From e7d5a3aba09b308af723d44b979159a25b7ebf27 Mon Sep 17 00:00:00 2001 From: Vitali Quiering Date: Fri, 5 Nov 2021 16:26:38 +0100 Subject: [PATCH] feat: enable_api_rr_history setting (#998) * feat: introduce enable_api_rr_history setting to disable api record changes --- powerdnsadmin/models/setting.py | 1 + powerdnsadmin/routes/admin.py | 2 +- powerdnsadmin/routes/api.py | 43 +++++++++++++++++---------------- 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py index 776c978..e864a28 100644 --- a/powerdnsadmin/models/setting.py +++ b/powerdnsadmin/models/setting.py @@ -29,6 +29,7 @@ class Setting(db.Model): 'allow_user_remove_domain': False, 'allow_user_view_history': False, 'bg_domain_updates': False, + 'enable_api_rr_history': True, 'site_name': 'PowerDNS-Admin', 'site_url': 'http://localhost:9191', 'session_timeout': 10, diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py index d984385..5960c4d 100644 --- a/powerdnsadmin/routes/admin.py +++ b/powerdnsadmin/routes/admin.py @@ -644,7 +644,7 @@ def setting_basic(): 'pretty_ipv6_ptr', 'dnssec_admins_only', 'allow_user_create_domain', 'allow_user_remove_domain', 'allow_user_view_history', 'bg_domain_updates', 'site_name', 'session_timeout', 'warn_session_timeout', 'ttl_options', - 'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email', 'otp_field_enabled', 'custom_css' + 'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history' ] return render_template('admin_setting_basic.html', settings=settings) diff --git a/powerdnsadmin/routes/api.py b/powerdnsadmin/routes/api.py index 0623c96..ccbc460 100644 --- a/powerdnsadmin/routes/api.py +++ b/powerdnsadmin/routes/api.py @@ -979,28 +979,29 @@ def api_zone_forward(server_id, zone_id): status = resp.status_code if 200 <= status < 300: current_app.logger.debug("Request to powerdns API successful") - if request.method in ['POST', 'PATCH'] : - data = request.get_json(force=True) - for rrset_data in data['rrsets']: - history = History(msg='{0} zone {1} record of {2}'.format( - rrset_data['changetype'].lower(), rrset_data['type'], - rrset_data['name'].rstrip('.')), - detail=json.dumps(data), - created_by=g.apikey.description, - domain_id=Domain().get_id_by_name(zone_id.rstrip('.'))) + if Setting().get('enable_api_rr_history'): + if request.method in ['POST', 'PATCH'] : + data = request.get_json(force=True) + for rrset_data in data['rrsets']: + history = History(msg='{0} zone {1} record of {2}'.format( + rrset_data['changetype'].lower(), rrset_data['type'], + rrset_data['name'].rstrip('.')), + detail=json.dumps(data), + created_by=g.apikey.description, + domain_id=Domain().get_id_by_name(zone_id.rstrip('.'))) + history.add() + elif request.method == 'DELETE': + history = History(msg='Deleted zone {0}'.format(zone_id.rstrip('.')), + detail='', + created_by=g.apikey.description, + domain_id=Domain().get_id_by_name(zone_id.rstrip('.'))) + history.add() + elif request.method != 'GET': + history = History(msg='Updated zone {0}'.format(zone_id.rstrip('.')), + detail='', + created_by=g.apikey.description, + domain_id=Domain().get_id_by_name(zone_id.rstrip('.'))) history.add() - elif request.method == 'DELETE': - history = History(msg='Deleted zone {0}'.format(zone_id.rstrip('.')), - detail='', - created_by=g.apikey.description, - domain_id=Domain().get_id_by_name(zone_id.rstrip('.'))) - history.add() - elif request.method != 'GET': - history = History(msg='Updated zone {0}'.format(zone_id.rstrip('.')), - detail='', - created_by=g.apikey.description, - domain_id=Domain().get_id_by_name(zone_id.rstrip('.'))) - history.add() return resp.content, resp.status_code, resp.headers.items() @api_bp.route('/servers/', methods=['GET', 'PUT'])