Skip to content
This repository has been archived by the owner on Nov 19, 2020. It is now read-only.

Blacklist the columns from public #66

Open
benhaynes opened this issue Oct 25, 2018 · 0 comments
Open

Blacklist the columns from public #66

benhaynes opened this issue Oct 25, 2018 · 0 comments
Labels
v6

Comments

@benhaynes
Copy link
Member

From directus created by shushant : directus/directus#2180

For security issues, please email [email protected] directly.

To help us resolve your issue more quickly, please use the following template:

For feature requests/voting please use the Directus Request Tool, or come chat with us through getdirectus.com. Accepted feature requests will be added to GitHub Issues for assignment.

Version Info

  • Directus version and branch (Or commit hash): 6.4.2
  • PHP version: 5.6.36
  • MySQL version: 5.7.19
  • Web server: Apache
  • OS name and version: Windows 10

Expected Behavior

I don't want certain columns to be exposed publicly

Actual Behavior

capture
Please look at the screenshot i have attached.
I have read blacklisted the attachment column but whenever i browse the endpoints that columns is still there

{
    "meta": {
        "table": "products",
        "type": "collection",
        "total": 2,
        "Deleted": 2,
        "Published": 2,
        "Draft": 0,
        "total_entries": 4
    },
    "data": [
        {
            "id": 3,
            "status": 1,
            "sort": null,
            "name": "Yoga Tips",
            "attachment": {
                "meta": {
                    "table": "directus_files",
                    "type": "item"
                },
                "data": {
                    "id": 2,
                    "status": 1,
                    "name": "00000000002.PNG",
                    "title": "Capture",
                    "location": "",
                    "caption": "",
                    "type": "image\/png",
                    "charset": "binary",
                    "tags": "",
                    "width": 476,
                    "height": 439,
                    "size": 17543,
                    "embed_id": null,
                    "user": 1,
                    "date_uploaded": "2018-07-13T09:26:42-04:00",
                    "storage_adapter": "local",
                    "url": "\/storage\/uploads\/00000000002.PNG",
                    "thumbnail_url": "\/storage\/uploads\/thumbs\/2.PNG",
                    "old_thumbnail_url": "\/storage\/uploads\/thumbs\/00000000002-PNG-160-160-true.jpg",
                    "html": null
                }
            },
            "category": {
                "meta": {
                    "table": "category",
                    "type": "item"
                },
                "data": {
                    "id": 1,
                    "status": 1,
                    "sort": null,
                    "name": "Kids",
                    "slug": "kids"
                }
            }
        },
        {
            "id": 4,
            "status": 1,
            "sort": null,
            "name": "kshushant",
            "attachment": {
                "meta": {
                    "table": "directus_files",
                    "type": "item"
                },
                "data": {
                    "id": 3,
                    "status": 1,
                    "name": "dca9ee73d2b97a10448dc82283b54e48.PNG",
                    "title": "Capture",
                    "location": "",
                    "caption": "",
                    "type": "image\/png",
                    "charset": "binary",
                    "tags": "",
                    "width": 476,
                    "height": 439,
                    "size": 17543,
                    "embed_id": null,
                    "user": 1,
                    "date_uploaded": "2018-07-13T10:24:35-04:00",
                    "storage_adapter": "local",
                    "url": "\/storage\/uploads\/dca9ee73d2b97a10448dc82283b54e48.PNG",
                    "thumbnail_url": "\/storage\/uploads\/thumbs\/3.PNG",
                    "old_thumbnail_url": "\/storage\/uploads\/thumbs\/dca9ee73d2b97a10448dc82283b54e48-PNG-160-160-true.jpg",
                    "html": null
                }
            },
            "category": {
                "meta": {
                    "table": "category",
                    "type": "item"
                },
                "data": {
                    "id": 2,
                    "status": 1,
                    "sort": null,
                    "name": "Sports",
                    "slug": null
                }
            }
        }
    ]
}

But in case of other usergroup which requires access token column is hidden from endpoint

Steps to Reproduce

Schema Dump, Logs, or Screenshots
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
v6
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@benhaynes