mirror of
https://github.com/Lissy93/dashy.git
synced 2024-11-27 10:26:00 +03:00
🛂 Prevent non-admin users from writing changes to disk
This commit is contained in:
parent
f1f227d41f
commit
6f809460ff
@ -10,11 +10,13 @@
|
||||
<div class="save-options">
|
||||
<span class="save-option-title">Save Location:</span>
|
||||
<div class="option">
|
||||
<input type="radio" id="local" value="local" v-model="saveMode" class="radio-option" />
|
||||
<input type="radio" id="local" value="local"
|
||||
v-model="saveMode" class="radio-option" :disabled="!isAdmin" />
|
||||
<label for="local" class="save-option-label">Apply Locally</label>
|
||||
</div>
|
||||
<div class="option">
|
||||
<input type="radio" id="file" value="file" v-model="saveMode" class="radio-option" />
|
||||
<input type="radio" id="file" value="file" v-model="saveMode" class="radio-option"
|
||||
:disabled="!isAdmin" />
|
||||
<label for="file" class="save-option-label">Write Changes to Config File</label>
|
||||
</div>
|
||||
</div>
|
||||
@ -52,6 +54,7 @@ import VJsoneditor from 'v-jsoneditor';
|
||||
import { localStorageKeys } from '@/utils/defaults';
|
||||
import configSchema from '@/utils/ConfigSchema.json';
|
||||
import JsonToYaml from '@/utils/JsonToYaml';
|
||||
import { isUserAdmin } from '@/utils/Auth';
|
||||
import axios from 'axios';
|
||||
|
||||
export default {
|
||||
@ -77,6 +80,7 @@ export default {
|
||||
jsonParser: JsonToYaml,
|
||||
responseText: '',
|
||||
saveSuccess: undefined,
|
||||
isAdmin: isUserAdmin(this.config.appConfig.auth),
|
||||
};
|
||||
},
|
||||
computed: {
|
||||
@ -84,9 +88,12 @@ export default {
|
||||
return this.errorMessages.length < 1;
|
||||
},
|
||||
},
|
||||
mounted() {
|
||||
if (!this.isAdmin) this.saveMode = 'local';
|
||||
},
|
||||
methods: {
|
||||
save() {
|
||||
if (this.saveMode === 'local') {
|
||||
if (this.saveMode === 'local' || !this.isAdmin) {
|
||||
this.saveConfigLocally();
|
||||
} else if (this.saveMode === 'file') {
|
||||
this.writeConfigToDisk();
|
||||
|
@ -50,3 +50,25 @@ export const logout = () => {
|
||||
document.cookie = 'authenticationToken=null';
|
||||
localStorage.removeItem(localStorageKeys.USERNAME);
|
||||
};
|
||||
|
||||
/**
|
||||
* Checks if the current user has admin privileges.
|
||||
* If no users are setup, then function will always return true
|
||||
* But if auth is configured, then will verify user is correctly
|
||||
* logged in and then check weather they are of type admin, and
|
||||
* return false if any conditions fail
|
||||
* @param users[] : Array of users
|
||||
* @returns Boolean : True if admin privileges
|
||||
*/
|
||||
export const isUserAdmin = (users) => {
|
||||
if (!users || users.length === 0) return true; // Authentication not setup
|
||||
if (!isLoggedIn(users)) return false; // Auth setup, but not signed in as a valid user
|
||||
const currentUser = localStorage[localStorageKeys.USERNAME];
|
||||
let isAdmin = false;
|
||||
users.forEach((user) => {
|
||||
if (user.user === currentUser) {
|
||||
if (user.type === 'admin') isAdmin = true;
|
||||
}
|
||||
});
|
||||
return isAdmin;
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user