From 734454ee85b420b702985a3804fa37a129f1b384 Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Sun, 14 Aug 2022 08:44:17 +0000 Subject: [PATCH] hiding stdout and stderr on client execution response --- app/controllers/api/functions.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/app/controllers/api/functions.php b/app/controllers/api/functions.php index bc0edc02da..560ffecddb 100644 --- a/app/controllers/api/functions.php +++ b/app/controllers/api/functions.php @@ -966,6 +966,12 @@ App::post('/v1/functions/:functionId/executions') ->setParam('functionStatus', $execution->getAttribute('status', '')) ->setParam('functionExecutionTime', $execution->getAttribute('time') * 1000); // ms + $roles = Authorization::getRoles(); + $isPrivilegedUser = Auth::isPrivilegedUser($roles); + $isAppUser = Auth::isAppUser($roles); + $execution->setAttribute('stdout', ($isPrivilegedUser || $isAppUser) ? $executionResponse['stdout'] : ''); + $execution->setAttribute('stderr', ($isPrivilegedUser || $isAppUser) ? $executionResponse['stderr'] : ''); + $response ->setStatusCode(Response::STATUS_CODE_CREATED) ->dynamic($execution, Response::MODEL_EXECUTION); @@ -1056,6 +1062,12 @@ App::get('/v1/functions/:functionId/executions/:executionId') throw new Exception('Execution not found', 404, Exception::EXECUTION_NOT_FOUND); } + $roles = Authorization::getRoles(); + $isPrivilegedUser = Auth::isPrivilegedUser($roles); + $isAppUser = Auth::isAppUser($roles); + $execution->setAttribute('stdout', ($isPrivilegedUser || $isAppUser) ? $execution->getAttribute('stdout') : ''); + $execution->setAttribute('stderr', ($isPrivilegedUser || $isAppUser) ? $execution->getAttribute('stderr') : ''); + $response->dynamic($execution, Response::MODEL_EXECUTION); });