jobs: hide job arguments and errors from non-admins.

These can sometimes contain sensitive information, such as IP addresses or what files a user is trying to upload.
2022-01-04 17:20:43 -06:00
parent 82211ba935
commit f38910f0a2
2 changed files with 14 additions and 2 deletions
--- a/app/views/jobs/index.html.erb
+++ b/app/views/jobs/index.html.erb
@@ -14,11 +14,13 @@
      <% end %>

      <% t.column "Details", td: { class: "col-expand" } do |job| %>
-        <%= job.serialized_params["arguments"] %>
+        <% if policy(job).can_see_params? %>
+          <%= job.serialized_params["arguments"] %>
+        <% end %>
      <% end %>

      <% t.column "Error", td: { class: "col-expand" } do |job| %>
-        <% if job.error.present? %>
+        <% if policy(job).can_see_params? && job.error.present? %>
          <%= job.error %>
        <% end %>
      <% end %>