Addressing 4.6 "Internal IP Leakage"

Change-Id: I7ff0059fdb2b2d3b5841bc8883139d23c1e43b10

stacktask/api/models.py

@@ -68,7 +68,7 @@ class Task(models.Model):
     def notifications(self):
         return self.notification_set.all()
 
-    def to_dict(self):
+    def _to_dict(self):
         actions = []
         for action in self.actions:
             actions.append({
@@ -93,6 +93,14 @@ class Task(models.Model):
             "completed_on": self.completed_on,
         }
 
+    def to_dict(self):
+        """
+        Slightly safer variant of the above for non-admin.
+        """
+        task_dict = self._to_dict()
+        task_dict.pop("ip_address")
+        return task_dict
+
     def add_action_note(self, action, note):
         if action in self.action_notes:
             self.action_notes[action].append(note)

stacktask/api/v1/views.py

@@ -164,7 +164,7 @@ class TaskList(APIViewWithLogger):
                 tasks = Task.objects.all()
             task_list = []
             for task in tasks:
-                task_list.append(task.to_dict())
+                task_list.append(task._to_dict())
             return Response({'tasks': task_list}, status=200)
         else:
             if filters:
@@ -196,14 +196,15 @@ class TaskDetail(APIViewWithLogger):
         try:
             if 'admin' in request.keystone_user['roles']:
                 task = Task.objects.get(uuid=uuid)
+                return Response(task._to_dict())
             else:
                 task = Task.objects.get(
                     uuid=uuid, project_id=request.keystone_user['project_id'])
+                return Response(task.to_dict())
         except Task.DoesNotExist:
             return Response(
                 {'errors': ['No task with this id.']},
                 status=404)
-        return Response(task.to_dict())
 
     @utils.admin
     def put(self, request, uuid, format=None):