diff --git a/caddy/hugo/hugo.go b/caddy/hugo/hugo.go index df9e0742..b20852cd 100644 --- a/caddy/hugo/hugo.go +++ b/caddy/hugo/hugo.go @@ -26,7 +26,6 @@ type hugo struct { // Indicates if we should clean public before a new publish. CleanPublic bool `description:"Indicates if the public folder should be cleaned before publishing the website."` - // TODO: AllowPublish // TODO: admin interface to cgange options } @@ -67,6 +66,10 @@ func (h hugo) BeforeAPI(c *filemanager.RequestContext, w http.ResponseWriter, r // If we are creating a file built from an archetype. if r.Header.Get("Archetype") != "" { + if !c.User.AllowNew { + return http.StatusForbidden, nil + } + filename := filepath.Join(string(c.User.FileSystem), r.URL.Path) filename = strings.TrimPrefix(filename, "/") archetype := r.Header.Get("archetype") @@ -92,6 +95,10 @@ func (h hugo) BeforeAPI(c *filemanager.RequestContext, w http.ResponseWriter, r // If we are trying to regenerate the website. if r.Header.Get("Regenerate") == "true" { + if !c.User.Permissions["allowPublish"] { + return http.StatusForbidden, nil + } + filename := filepath.Join(string(c.User.FileSystem), r.URL.Path) filename = strings.TrimPrefix(filename, "/") @@ -120,6 +127,10 @@ func (h hugo) BeforeAPI(c *filemanager.RequestContext, w http.ResponseWriter, r } if r.Header.Get("Schedule") != "" { + if !c.User.Permissions["allowPublish"] { + return http.StatusForbidden, nil + } + return h.schedule(c, w, r) } diff --git a/caddy/hugo/hugo.js b/caddy/hugo/hugo.js index df6bf4eb..33aeee31 100644 --- a/caddy/hugo/hugo.js +++ b/caddy/hugo/hugo.js @@ -82,8 +82,8 @@ !data.store.state.loading && data.store.state.req.metadata !== undefined && data.store.state.req.metadata !== null && - data.store.state.user.allowEdit) - // TODO: add allowPublish + data.store.state.user.allowEdit & + data.store.state.user.permissions.allowPublish) }, click: function (event, data, route) { event.preventDefault() @@ -113,7 +113,8 @@ return (data.store.state.req.kind === 'editor' && !data.store.state.loading && data.store.state.req.metadata !== undefined && - data.store.state.req.metadata !== null) + data.store.state.req.metadata !== null && + data.store.state.user.permissions.allowPublish) }, click: function (event, data, route) { document.getElementById('save-button').click() diff --git a/filemanager.go b/filemanager.go index fc67e4ba..7dc7cabd 100644 --- a/filemanager.go +++ b/filemanager.go @@ -296,20 +296,17 @@ func (m *FileManager) RegisterPermission(name string, value bool) error { m.DefaultUser.Permissions[name] = value for _, u := range m.Users { - if u.Permissions == nil { - u.Permissions = map[string]bool{} - } - // Bypass the user if it is already defined. if _, ok := u.Permissions[name]; ok { continue } + if u.Permissions == nil { + u.Permissions = m.DefaultUser.Permissions + } + if u.Admin { u.Permissions[name] = true - } else { - u.Permissions[name] = value - } err := m.db.Save(u)