feat: limit zone list for users on servers endpoint (#862)

2021-01-16 20:45:02 +01:00 · 2021-01-16 20:45:02 +01:00 · 718b41e3d1
parent dd0a5f6326
commit 718b41e3d1
1 changed files with 9 additions and 1 deletions
--- a/powerdnsadmin/routes/api.py
+++ b/powerdnsadmin/routes/api.py
@ -971,7 +971,15 @@ def api_get_zones(server_id):
        return jsonify(domain_schema.dump(domain_obj_list)), 200
    else:
        resp = helper.forward_request()
-        return resp.content, resp.status_code, resp.headers.items()
+        if (g.apikey.role.name not in ['Administrator', 'Operator']
+            and resp.status_code == 200):
+            domain_list = [d['name']
+                           for d in domain_schema.dump(g.apikey.domains)]
+            content = json.dumps([i for i in json.loads(resp.content)
+                                  if i['name'].rstrip('.') in domain_list])
+            return content, resp.status_code, resp.headers.items()
+        else:
+            return resp.content, resp.status_code, resp.headers.items()


@api_bp.route('/servers', methods=['GET'])