From 196138e128cf9e2f5c5b38306d053c026cadf269 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 29 Aug 2013 17:15:13 -0400 Subject: [PATCH] hide admin panels from non-admin users, addresses #472 --- .../main/webapp/WEB-INF/tags/actionmenu.tag | 1 + .../src/main/webapp/WEB-INF/tags/header.tag | 10 +++ .../src/main/webapp/resources/js/admin.js | 75 +++++++++++++++++-- 3 files changed, 79 insertions(+), 7 deletions(-) diff --git a/openid-connect-server/src/main/webapp/WEB-INF/tags/actionmenu.tag b/openid-connect-server/src/main/webapp/WEB-INF/tags/actionmenu.tag index 3ad79eb61..d8bb3d714 100644 --- a/openid-connect-server/src/main/webapp/WEB-INF/tags/actionmenu.tag +++ b/openid-connect-server/src/main/webapp/WEB-INF/tags/actionmenu.tag @@ -12,5 +12,6 @@
  • Manage Sites
  • Manage Active Tokens
  • Manage Profiles
    • +
  • Developer
  • Self-service client registration
  • diff --git a/openid-connect-server/src/main/webapp/WEB-INF/tags/header.tag b/openid-connect-server/src/main/webapp/WEB-INF/tags/header.tag index 650bfbd18..80a38f446 100644 --- a/openid-connect-server/src/main/webapp/WEB-INF/tags/header.tag +++ b/openid-connect-server/src/main/webapp/WEB-INF/tags/header.tag @@ -118,6 +118,16 @@ function getUserAuthorities() { return ${userAuthorities}; } + + // is the current user an admin? + function isAdmin() { + var auth = getUserAuthorities(); + if (auth && _.contains(auth, "ROLE_ADMIN")) { + return true; + } else { + return false; + } + } diff --git a/openid-connect-server/src/main/webapp/resources/js/admin.js b/openid-connect-server/src/main/webapp/resources/js/admin.js index 9932db658..8e824707d 100644 --- a/openid-connect-server/src/main/webapp/resources/js/admin.js +++ b/openid-connect-server/src/main/webapp/resources/js/admin.js @@ -340,7 +340,11 @@ var AppRouter = Backbone.Router.extend({ }, root:function() { - this.navigate('user/approved', {trigger: true}); + if (isAdmin()) { + this.navigate('admin/clients', {trigger: true}); + } else { + this.navigate('user/approved', {trigger: true}); + } }, initialize:function () { @@ -410,6 +414,11 @@ var AppRouter = Backbone.Router.extend({ listClients:function () { + if (!isAdmin()) { + this.root(); + return; + } + this.breadCrumbView.collection.reset(); this.breadCrumbView.collection.add([ {text:"Home", href:""}, @@ -424,6 +433,11 @@ var AppRouter = Backbone.Router.extend({ newClient:function() { + if (!isAdmin()) { + this.root()(); + return; + } + this.breadCrumbView.collection.reset(); this.breadCrumbView.collection.add([ {text:"Home", href:""}, @@ -450,6 +464,11 @@ var AppRouter = Backbone.Router.extend({ editClient:function(id) { + if (!isAdmin()) { + this.root()(); + return; + } + this.breadCrumbView.collection.reset(); this.breadCrumbView.collection.add([ {text:"Home", href:""}, @@ -483,7 +502,13 @@ var AppRouter = Backbone.Router.extend({ }, whiteList:function () { - this.breadCrumbView.collection.reset(); + + if (!isAdmin()) { + this.root()(); + return; + } + + this.breadCrumbView.collection.reset(); this.breadCrumbView.collection.add([ {text:"Home", href:""}, {text:"Manage Whitelisted Sites", href:"manage/#admin/whitelists"} @@ -496,7 +521,13 @@ var AppRouter = Backbone.Router.extend({ }, newWhitelist:function(cid) { - var client = this.clientList.get(cid); + + if (!isAdmin()) { + this.root()(); + return; + } + + var client = this.clientList.get(cid); // if there's no client this is an error if (client != null) { @@ -525,7 +556,13 @@ var AppRouter = Backbone.Router.extend({ }, editWhitelist:function(id) { - this.breadCrumbView.collection.reset(); + + if (!isAdmin()) { + this.root()(); + return; + } + + this.breadCrumbView.collection.reset(); this.breadCrumbView.collection.add([ {text:"Home", href:""}, {text:"Manage Whitelisted Sites", href:"manage/#admin/whitelists"}, @@ -551,8 +588,7 @@ var AppRouter = Backbone.Router.extend({ }, approvedSites:function() { - - this.breadCrumbView.collection.reset(); + this.breadCrumbView.collection.reset(); this.breadCrumbView.collection.add([ {text:"Home", href:""}, {text:"Manage Approved Sites", href:"manage/#user/approve"} @@ -578,7 +614,13 @@ var AppRouter = Backbone.Router.extend({ }, blackList:function() { - this.breadCrumbView.collection.reset(); + + if (!isAdmin()) { + this.root()(); + return; + } + + this.breadCrumbView.collection.reset(); this.breadCrumbView.collection.add([ {text:"Home", href:""}, {text:"Manage Blacklisted Sites", href:"manage/#admin/blacklist"} @@ -596,6 +638,12 @@ var AppRouter = Backbone.Router.extend({ }, siteScope:function() { + + if (!isAdmin()) { + this.root()(); + return; + } + this.breadCrumbView.collection.reset(); this.breadCrumbView.collection.add([ {text:"Home", href:""}, @@ -609,6 +657,12 @@ var AppRouter = Backbone.Router.extend({ }, newScope:function() { + + if (!isAdmin()) { + this.root()(); + return; + } + this.breadCrumbView.collection.reset(); this.breadCrumbView.collection.add([ {text:"Home", href:""}, @@ -625,6 +679,12 @@ var AppRouter = Backbone.Router.extend({ }, editScope:function(sid) { + + if (!isAdmin()) { + this.root()(); + return; + } + this.breadCrumbView.collection.reset(); this.breadCrumbView.collection.add([ {text:"Home", href:""}, @@ -676,6 +736,7 @@ var AppRouter = Backbone.Router.extend({ ]); setPageTitle("Edit a New Client"); + // note that this doesn't actually load the client, that's supposed to happen elsewhere... }