🛂 Prevent non-admin users from writing changes to disk

2021-06-21 11:53:10 +01:00 · 2021-06-21 11:53:10 +01:00 · 6f809460ff
parent f1f227d41f
commit 6f809460ff
2 changed files with 32 additions and 3 deletions
--- a/src/components/Configuration/JsonEditor.vue
+++ b/src/components/Configuration/JsonEditor.vue
@ -10,11 +10,13 @@
    <div class="save-options">
      <span class="save-option-title">Save Location:</span>
      <div class="option">
-        <input type="radio" id="local" value="local" v-model="saveMode" class="radio-option" />
+        <input type="radio" id="local" value="local"
+          v-model="saveMode" class="radio-option" :disabled="!isAdmin" />
        <label for="local" class="save-option-label">Apply Locally</label>
      </div>
      <div class="option">
-        <input type="radio" id="file" value="file" v-model="saveMode" class="radio-option" />
+        <input type="radio" id="file" value="file" v-model="saveMode" class="radio-option"
+          :disabled="!isAdmin" />
        <label for="file" class="save-option-label">Write Changes to Config File</label>
      </div>
    </div>
@ -52,6 +54,7 @@ import VJsoneditor from 'v-jsoneditor';
 import { localStorageKeys } from '@/utils/defaults';
 import configSchema from '@/utils/ConfigSchema.json';
 import JsonToYaml from '@/utils/JsonToYaml';
+import { isUserAdmin } from '@/utils/Auth';
 import axios from 'axios';

 export default {
@ -77,6 +80,7 @@ export default {
      jsonParser: JsonToYaml,
      responseText: '',
      saveSuccess: undefined,
+      isAdmin: isUserAdmin(this.config.appConfig.auth),
    };
  },
  computed: {
@ -84,9 +88,12 @@ export default {
      return this.errorMessages.length < 1;
    },
  },
+  mounted() {
+    if (!this.isAdmin) this.saveMode = 'local';
+  },
  methods: {
    save() {
-      if (this.saveMode === 'local') {
+      if (this.saveMode === 'local' || !this.isAdmin) {
        this.saveConfigLocally();
      } else if (this.saveMode === 'file') {
        this.writeConfigToDisk();
--- a/src/utils/Auth.js
+++ b/src/utils/Auth.js
@ -50,3 +50,25 @@ export const logout = () => {
  document.cookie = 'authenticationToken=null';
  localStorage.removeItem(localStorageKeys.USERNAME);
 };
+
+/**
+ * Checks if the current user has admin privileges.
+ * If no users are setup, then function will always return true
+ * But if auth is configured, then will verify user is correctly
+ * logged in and then check weather they are of type admin, and
+ * return false if any conditions fail
+ * @param users[] : Array of users
+ * @returns Boolean : True if admin privileges
+ */
+export const isUserAdmin = (users) => {
+  if (!users || users.length === 0) return true; // Authentication not setup
+  if (!isLoggedIn(users)) return false; // Auth setup, but not signed in as a valid user
+  const currentUser = localStorage[localStorageKeys.USERNAME];
+  let isAdmin = false;
+  users.forEach((user) => {
+    if (user.user === currentUser) {
+      if (user.type === 'admin') isAdmin = true;
+    }
+  });
+  return isAdmin;
+};