From 718b41e3d1ac0333f7c1d72f1d87dcb154d5ee50 Mon Sep 17 00:00:00 2001 From: jbe-dw <50663045+jbe-dw@users.noreply.github.com> Date: Sat, 16 Jan 2021 20:45:02 +0100 Subject: [PATCH] feat: limit zone list for users on servers endpoint (#862) --- powerdnsadmin/routes/api.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py index fe7a38f..5912676 100644 --- a/powerdnsadmin/routes/api.py +++ b/powerdnsadmin/routes/api.py @@ -971,7 +971,15 @@ def api_get_zones(server_id): return jsonify(domain_schema.dump(domain_obj_list)), 200 else: resp = helper.forward_request() - return resp.content, resp.status_code, resp.headers.items() + if (g.apikey.role.name not in ['Administrator', 'Operator'] + and resp.status_code == 200): + domain_list = [d['name'] + for d in domain_schema.dump(g.apikey.domains)] + content = json.dumps([i for i in json.loads(resp.content) + if i['name'].rstrip('.') in domain_list]) + return content, resp.status_code, resp.headers.items() + else: + return resp.content, resp.status_code, resp.headers.items() @api_bp.route('/servers', methods=['GET'])