tyler.durden
/
dashy
mirror of https://github.com/Lissy93/dashy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🛂 Prevent non-admin users from writing changes to disk

This commit is contained in:
Alicia Sykes 2021-06-21 11:53:10 +01:00
parent f1f227d41f
commit 6f809460ff
2 changed files with 32 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/components/Configuration/JsonEditor.vue
View File

@ -10,11 +10,13 @@
<div class="save-options"> <div class="save-options">
<span class="save-option-title">Save Location:</span> <span class="save-option-title">Save Location:</span>
<div class="option"> <div class="option">
<input type="radio" id="local" value="local" v-model="saveMode" class="radio-option" /> <input type="radio" id="local" value="local"
v-model="saveMode" class="radio-option" :disabled="!isAdmin" />
<label for="local" class="save-option-label">Apply Locally</label> <label for="local" class="save-option-label">Apply Locally</label>
</div> </div>
<div class="option"> <div class="option">
<input type="radio" id="file" value="file" v-model="saveMode" class="radio-option" /> <input type="radio" id="file" value="file" v-model="saveMode" class="radio-option"
:disabled="!isAdmin" />
<label for="file" class="save-option-label">Write Changes to Config File</label> <label for="file" class="save-option-label">Write Changes to Config File</label>
</div> </div>
</div> </div>
@ -52,6 +54,7 @@ import VJsoneditor from 'v-jsoneditor';
import { localStorageKeys } from '@/utils/defaults'; import { localStorageKeys } from '@/utils/defaults';
import configSchema from '@/utils/ConfigSchema.json'; import configSchema from '@/utils/ConfigSchema.json';
import JsonToYaml from '@/utils/JsonToYaml'; import JsonToYaml from '@/utils/JsonToYaml';
import { isUserAdmin } from '@/utils/Auth';
import axios from 'axios'; import axios from 'axios';
export default { export default {
@ -77,6 +80,7 @@ export default {
jsonParser: JsonToYaml, jsonParser: JsonToYaml,
responseText: '', responseText: '',
saveSuccess: undefined, saveSuccess: undefined,
isAdmin: isUserAdmin(this.config.appConfig.auth),
}; };
}, },
computed: { computed: {
@ -84,9 +88,12 @@ export default {
return this.errorMessages.length < 1; return this.errorMessages.length < 1;
}, },
}, },
mounted() {
if (!this.isAdmin) this.saveMode = 'local';
},
methods: { methods: {
save() { save() {
if (this.saveMode === 'local') { if (this.saveMode === 'local' || !this.isAdmin) {
this.saveConfigLocally(); this.saveConfigLocally();
} else if (this.saveMode === 'file') { } else if (this.saveMode === 'file') {
this.writeConfigToDisk(); this.writeConfigToDisk();

22
src/utils/Auth.js
View File

@ -50,3 +50,25 @@ export const logout = () => {
document.cookie = 'authenticationToken=null'; document.cookie = 'authenticationToken=null';
localStorage.removeItem(localStorageKeys.USERNAME); localStorage.removeItem(localStorageKeys.USERNAME);
}; };
/**
* Checks if the current user has admin privileges.
* If no users are setup, then function will always return true
* But if auth is configured, then will verify user is correctly
* logged in and then check weather they are of type admin, and
* return false if any conditions fail
* @param users[] : Array of users
* @returns Boolean : True if admin privileges
*/
export const isUserAdmin = (users) => {
if (!users || users.length === 0) return true; // Authentication not setup
if (!isLoggedIn(users)) return false; // Auth setup, but not signed in as a valid user
const currentUser = localStorage[localStorageKeys.USERNAME];
let isAdmin = false;
users.forEach((user) => {
if (user.user === currentUser) {
if (user.type === 'admin') isAdmin = true;
}
});
return isAdmin;
};