Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #892 from bugzmanov/jobs

[RJA-xx][fix] security issues
  • Loading branch information...
commit 1f08d473d0a8e8d725db8025d0014d7633d9e055 2 parents f55d12d + 83d4a38
@rsvato authored
View
4 frontend/src/main/resources/WEB-INF/spring/security-config.xml
@@ -245,13 +245,13 @@
<s:intercept-url pattern="/rest/metrics*" access="hasRole('ROLE_GENESIS_ADMIN')"/>
+ <s:intercept-url pattern="/rest/jobs-stat" method="GET" access="hasRole('ROLE_GENESIS_ADMIN') or hasRole('ROLE_GENESIS_READONLY')"/>
+
<s:intercept-url pattern="/rest/**" access="isAuthenticated()" />
<s:intercept-url pattern="/metrics*" method="GET" access="hasRole('ROLE_GENESIS_ADMIN') or hasRole('ROLE_GENESIS_READONLY')"/>
<s:intercept-url pattern="/metrics/**" method="GET" access="hasRole('ROLE_GENESIS_ADMIN') or hasRole('ROLE_GENESIS_READONLY')"/>
- <s:intercept-url pattern="/rest/jobs-stat" method="GET" access="hasRole('ROLE_GENESIS_ADMIN') or hasRole('ROLE_GENESIS_READONLY')"/>
-
<s:intercept-url pattern="/**" access="denyAll" />
<s:form-login login-page="/login.html"
View
2  ui/src/main/resources/genesis/app/templates/dashboard/project_jobs.html
@@ -1,6 +1,6 @@
<% _.forEach(_.keys(jobs), function(envId){ %>
<div class="instance">
- <span>Instance <a href="project/<%= projectId %>/inst/<%= envId %>" style="text-decoration: underline; font-weight: bold">'<%- envs.get(envId).get('name') %>'</a></span>
+ <span>Instance <a href="#project/<%= projectId %>/inst/<%= envId %>" style="text-decoration: underline; font-weight: bold">'<%- envs.get(envId).get('name') %>'</a></span>
</div>
<% for(var i = 0, count = jobs[envId].length; i < count; i++) { var job = jobs[envId][i] %>
<div class="task <%= job.status === 'Failed' ? 'failed': 'requested' %>">
Please sign in to comment.
Something went wrong with that request. Please try again.