Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Event managers should not see global API keys #9

Closed
maswan opened this issue Feb 1, 2019 · 1 comment
Closed

Event managers should not see global API keys #9

maswan opened this issue Feb 1, 2019 · 1 comment
Assignees
@bow

Comments

@maswan
Copy link
Collaborator

maswan commented Feb 1, 2019

An event manager should be able to set their own event account (API keys + org_name), but not see the globally configured API keys. Suggested method for this would be to have separate fields&variables (event_sec_key etc), and use the event ones if set.
@bow bow self-assigned this Feb 1, 2019
@bow
Copy link
Member

bow commented Feb 9, 2019

All right, 4806996 implements this change. There is now a checkbox in the event form, which if set to true will ask for the event manager to input the secret and publishable keys. If not checked (the default one), the global API keys will be used but the event manager can not see them. (Well, technically, the publishable key is viewable from the HTML page, but that's as it is meant to be).

The publishable key in the template have also been update to ensure the right key is used, so event keys should never be mixed with global keys. I've also added some tests for this.

So for now I'm closing this ticket. Feel free to reopen, as needed.

@bow bow closed this as completed Feb 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bow bow

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bow @maswan