CIRCL
/
AIL-framework
mirror of https://github.com/CIRCL/AIL-framework
2
1
Fork 0
Code Issues Releases Wiki Activity

chg: [UI user_management] user_role acl: hide admin panel

pull/359/head
Terrtia 2019-06-20 11:15:56 +02:00
parent 7ecd43db99
commit 821cf3cbea
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
2 changed files with 35 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
var/www/modules/settings/Flask_settings.py
View File

@ -119,7 +119,10 @@ def settings_page():
current_version = r_serv_db.get('ail:version') current_version = r_serv_db.get('ail:version')
update_metadata = get_update_metadata() update_metadata = get_update_metadata()
admin_level = current_user.is_in_role('admin')
return render_template("settings_index.html", git_metadata=git_metadata, return render_template("settings_index.html", git_metadata=git_metadata,
admin_level=admin_level,
current_version=current_version) current_version=current_version)
@settings.route("/settings/edit_profile", methods=['GET']) @settings.route("/settings/edit_profile", methods=['GET'])
@ -127,7 +130,9 @@ def settings_page():
@login_analyst @login_analyst
def edit_profile(): def edit_profile():
user_metadata = get_user_metadata(current_user.get_id()) user_metadata = get_user_metadata(current_user.get_id())
return render_template("edit_profile.html", user_metadata=user_metadata) admin_level = current_user.is_in_role('admin')
return render_template("edit_profile.html", user_metadata=user_metadata,
admin_level=admin_level)
@settings.route("/settings/new_token", methods=['GET']) @settings.route("/settings/new_token", methods=['GET'])
@login_required @login_required
@ -158,7 +163,9 @@ def create_user():
else: else:
user_id = None user_id = None
all_roles = get_all_roles() all_roles = get_all_roles()
return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role, error=error, error_mail=error_mail) return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role,
error=error, error_mail=error_mail,
admin_level=True)
@settings.route("/settings/create_user_post", methods=['POST']) @settings.route("/settings/create_user_post", methods=['POST'])
@login_required @login_required
@ -179,9 +186,9 @@ def create_user_post():
if check_password_strength(password1): if check_password_strength(password1):
password = password1 password = password1
else: else:
return render_template("create_user.html", all_roles=all_roles, error="Incorrect Password") return render_template("create_user.html", all_roles=all_roles, error="Incorrect Password", admin_level=True)
else: else:
return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match") return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match", admin_level=True)
# generate password # generate password
else: else:
password = secrets.token_urlsafe() password = secrets.token_urlsafe()
@ -201,9 +208,9 @@ def create_user_post():
return redirect(url_for('settings.users_list', new_user=email, new_user_password=password, new_user_edited=False)) return redirect(url_for('settings.users_list', new_user=email, new_user_password=password, new_user_edited=False))
else: else:
return render_template("create_user.html", all_roles=all_roles) return render_template("create_user.html", all_roles=all_roles, admin_level=True)
else: else:
return render_template("create_user.html", all_roles=all_roles, error_mail=True) return render_template("create_user.html", all_roles=all_roles, error_mail=True, admin_level=True)
@settings.route("/settings/users_list", methods=['GET']) @settings.route("/settings/users_list", methods=['GET'])
@login_required @login_required
@ -216,7 +223,7 @@ def users_list():
new_user_dict['email'] = new_user new_user_dict['email'] = new_user
new_user_dict['edited'] = request.args.get('new_user_edited') new_user_dict['edited'] = request.args.get('new_user_edited')
new_user_dict['password'] = request.args.get('new_user_password') new_user_dict['password'] = request.args.get('new_user_password')
return render_template("users_list.html", all_users=all_users, new_user=new_user_dict) return render_template("users_list.html", all_users=all_users, new_user=new_user_dict, admin_level=True)
@settings.route("/settings/edit_user", methods=['GET']) @settings.route("/settings/edit_user", methods=['GET'])
@login_required @login_required

40
var/www/templates/settings/menu_sidebar.html
View File

@ -37,23 +37,25 @@
</li> </li>
</ul> </ul>
</nav> </nav>
<nav class="navbar navbar-expand navbar-light bg-light flex-md-column flex-row align-items-start py-2" id="nav_users"> {% if admin_level %}
<h5 class="d-flex text-muted w-100" id="nav_user_management"> <nav class="navbar navbar-expand navbar-light bg-light flex-md-column flex-row align-items-start py-2" id="nav_users">
<span>User Management</span> <h5 class="d-flex text-muted w-100" id="nav_user_management">
</h5> <span>User Management</span>
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills--> </h5>
<li class="nav-item"> <ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills-->
<a class="nav-link" href="{{url_for('settings.create_user')}}" id="nav_create_user"> <li class="nav-item">
<i class="fas fa-user-plus"></i> <a class="nav-link" href="{{url_for('settings.create_user')}}" id="nav_create_user">
<span>Create User</span> <i class="fas fa-user-plus"></i>
</a> <span>Create User</span>
</li> </a>
<li class="nav-item"> </li>
<a class="nav-link" href="{{url_for('settings.users_list')}}" id="nav_users_list"> <li class="nav-item">
<i class="fas fa-users"></i> <a class="nav-link" href="{{url_for('settings.users_list')}}" id="nav_users_list">
<span>Users List</span> <i class="fas fa-users"></i>
</a> <span>Users List</span>
</li> </a>
</ul> </li>
</nav> </ul>
</nav>
{% endif %}
</div> </div>