From 8bf35081c80a56051037d0bc374e9fec3fb9529e Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Thu, 10 Sep 2015 14:56:37 -0700 Subject: PLT-12 UI framework for admin console --- web/web.go | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'web/web.go') diff --git a/web/web.go b/web/web.go index 7996a49be..44c9610a6 100644 --- a/web/web.go +++ b/web/web.go @@ -52,7 +52,7 @@ func InitWeb() { mainrouter.PathPrefix("/static/").Handler(http.StripPrefix("/static/", http.FileServer(http.Dir(staticDir)))) mainrouter.Handle("/", api.AppHandlerIndependent(root)).Methods("GET") - + mainrouter.Handle("/signup_team_complete/", api.AppHandlerIndependent(signupTeamComplete)).Methods("GET") mainrouter.Handle("/signup_user_complete/", api.AppHandlerIndependent(signupUserComplete)).Methods("GET") mainrouter.Handle("/signup_team_confirm/", api.AppHandlerIndependent(signupTeamConfirm)).Methods("GET") @@ -62,8 +62,7 @@ func InitWeb() { mainrouter.Handle("/login/{service:[A-Za-z]+}/complete", api.AppHandlerIndependent(loginCompleteOAuth)).Methods("GET") mainrouter.Handle("/signup/{service:[A-Za-z]+}/complete", api.AppHandlerIndependent(signupCompleteOAuth)).Methods("GET") - mainrouter.Handle("/admin", api.AppHandlerIndependent(adminConsole)).Methods("GET") - + mainrouter.Handle("/admin_console", api.UserRequired(adminConsole)).Methods("GET") // ---------------------------------------------------------------------------------------------- // *ANYTHING* team spefic should go below this line @@ -74,11 +73,9 @@ func InitWeb() { mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/login", api.AppHandler(login)).Methods("GET") mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/logout", api.AppHandler(logout)).Methods("GET") mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/reset_password", api.AppHandler(resetPassword)).Methods("GET") - mainrouter.Handle("/{team}/login/{service}", api.AppHandler(loginWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. + mainrouter.Handle("/{team}/login/{service}", api.AppHandler(loginWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. mainrouter.Handle("/{team}/channels/{channelname}", api.UserRequired(getChannel)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. - mainrouter.Handle("/{team}/signup/{service}", api.AppHandler(signupWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. - - + mainrouter.Handle("/{team}/signup/{service}", api.AppHandler(signupWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. watchAndParseTemplates() } @@ -644,6 +641,13 @@ func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) } func adminConsole(c *api.Context, w http.ResponseWriter, r *http.Request) { - page := NewHtmlTemplatePage("admin_console", "Admin Console") - page.Render(c, w) + + if !c.IsSystemAdmin() { + c.Err = model.NewAppError("adminConsole", "You do not have permission to access the admin console.", "") + c.Err.StatusCode = http.StatusForbidden + return + } else { + page := NewHtmlTemplatePage("admin_console", "Admin Console") + page.Render(c, w) + } } -- cgit v1.2.3-1-g7c22