Formatting and adding routing checks to push the user out of admin menus when they are not an admin.
This commit is contained in:
parent
348c61a8c5
commit
59de40c4ef
|
@ -1,5 +1,12 @@
|
||||||
<script>
|
<script>
|
||||||
|
import { redirect } from "@roxi/routify"
|
||||||
import { Page } from "@budibase/bbui"
|
import { Page } from "@budibase/bbui"
|
||||||
|
import { auth } from "../../../../../stores/portal"
|
||||||
|
|
||||||
|
// only admins allowed here
|
||||||
|
if (!$auth.isAdmin) {
|
||||||
|
$redirect("../../../portal")
|
||||||
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
<Page>
|
<Page>
|
||||||
|
|
|
@ -1,5 +1,12 @@
|
||||||
<script>
|
<script>
|
||||||
import { email } from "stores/portal"
|
import { redirect } from "@roxi/routify"
|
||||||
|
import { auth, email } from "stores/portal"
|
||||||
|
|
||||||
|
// only admins allowed here
|
||||||
|
if (!$auth.isAdmin) {
|
||||||
|
$redirect("../../../portal")
|
||||||
|
}
|
||||||
|
|
||||||
email.templates.fetch()
|
email.templates.fetch()
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,12 @@
|
||||||
<script>
|
<script>
|
||||||
import { Page } from "@budibase/bbui"
|
import { Page } from "@budibase/bbui"
|
||||||
|
import { auth } from "../../../../../stores/portal"
|
||||||
|
import { redirect } from "@roxi/routify"
|
||||||
|
|
||||||
|
// only admins allowed here
|
||||||
|
if (!$auth.isAdmin) {
|
||||||
|
$redirect("../../../portal")
|
||||||
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
<Page>
|
<Page>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
<script>
|
<script>
|
||||||
import { goto } from "@roxi/routify"
|
import { goto } from "@roxi/routify"
|
||||||
$goto("./general")
|
$goto("./organisation")
|
||||||
</script>
|
</script>
|
||||||
|
|
|
@ -11,10 +11,16 @@
|
||||||
Dropzone,
|
Dropzone,
|
||||||
notifications,
|
notifications,
|
||||||
} from "@budibase/bbui"
|
} from "@budibase/bbui"
|
||||||
import { organisation } from "stores/portal"
|
import { auth, organisation } from "stores/portal"
|
||||||
import { post } from "builderStore/api"
|
import { post } from "builderStore/api"
|
||||||
import analytics from "analytics"
|
import analytics from "analytics"
|
||||||
import { writable } from "svelte/store"
|
import { writable } from "svelte/store"
|
||||||
|
import { redirect } from "@roxi/routify"
|
||||||
|
|
||||||
|
// only admins allowed here
|
||||||
|
if (!$auth.isAdmin) {
|
||||||
|
$redirect("../../portal")
|
||||||
|
}
|
||||||
|
|
||||||
const values = writable({
|
const values = writable({
|
||||||
analytics: !analytics.disabled(),
|
analytics: !analytics.disabled(),
|
||||||
|
|
|
@ -5,19 +5,27 @@ export function createAuthStore() {
|
||||||
const user = writable(null)
|
const user = writable(null)
|
||||||
const store = derived(user, $user => {
|
const store = derived(user, $user => {
|
||||||
let initials = null
|
let initials = null
|
||||||
|
let isAdmin = false
|
||||||
|
let isBuilder = false
|
||||||
if ($user) {
|
if ($user) {
|
||||||
if ($user.firstName) {
|
if ($user.firstName) {
|
||||||
initials = $user.firstName[0]
|
initials = $user.firstName[0]
|
||||||
if ($user.lastName) {
|
if ($user.lastName) {
|
||||||
initials += $user.lastName[0]
|
initials += $user.lastName[0]
|
||||||
}
|
}
|
||||||
} else {
|
} else if ($user.email) {
|
||||||
initials = $user.email[0]
|
initials = $user.email[0]
|
||||||
|
} else {
|
||||||
|
initials = "Unknown"
|
||||||
}
|
}
|
||||||
|
isAdmin = !!$user.admin?.global
|
||||||
|
isBuilder = !!$user.builder?.global
|
||||||
}
|
}
|
||||||
return {
|
return {
|
||||||
user: $user,
|
user: $user,
|
||||||
initials,
|
initials,
|
||||||
|
isAdmin,
|
||||||
|
isBuilder,
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -29,6 +37,7 @@ export function createAuthStore() {
|
||||||
user.set(null)
|
user.set(null)
|
||||||
} else {
|
} else {
|
||||||
const json = await response.json()
|
const json = await response.json()
|
||||||
|
console.log(json)
|
||||||
user.set(json)
|
user.set(json)
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -56,7 +56,6 @@ router
|
||||||
)
|
)
|
||||||
.get("/api/admin/users", adminOnly, controller.fetch)
|
.get("/api/admin/users", adminOnly, controller.fetch)
|
||||||
.delete("/api/admin/users/:id", adminOnly, controller.destroy)
|
.delete("/api/admin/users/:id", adminOnly, controller.destroy)
|
||||||
.get("/api/admin/users/:id", adminOnly, controller.find)
|
|
||||||
.get("/api/admin/roles/:appId")
|
.get("/api/admin/roles/:appId")
|
||||||
.post(
|
.post(
|
||||||
"/api/admin/users/invite",
|
"/api/admin/users/invite",
|
||||||
|
@ -77,5 +76,7 @@ router
|
||||||
)
|
)
|
||||||
.post("/api/admin/users/init", controller.adminUser)
|
.post("/api/admin/users/init", controller.adminUser)
|
||||||
.get("/api/admin/users/self", controller.getSelf)
|
.get("/api/admin/users/self", controller.getSelf)
|
||||||
|
// admin endpoint but needs to come at end (blocks other endpoints otherwise)
|
||||||
|
.get("/api/admin/users/:id", adminOnly, controller.find)
|
||||||
|
|
||||||
module.exports = router
|
module.exports = router
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
module.exports = async (ctx, next) => {
|
module.exports = async (ctx, next) => {
|
||||||
if (!ctx.internal && (!ctx.user || !ctx.user.admin || !ctx.user.admin.global)) {
|
if (
|
||||||
|
!ctx.internal &&
|
||||||
|
(!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
|
||||||
|
) {
|
||||||
ctx.throw(403, "Admin user only endpoint.")
|
ctx.throw(403, "Admin user only endpoint.")
|
||||||
}
|
}
|
||||||
return next()
|
return next()
|
||||||
|
|
Loading…
Reference in New Issue