(&filteredUsers[idx])
 	}
 	return response.JSON(w, filteredUsers)
 }