From ed07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 Mon Sep 17 00:00:00 2001
From: st782s <statta@research.att.com>
Date: Wed, 22 Nov 2017 11:41:10 -0500
Subject: Harden code

Issue-ID: PORTAL-145,PORTAL-119
Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui

Change-Id: I85fad4d3fcee3243207b8f0dfe21beaa41602204
Signed-off-by: st782s <statta@research.att.com>
---
 .../DS2-view-models/ds2-admin/role-function.html   | 11 ++++++-----
 .../DS2-view-models/ds2-admin/role_list.html       | 22 ++++++++++++----------
 2 files changed, 18 insertions(+), 15 deletions(-)

(limited to 'ecomp-sdk/epsdk-app-overlay/src/main/webapp/app')

diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role-function.html b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role-function.html
index cab8c682..55f2980b 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role-function.html
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role-function.html
@@ -1,12 +1,13 @@
 <div id="page-content">
 	<h1 class="heading-page" id="profileSearch">Role Function</h1>
+	<span class= "heading-small" ng-if="isAppCentralized=='true'"><b>Please go to portal to Manage Role Function.</b></span>
 	<div ng-show="showLoader" class="span loader-container">
 		<i class="icon-primary-spinner" role="img"
 			aria-label="Please wait while we load your content"></i>
 	</div>
 	<div ng-hide="showLoader">
 		<div class="row-nowrap">
-			<div class="span12">
+			<div class="span12" ng-if="isAppCentralized=='false'">
 				<div class="form-row">
 					<div class="field-group">
 						<button class="btn btn-alt btn-medium" type="button"
@@ -38,20 +39,20 @@
 					<tr>
 						<th b2b-table-header key="name">Name</th>
 						<th b2b-table-header key="code">Code</th>
-						<th b2b-table-header sortable="false">Edit</th>
-						<th b2b-table-header sortable="false">Delete</th>
+						<th b2b-table-header sortable="false" ng-if="isAppCentralized=='false'">Edit</th>
+						<th b2b-table-header sortable="false" ng-if="isAppCentralized=='false'">Delete</th>
 					</tr>
 				</thead>
 				<tbody b2b-table-row type="body" row-repeat="rowData in tableData">
 					<tr>
 						<td b2b-table-body ng-bind="rowData['name']"></td>
 						<td b2b-table-body ng-bind="rowData['code']"></td>
-						<td b2b-table-body>
+						<td b2b-table-body ng-if="isAppCentralized=='false'">
 							<div style="font-size: 20px;">
 								<a ng-click="saveRoleFuncPopUp(rowData);" class="icon-misc-pen"></a>
 							</div>
 						</td>
-						<td b2b-table-body>
+						<td b2b-table-body ng-if="isAppCentralized=='false'">
 							<div style="font-size: 20px;">
 								<a href="javascript:void(0)"
 									ng-click="delRoleFuncConfirmPopUp(rowData);"
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html
index 5c407390..e325b8ab 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-admin/role_list.html
@@ -1,6 +1,7 @@
 <div id="page-content">
 	<div>
 		<h1 class="heading-page" id="Roles">Roles</h1>
+		<span class= "heading-small" ng-if="isAppCentralized=='true'"><b>Please go to portal to Manage Roles.</b></span>
 	</div>
 	<div ng-show="showLoader" class="span loader-container">
 		<i class="icon-primary-spinner" role="img"
@@ -8,34 +9,35 @@
 	</div>
 	<div ng-hide="showLoader">
 		<div>
-			 <button type="submit" onClick="window.location='admin#/role/0';" class="btn btn-alt btn-small">Add New Role</button>
+			 <button type="submit" ng-click="addRoleFuncPopUp(rowData);" class="btn btn-alt btn-small" ng-if="isAppCentralized=='false'">Add New Role</button>
 		</div>
-		<h2 class="heading-small">Click on a Role to view its details.</h2>
+		<h2 class="heading-small" ng-if="isAppCentralized=='false'">Click on a Role to view its details.</h2>
 			<table class="striped" ng-if="availableRoleFunctions" style="width: auto;">
 				<thead> 
 					<tr>
 						<th>Name</th>
 						<th>Priority</th>
-						<th>Edit</th>
-						<th>Active?</th>
-						<th>Delete?</th>
+						<th ng-if="isAppCentralized=='false'">Edit</th>
+						<th ng-if="isAppCentralized=='false'">Active?</th>
+						<th ng-if="isAppCentralized=='false'">Delete?</th>
 					</tr>
 				</thead>
 				<tbody type="body" ng-repeat="availableRole in  ociavailableRoles">
 					<tr>
 						<td>{{ availableRole.name }}</td>
 						<td>{{ availableRole.priority }}</td>
-						<td>
+						<div ng-if="isAppCentralized=='false'">
+						<td ng-if="isAppCentralized=='false'">
 							<a href="admin#/role/{{availableRole.id}}" class="icon-misc-pen"></a>
 						</td>
-						<td>
-					    	<div >
+						<td ng-if="isAppCentralized=='false'">
+					    	<div>
 					    		<label class="btn-switch-label" tabindex="0" role="option">
-									<input type="checkbox" b2b-switches ng-model="availableRole.active" ng-click="activateRoleConfirmPopUp(availableRole.active,availableRole);" >
+									<input type="checkbox" b2b-switches ng-model="availableRole.active" ng-click="activateRoleConfirmPopUp(availableRole.active,availableRole);">
 							    </label> 
 					    	</div>
 				    	</td>
-				    	<td width="10%">
+				    	<td width="10%" ng-if="isAppCentralized=='false'">
 				    		<div ng-click="delRoleConfirmPopUp(availableRole);"><a href="javascript:void(0)" class="icon-misc-trash"></a></div>
 				     	</td>
 					</tr>
-- 
cgit 1.2.3-korg