Skip to content

Commit

Permalink
Only allow admin to manage users
Browse files Browse the repository at this point in the history
  • Loading branch information
@RadhiFadlillah
RadhiFadlillah committed Mar 24, 2020
1 parent c1f27ed commit b184599
Show file tree
Hide file tree
Showing 10 changed files with 59 additions and 39 deletions.
9 changes: 9 additions & 0 deletions internal/backend/backend.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,5 +109,14 @@ func ServeApp(db *sqlx.DB, port int) error {
}

func authenticationRules(user model.User, method, url string) bool {
// For user management, onloy allow if user is admin
switch url {
case "/api/user",
"/api/users",
"/api/user/password",
"/api/user/password/reset":
return user.Admin
}

return true
}
48 changes: 24 additions & 24 deletions internal/backend/ui/assets-prod.go
View file

Large diffs are not rendered by default.

5 changes: 5 additions & 0 deletions internal/view/js/dialogs/form-user.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ export function DialogFormUser() {
name: "username",
label: i18n("Username"),
required: true
}, {
name: "admin",
label: i18n("User is administrator"),
type: "boolean",
required: true,
}]

formFields.forEach((field, i) => {
Expand Down
2 changes: 1 addition & 1 deletion internal/view/js/dialogs/form-user.min.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions internal/view/js/i18n/english.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,4 +153,7 @@ export default new Map([
["Old password"],
["New password"],
["Repeat"],

// Form user
["User is administrator"],
])
2 changes: 1 addition & 1 deletion internal/view/js/i18n/english.min.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions internal/view/js/i18n/indonesia.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,4 +153,7 @@ export default new Map([
["Old password", "Password lama"],
["New password", "Password baru"],
["Repeat", "Ulangi"],

// Form user
["User is administrator", "User adalah administrator"],
])
2 changes: 1 addition & 1 deletion internal/view/js/i18n/indonesia.min.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 11 additions & 11 deletions internal/view/js/pages/root.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,30 +208,30 @@ export function Root() {
caption: i18n("Money chart"),
href: "#!/chart"
})),
m(Button, sidebarAttrs("users", {
icon: "fa-user-cog",
caption: i18n("User management"),
href: "#!/users"
})),
m(".sidebar__spacer"),
m(Button, sidebarAttrs(null, {
icon: "fa-flag",
caption: i18n("Change language"),
onclick() { state.dlgLanguage.visible = true }
})),
m(Button, sidebarAttrs(null, {
icon: "fa-key",
caption: i18n("Change password"),
onclick() { state.dlgPassword.visible = true }
})),
m(Button, sidebarAttrs(null, {
icon: "fa-sign-out-alt",
caption: i18n("Logout"),
onclick() { state.dlgLogout.visible = true }
})),
]

if (state.user != null) {
sidebarButtons.splice(5, 0,
m(Button, sidebarAttrs(null, {
icon: "fa-key",
caption: i18n("Change password"),
onclick() { state.dlgPassword.visible = true }
if (state.user != null && state.user.admin) {
sidebarButtons.splice(2, 0,
m(Button, sidebarAttrs("users", {
icon: "fa-user-cog",
caption: i18n("User management"),
href: "#!/users"
}))
)
}
Expand Down
Loading

0 comments on commit b184599

Please sign in to comment.