From 195f98dff1cdbf0060e4741366a6c496e1f4f5d2 Mon Sep 17 00:00:00 2001 From: Oliver Gorwits Date: Mon, 5 Jun 2023 17:28:34 +0100 Subject: [PATCH] make safe the api calls with potential for demo site damage --- lib/App/Netdisco/JobQueue/PostgreSQL.pm | 2 +- lib/App/Netdisco/Web/API/Objects.pm | 4 ++-- share/config.yml | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/App/Netdisco/JobQueue/PostgreSQL.pm b/lib/App/Netdisco/JobQueue/PostgreSQL.pm index 3da2c626..5da0dd88 100644 --- a/lib/App/Netdisco/JobQueue/PostgreSQL.pm +++ b/lib/App/Netdisco/JobQueue/PostgreSQL.pm @@ -324,7 +324,7 @@ sub jq_insert { $jobs = [$jobs] if ref [] ne ref $jobs; # bit of a hack for heroku hosting to avoid DB overload - return true if setting('defanged_admin') eq 'false_admin'; + return true if setting('defanged_admin') ne 'admin'; my $happy = false; try { diff --git a/lib/App/Netdisco/Web/API/Objects.pm b/lib/App/Netdisco/Web/API/Objects.pm index 1acbe56a..83bb2d20 100644 --- a/lib/App/Netdisco/Web/API/Objects.pm +++ b/lib/App/Netdisco/Web/API/Objects.pm @@ -240,7 +240,7 @@ swagger_path { }, ], responses => { default => {} }, -}, put '/api/v1/object/device/:ip/nodes' => require_role api_admin => sub { +}, put '/api/v1/object/device/:ip/nodes' => require_role setting('defanged_api_admin') => sub { jq_insert([{ action => 'macsuck', @@ -317,7 +317,7 @@ swagger_path { }, ], responses => { default => {} }, -}, put '/api/v1/object/device/:ip/arps' => require_role api_admin => sub { +}, put '/api/v1/object/device/:ip/arps' => require_role setting('defanged_api_admin') => sub { jq_insert([{ action => 'arpnip', diff --git a/share/config.yml b/share/config.yml index fa1c7883..964800f9 100644 --- a/share/config.yml +++ b/share/config.yml @@ -263,6 +263,7 @@ check_userlog: false devport_vlan_limit: 150 login_logo: "" defanged_admin: 'admin' +defanged_api_admin: 'api_admin' hide_deviceports: [] # -------------