summaryrefslogtreecommitdiffstats
path: root/web/web.go
diff options
context:
space:
mode:
Diffstat (limited to 'web/web.go')
-rw-r--r--web/web.go22
1 files changed, 13 insertions, 9 deletions
diff --git a/web/web.go b/web/web.go
index 7996a49be..44c9610a6 100644
--- a/web/web.go
+++ b/web/web.go
@@ -52,7 +52,7 @@ func InitWeb() {
mainrouter.PathPrefix("/static/").Handler(http.StripPrefix("/static/", http.FileServer(http.Dir(staticDir))))
mainrouter.Handle("/", api.AppHandlerIndependent(root)).Methods("GET")
-
+
mainrouter.Handle("/signup_team_complete/", api.AppHandlerIndependent(signupTeamComplete)).Methods("GET")
mainrouter.Handle("/signup_user_complete/", api.AppHandlerIndependent(signupUserComplete)).Methods("GET")
mainrouter.Handle("/signup_team_confirm/", api.AppHandlerIndependent(signupTeamConfirm)).Methods("GET")
@@ -62,8 +62,7 @@ func InitWeb() {
mainrouter.Handle("/login/{service:[A-Za-z]+}/complete", api.AppHandlerIndependent(loginCompleteOAuth)).Methods("GET")
mainrouter.Handle("/signup/{service:[A-Za-z]+}/complete", api.AppHandlerIndependent(signupCompleteOAuth)).Methods("GET")
- mainrouter.Handle("/admin", api.AppHandlerIndependent(adminConsole)).Methods("GET")
-
+ mainrouter.Handle("/admin_console", api.UserRequired(adminConsole)).Methods("GET")
// ----------------------------------------------------------------------------------------------
// *ANYTHING* team spefic should go below this line
@@ -74,11 +73,9 @@ func InitWeb() {
mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/login", api.AppHandler(login)).Methods("GET")
mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/logout", api.AppHandler(logout)).Methods("GET")
mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/reset_password", api.AppHandler(resetPassword)).Methods("GET")
- mainrouter.Handle("/{team}/login/{service}", api.AppHandler(loginWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here.
+ mainrouter.Handle("/{team}/login/{service}", api.AppHandler(loginWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here.
mainrouter.Handle("/{team}/channels/{channelname}", api.UserRequired(getChannel)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here.
- mainrouter.Handle("/{team}/signup/{service}", api.AppHandler(signupWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here.
-
-
+ mainrouter.Handle("/{team}/signup/{service}", api.AppHandler(signupWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here.
watchAndParseTemplates()
}
@@ -644,6 +641,13 @@ func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request)
}
func adminConsole(c *api.Context, w http.ResponseWriter, r *http.Request) {
- page := NewHtmlTemplatePage("admin_console", "Admin Console")
- page.Render(c, w)
+
+ if !c.IsSystemAdmin() {
+ c.Err = model.NewAppError("adminConsole", "You do not have permission to access the admin console.", "")
+ c.Err.StatusCode = http.StatusForbidden
+ return
+ } else {
+ page := NewHtmlTemplatePage("admin_console", "Admin Console")
+ page.Render(c, w)
+ }
}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-30 23:51:22 +0000