[change] Hide senstive fields on shared objects from non-superuser

pandafy · pandafy · commit c75c6b50820c · 2025-07-08T23:12:14.000+05:30
diff --git a/openwisp_controller/config/migrations/0061_update_groups_permissions.py b/openwisp_controller/config/migrations/0061_update_groups_permissions.py
@@ -5,7 +5,7 @@
 
 class Migration(migrations.Migration):
     dependencies = [
-        ("config", "0059_zerotier_templates_ow_zt_to_global"),
+        ("config", "0060_cleanup_api_task_notification_types"),
     ]
 
     operations = [
diff --git a/openwisp_controller/connection/admin.py b/openwisp_controller/connection/admin.py
@@ -57,6 +57,7 @@ class CredentialsAdmin(MultitenantAdminMixin, TimeReadonlyAdminMixin, admin.Mode
         "created",
         "modified",
     ]
+    sensitive_fields = ["params"]
 
     def get_urls(self):
         options = getattr(self.model, "_meta")
diff --git a/openwisp_controller/connection/tests/test_admin.py b/openwisp_controller/connection/tests/test_admin.py
@@ -156,6 +156,24 @@ def test_org_admin_view_shared_credentials(self):
             ),
         )
 
+    def test_credential_admin_sensitive_fields(self):
+        """
+        Sensitive fields for shared credentials should be hidden for non-superusers.
+        """
+        org = self._get_org()
+        shared_credentials = self._create_credentials(organization=None)
+        org_credentials = self._create_credentials(organization=org)
+        self._test_sensitive_fields_visibility_on_shared_and_org_objects(
+            sensitive_fields=["params"],
+            shared_obj_path=reverse(
+                f"admin:{self.app_label}_credentials_change", args=(shared_credentials.id,)
+            ),
+            org_obj_path=reverse(
+                f"admin:{self.app_label}_credentials_change", args=(org_credentials.id,)
+            ),
+            organization=org,
+        )
+
 
 class TestCommandInlines(TestAdminMixin, CreateConnectionsMixin, TestCase):
     config_app_label = "config"
diff --git a/openwisp_controller/pki/admin.py b/openwisp_controller/pki/admin.py
@@ -14,6 +14,9 @@
 @admin.register(Ca)
 class CaAdmin(MultitenantAdminMixin, AbstractCaAdmin, VersionAdmin):
     history_latest_first = True
+    sensitive_fields = [
+        "private_key",
+    ]
 
 
 CaAdmin.fields.insert(2, "organization")
@@ -25,6 +28,9 @@ class CaAdmin(MultitenantAdminMixin, AbstractCaAdmin, VersionAdmin):
 @admin.register(Cert)
 class CertAdmin(MultitenantAdminMixin, AbstractCertAdmin, VersionAdmin):
     multitenant_shared_relations = ("ca",)
+    sensitive_fields = [
+        "private_key",
+    ]
     history_latest_first = True
 
 
diff --git a/openwisp_controller/pki/tests/test_admin.py b/openwisp_controller/pki/tests/test_admin.py
@@ -99,6 +99,24 @@ def test_org_admin_view_shared_ca(self):
             path=reverse(f"admin:{self.app_label}_ca_change", args=[ca.pk]),
         )
 
+    def test_ca_admin_sensitive_fields(self):
+        """
+        Sensitive fields for shared CA should be hidden for non-superusers.
+        """
+        org = self._get_org()
+        shared_ca = self._create_ca(organization=None)
+        org_ca = self._create_ca(organization=org)
+        self._test_sensitive_fields_visibility_on_shared_and_org_objects(
+            sensitive_fields=["private_key"],
+            shared_obj_path=reverse(
+                f"admin:{self.app_label}_ca_change", args=(shared_ca.id,)
+            ),
+            org_obj_path=reverse(
+                f"admin:{self.app_label}_ca_change", args=(org_ca.id,)
+            ),
+            organization=org,
+        )
+
     def test_cert_queryset(self):
         data = self._create_multitenancy_test_env(cert=True)
         self._test_multitenant_admin(
@@ -174,6 +192,25 @@ def test_org_admin_view_shared_cert(self):
             path=reverse(f"admin:{self.app_label}_cert_change", args=[shared_cert.pk]),
         )
 
+    def test_cert_admin_sensitive_fields(self):
+        """
+        Sensitive fields for shared certificates should be hidden for non-superusers.
+        """
+        org = self._get_org()
+        shared_ca = self._create_ca(organization=None)
+        shared_cert = self._create_cert(ca=shared_ca, organization=None)
+        org_cert = self._create_cert(ca=shared_ca, organization=org)
+        self._test_sensitive_fields_visibility_on_shared_and_org_objects(
+            sensitive_fields=["private_key"],
+            shared_obj_path=reverse(
+                f"admin:{self.app_label}_cert_change", args=(shared_cert.id,)
+            ),
+            org_obj_path=reverse(
+                f"admin:{self.app_label}_cert_change", args=(org_cert.id,)
+            ),
+            organization=org,
+        )
+
     def test_cert_changeform_200(self):
         org = self._create_org(name="test-org")
         self._create_operator(organizations=[org])

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`
`6`	`6`	`class Migration(migrations.Migration):`
`7`	`7`	`dependencies = [`
`8`		`- ("config", "0059_zerotier_templates_ow_zt_to_global"),`
	`8`	`+ ("config", "0060_cleanup_api_task_notification_types"),`
`9`	`9`	`]`
`10`	`10`
`11`	`11`	`operations = [`
Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,7 @@ class CredentialsAdmin(MultitenantAdminMixin, TimeReadonlyAdminMixin, admin.Mode`
`57`	`57`	`"created",`
`58`	`58`	`"modified",`
`59`	`59`	`]`
	`60`	`+ sensitive_fields = ["params"]`
`60`	`61`
`61`	`62`	`def get_urls(self):`
`62`	`63`	`options = getattr(self.model, "_meta")`