Skip to content
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.

Blacklist the columns from public #518

Closed
benhaynes opened this issue Oct 25, 2018 · 1 comment
Closed

Blacklist the columns from public #518

benhaynes opened this issue Oct 25, 2018 · 1 comment
Labels
bug Something isn't working
Projects
Bug Triage v2.0.6

Comments

@benhaynes
Copy link
Sponsor Member

From directus created by shushant : directus/directus#2180

For security issues, please email support@getdirectus.com directly.

To help us resolve your issue more quickly, please use the following template:

For feature requests/voting please use the Directus Request Tool, or come chat with us through getdirectus.com. Accepted feature requests will be added to GitHub Issues for assignment.

Version Info

  • Directus version and branch (Or commit hash): 6.4.2
  • PHP version: 5.6.36
  • MySQL version: 5.7.19
  • Web server: Apache
  • OS name and version: Windows 10

Expected Behavior

I don't want certain columns to be exposed publicly

Actual Behavior

capture
Please look at the screenshot i have attached.
I have read blacklisted the attachment column but whenever i browse the endpoints that columns is still there

{
    "meta": {
        "table": "products",
        "type": "collection",
        "total": 2,
        "Deleted": 2,
        "Published": 2,
        "Draft": 0,
        "total_entries": 4
    },
    "data": [
        {
            "id": 3,
            "status": 1,
            "sort": null,
            "name": "Yoga Tips",
            "attachment": {
                "meta": {
                    "table": "directus_files",
                    "type": "item"
                },
                "data": {
                    "id": 2,
                    "status": 1,
                    "name": "00000000002.PNG",
                    "title": "Capture",
                    "location": "",
                    "caption": "",
                    "type": "image\/png",
                    "charset": "binary",
                    "tags": "",
                    "width": 476,
                    "height": 439,
                    "size": 17543,
                    "embed_id": null,
                    "user": 1,
                    "date_uploaded": "2018-07-13T09:26:42-04:00",
                    "storage_adapter": "local",
                    "url": "\/storage\/uploads\/00000000002.PNG",
                    "thumbnail_url": "\/storage\/uploads\/thumbs\/2.PNG",
                    "old_thumbnail_url": "\/storage\/uploads\/thumbs\/00000000002-PNG-160-160-true.jpg",
                    "html": null
                }
            },
            "category": {
                "meta": {
                    "table": "category",
                    "type": "item"
                },
                "data": {
                    "id": 1,
                    "status": 1,
                    "sort": null,
                    "name": "Kids",
                    "slug": "kids"
                }
            }
        },
        {
            "id": 4,
            "status": 1,
            "sort": null,
            "name": "kshushant",
            "attachment": {
                "meta": {
                    "table": "directus_files",
                    "type": "item"
                },
                "data": {
                    "id": 3,
                    "status": 1,
                    "name": "dca9ee73d2b97a10448dc82283b54e48.PNG",
                    "title": "Capture",
                    "location": "",
                    "caption": "",
                    "type": "image\/png",
                    "charset": "binary",
                    "tags": "",
                    "width": 476,
                    "height": 439,
                    "size": 17543,
                    "embed_id": null,
                    "user": 1,
                    "date_uploaded": "2018-07-13T10:24:35-04:00",
                    "storage_adapter": "local",
                    "url": "\/storage\/uploads\/dca9ee73d2b97a10448dc82283b54e48.PNG",
                    "thumbnail_url": "\/storage\/uploads\/thumbs\/3.PNG",
                    "old_thumbnail_url": "\/storage\/uploads\/thumbs\/dca9ee73d2b97a10448dc82283b54e48-PNG-160-160-true.jpg",
                    "html": null
                }
            },
            "category": {
                "meta": {
                    "table": "category",
                    "type": "item"
                },
                "data": {
                    "id": 2,
                    "status": 1,
                    "sort": null,
                    "name": "Sports",
                    "slug": null
                }
            }
        }
    ]
}

But in case of other usergroup which requires access token column is hidden from endpoint

Steps to Reproduce

Schema Dump, Logs, or Screenshots
@benhaynes benhaynes added the v6 label Oct 25, 2018
@benhaynes benhaynes mentioned this issue Oct 25, 2018
Closed
@benhaynes benhaynes added bug Something isn't working hacktoberfest and removed v6 labels Oct 25, 2018
@benhaynes benhaynes added this to Needs triage in Bug Triage via automation Oct 25, 2018
@rijkvanzanten rijkvanzanten moved this from Needs triage to Low priority in Bug Triage Oct 26, 2018
@wellingguzman wellingguzman added this to To do in v2.0.6 Nov 7, 2018
@wellingguzman wellingguzman moved this from To do to In progress in v2.0.6 Nov 7, 2018
@wellingguzman
Copy link
Contributor

This bug is related to #556. When the collection has a status field, permissions weren't working properly.

This was fixed by 0fe67c0

Bug Triage automation moved this from Low priority to Closed Nov 7, 2018
v2.0.6 automation moved this from In progress to Done Nov 7, 2018
samvasko pushed a commit to samvasko/api that referenced this issue Nov 25, 2019
@rijkvanzanten
Add file upload modal to file library (directus#518)
ab54c53 
* Start on file upload component

* Fix linter warnings

* Add file upload modal

* Refresh page after file upload

* Add upload dropzone initial styling

* Re-render listing view instead of hard reloading

* Close modal when file upload is done
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
Bug Triage
  
Closed
v2.0.6
  
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@benhaynes @wellingguzman