From 1a6a26204e3d4f4d4bfae076e988ab393e501124 Mon Sep 17 00:00:00 2001
From: Matthias <matthias.mair@oewf.org>
Date: Sat, 20 Nov 2021 00:24:17 +0100
Subject: [PATCH] make sure protected values are never exposed

---
 InvenTree/common/serializers.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/InvenTree/common/serializers.py b/InvenTree/common/serializers.py
index 4a27e3f30e..60eb609dc1 100644
--- a/InvenTree/common/serializers.py
+++ b/InvenTree/common/serializers.py
@@ -45,6 +45,18 @@ class SettingsSerializer(InvenTreeModelSerializer):
 
         return results
 
+    def get_value(self, obj):
+        """
+        Make sure protected values are not returned
+        """
+        result = obj.value
+
+        # never return protected values
+        if obj.is_protected:
+            result = '***'
+
+        return result
+
 
 class GlobalSettingsSerializer(SettingsSerializer):
     """