From 6f809460ff4c74ef11a921b24568cddf80491fdf Mon Sep 17 00:00:00 2001
From: Alicia Sykes <sykes.alicia@gmail.com>
Date: Mon, 21 Jun 2021 11:53:10 +0100
Subject: [PATCH] :passport_control: Prevent non-admin users from writing
 changes to disk

---
 src/components/Configuration/JsonEditor.vue | 13 +++++++++---
 src/utils/Auth.js                           | 22 +++++++++++++++++++++
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/src/components/Configuration/JsonEditor.vue b/src/components/Configuration/JsonEditor.vue
index dc0f568b..26b46ff2 100644
--- a/src/components/Configuration/JsonEditor.vue
+++ b/src/components/Configuration/JsonEditor.vue
@@ -10,11 +10,13 @@
     <div class="save-options">
       <span class="save-option-title">Save Location:</span>
       <div class="option">
-        <input type="radio" id="local" value="local" v-model="saveMode" class="radio-option" />
+        <input type="radio" id="local" value="local"
+          v-model="saveMode" class="radio-option" :disabled="!isAdmin" />
         <label for="local" class="save-option-label">Apply Locally</label>
       </div>
       <div class="option">
-        <input type="radio" id="file" value="file" v-model="saveMode" class="radio-option" />
+        <input type="radio" id="file" value="file" v-model="saveMode" class="radio-option"
+          :disabled="!isAdmin" />
         <label for="file" class="save-option-label">Write Changes to Config File</label>
       </div>
     </div>
@@ -52,6 +54,7 @@ import VJsoneditor from 'v-jsoneditor';
 import { localStorageKeys } from '@/utils/defaults';
 import configSchema from '@/utils/ConfigSchema.json';
 import JsonToYaml from '@/utils/JsonToYaml';
+import { isUserAdmin } from '@/utils/Auth';
 import axios from 'axios';
 
 export default {
@@ -77,6 +80,7 @@ export default {
       jsonParser: JsonToYaml,
       responseText: '',
       saveSuccess: undefined,
+      isAdmin: isUserAdmin(this.config.appConfig.auth),
     };
   },
   computed: {
@@ -84,9 +88,12 @@ export default {
       return this.errorMessages.length < 1;
     },
   },
+  mounted() {
+    if (!this.isAdmin) this.saveMode = 'local';
+  },
   methods: {
     save() {
-      if (this.saveMode === 'local') {
+      if (this.saveMode === 'local' || !this.isAdmin) {
         this.saveConfigLocally();
       } else if (this.saveMode === 'file') {
         this.writeConfigToDisk();
diff --git a/src/utils/Auth.js b/src/utils/Auth.js
index 296a3ca9..563c5e13 100644
--- a/src/utils/Auth.js
+++ b/src/utils/Auth.js
@@ -50,3 +50,25 @@ export const logout = () => {
   document.cookie = 'authenticationToken=null';
   localStorage.removeItem(localStorageKeys.USERNAME);
 };
+
+/**
+ * Checks if the current user has admin privileges.
+ * If no users are setup, then function will always return true
+ * But if auth is configured, then will verify user is correctly
+ * logged in and then check weather they are of type admin, and
+ * return false if any conditions fail
+ * @param users[] : Array of users
+ * @returns Boolean : True if admin privileges
+ */
+export const isUserAdmin = (users) => {
+  if (!users || users.length === 0) return true; // Authentication not setup
+  if (!isLoggedIn(users)) return false; // Auth setup, but not signed in as a valid user
+  const currentUser = localStorage[localStorageKeys.USERNAME];
+  let isAdmin = false;
+  users.forEach((user) => {
+    if (user.user === currentUser) {
+      if (user.type === 'admin') isAdmin = true;
+    }
+  });
+  return isAdmin;
+};