Commit a43f71ec authored by Stan Hu's avatar Stan Hu

Hide project variables values by default

Add a button to reveal/hide the values to help prevent accidental
disclosure of sensitive information from wandering on a page.

Closes #21358
parent f70a6f3d
...@@ -208,6 +208,9 @@ ...@@ -208,6 +208,9 @@
new gl.ProtectedBranchCreate(); new gl.ProtectedBranchCreate();
new gl.ProtectedBranchEditList(); new gl.ProtectedBranchEditList();
break; break;
case 'projects:variables:index':
new gl.ProjectVariables();
break;
} }
switch (path.first()) { switch (path.first()) {
case 'admin': case 'admin':
......
/* eslint-disable */
((global) => {
const HIDDEN_VALUE_TEXT = '******';
class ProjectVariables {
constructor() {
this.$reveal = $('.js-btn-toggle-reveal-values');
this.$reveal.on('click', this.toggleRevealState.bind(this));
}
toggleRevealState(event) {
event.preventDefault();
const $btn = $(event.currentTarget);
const oldStatus = $btn.attr('data-status');
if (oldStatus == 'hidden') {
[newStatus, newAction] = ['revealed', 'Hide Values'];
} else {
[newStatus, newAction] = ['hidden', 'Reveal Values'];
}
$btn.attr('data-status', newStatus);
$variables = $('.variable-value');
for (let variable of $variables) {
let $variable = $(variable);
let newText = HIDDEN_VALUE_TEXT;
if (newStatus == 'revealed') {
newText = $variable.attr('data-value');
}
$variable.text(newText);
}
$btn.text(newAction);
}
}
global.ProjectVariables = ProjectVariables;
})(window.gl || (window.gl = {}));
...@@ -876,3 +876,11 @@ pre.light-well { ...@@ -876,3 +876,11 @@ pre.light-well {
pointer-events: none; pointer-events: none;
} }
} }
.variables-table {
table-layout: fixed;
.variable-key {
width: 30%;
}
}
...@@ -12,8 +12,8 @@ ...@@ -12,8 +12,8 @@
- @project.variables.order_key_asc.each do |variable| - @project.variables.order_key_asc.each do |variable|
- if variable.id? - if variable.id?
%tr %tr
%td= variable.key %td.variable-key= variable.key
%td= variable.value %td.variable-value{ "data-value" => variable.value }******
%td %td
= link_to namespace_project_variable_path(@project.namespace, @project, variable), class: "btn btn-transparent btn-variable-edit" do = link_to namespace_project_variable_path(@project.namespace, @project, variable), class: "btn btn-transparent btn-variable-edit" do
%span.sr-only %span.sr-only
......
...@@ -15,3 +15,4 @@ ...@@ -15,3 +15,4 @@
No variables found, add one with the form above. No variables found, add one with the form above.
- else - else
= render "table" = render "table"
%button.btn.btn-info.js-btn-toggle-reveal-values{"data-status" => 'hidden'} Reveal Values
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment