Skip to content

Allow graphs to not be anonymous #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dbaseqp merged 1 commit into from
Jan 29, 2026
Merged

Allow graphs to not be anonymous #128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions engine/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,9 +128,10 @@ type MiscConfig struct {
}

type UIConfig struct {
EnablePublicGraphs bool
DisableGraphsForBlueTeam bool
ShowAnnouncementsForRedTeam bool
EnablePublicGraphs bool
DisableGraphsForBlueTeam bool
AllowNonAnonymizedGraphsForBlueTeam bool
ShowAnnouncementsForRedTeam bool
}

type User struct {
Expand Down
42 changes: 24 additions & 18 deletions www/api/graphs.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,12 @@ func GetServiceStatus(w http.ResponseWriter, r *http.Request) {
series = append(series, s)
}

if shouldScrub(r) {
for i := range series {
series[i].Name = "Team"
Copy link

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When scrubbing team names, the team ID is still exposed in the Series struct. This defeats the purpose of anonymization since clients can still identify teams by their IDs. Consider also scrubbing or removing the ID field when shouldScrub returns true, similar to how the Name field is scrubbed.

Suggested change
series[i].Name = "Team"
series[i].Name = "Team"
series[i].ID = 0

Copilot uses AI. Check for mistakes.
}
}

data := map[string]any{"series": series, "roundID": round.ID}
WriteJSON(w, http.StatusOK, data)
}
Expand Down Expand Up @@ -126,15 +132,8 @@ func GetScoreStatus(w http.ResponseWriter, r *http.Request) {
}
}

if r.Context().Value("roles") != nil {
req_roles := r.Context().Value("roles").([]string)
if !slices.Contains(req_roles, "admin") {
for i, _ := range series {
series[i].Name = "Team"
}
}
} else {
for i, _ := range series {
if shouldScrub(r) {
for i := range series {
series[i].Name = "Team"
}
}
Expand Down Expand Up @@ -207,19 +206,26 @@ func GetUptimeStatus(w http.ResponseWriter, r *http.Request) {
series = append(series, s)
}

if r.Context().Value("roles") != nil {
req_roles := r.Context().Value("roles").([]string)
if !slices.Contains(req_roles, "admin") {
for i, _ := range series {
series[i].Name = "Team"
}
}
} else {
for i, _ := range series {
if shouldScrub(r) {
for i := range series {
series[i].Name = "Team"
}
}

data := map[string]any{"series": series}
WriteJSON(w, http.StatusOK, data)
}

func shouldScrub(r *http.Request) bool {
if r.Context().Value("roles") != nil {
req_roles := r.Context().Value("roles").([]string)
if slices.Contains(req_roles, "admin") {
return false
}
}

if conf.UISettings.AllowNonAnonymizedGraphsForBlueTeam {
return false
}
Comment on lines +220 to +229
Copy link

Copilot AI Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current implementation of AllowNonAnonymizedGraphsForBlueTeam affects all non-admin users, including red team members and anonymous users. Based on the config name and the issue description ("Add team numbers to score graphs for blue teams"), this setting should likely only apply to users with the "team" role. Consider checking for the "team" role before returning false here. For example: if the config is enabled AND the user has the "team" role, then don't scrub. This would prevent red team members and anonymous users from seeing team identities when they shouldn't.

Suggested change
if r.Context().Value("roles") != nil {
req_roles := r.Context().Value("roles").([]string)
if slices.Contains(req_roles, "admin") {
return false
}
}
if conf.UISettings.AllowNonAnonymizedGraphsForBlueTeam {
return false
}
rolesVal := r.Context().Value("roles")
if rolesVal != nil {
if reqRoles, ok := rolesVal.([]string); ok {
if slices.Contains(reqRoles, "admin") {
return false
}
if conf.UISettings.AllowNonAnonymizedGraphsForBlueTeam && slices.Contains(reqRoles, "team") {
return false
}
}
}

Copilot uses AI. Check for mistakes.
return true
}
Loading