From 6c0ca05293d2d1bb5b4b0df63f541eb4f75428c3 Mon Sep 17 00:00:00 2001
From: Pawel Kowalczyk <pawel.kowalczyk@contractors.roche.com>
Date: Mon, 10 Dec 2018 11:14:12 +0100
Subject: [PATCH] disallow-to-see-admin-panels-when-no-admin-permissions

Feature #14566

Arvados-DCO-1.1-Signed-off-by: Pawel Kowalczyk <pawel.kowalczyk@contractors.roche.com>
---
 src/store/users/users-actions.ts                  | 15 +++++++++++++--
 .../virtual-machines/virtual-machines-actions.ts  | 10 ++++++++--
 src/views-components/main-app-bar/admin-menu.tsx  |  4 ++--
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/src/store/users/users-actions.ts b/src/store/users/users-actions.ts
index 51c9ba0b..585a3663 100644
--- a/src/store/users/users-actions.ts
+++ b/src/store/users/users-actions.ts
@@ -11,7 +11,7 @@ import { startSubmit, reset } from "redux-form";
 import { snackbarActions, SnackbarKind } from '~/store/snackbar/snackbar-actions';
 import { UserResource } from "~/models/user";
 import { getResource } from '~/store/resources/resources';
-import { navigateToProject } from "~/store/navigation/navigation-action";
+import { navigateToProject, navigateToUsers, navigateToRootProject } from "~/store/navigation/navigation-action";
 
 export const USERS_PANEL_ID = 'usersPanel';
 export const USER_ATTRIBUTES_DIALOG = 'userAttributesDialog';
@@ -58,7 +58,18 @@ export const createUser = (user: UserCreateFormDialogData) =>
             dispatch(userBindedActions.REQUEST_ITEMS());
             return newUser;
         } catch (e) {
-            return ;
+            return;
+        }
+    };
+
+export const openUserPanel = () =>
+    async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => {
+        const user = getState().auth.user;
+        if (user && user.isAdmin) {
+            dispatch<any>(navigateToUsers);
+        } else {
+            dispatch<any>(navigateToRootProject);
+            dispatch(snackbarActions.OPEN_SNACKBAR({ message: "You don't have permissions to view this page", hideDuration: 2000 }));
         }
     };
 
diff --git a/src/store/virtual-machines/virtual-machines-actions.ts b/src/store/virtual-machines/virtual-machines-actions.ts
index ea6d1aff..1e9825c1 100644
--- a/src/store/virtual-machines/virtual-machines-actions.ts
+++ b/src/store/virtual-machines/virtual-machines-actions.ts
@@ -5,7 +5,7 @@
 import { Dispatch } from "redux";
 import { RootState } from '~/store/store';
 import { ServiceRepository } from "~/services/services";
-import { navigateToUserVirtualMachines, navigateToAdminVirtualMachines } from "~/store/navigation/navigation-action";
+import { navigateToUserVirtualMachines, navigateToAdminVirtualMachines, navigateToRootProject } from "~/store/navigation/navigation-action";
 import { bindDataExplorerActions } from '~/store/data-explorer/data-explorer-action';
 import { formatDate } from "~/common/formatters";
 import { unionize, ofType, UnionOf } from "~/common/unionize";
@@ -35,7 +35,13 @@ export const openUserVirtualMachines = () =>
 
 export const openAdminVirtualMachines = () =>
     async (dispatch: Dispatch, getState: () => RootState, services: ServiceRepository) => {
-        dispatch<any>(navigateToAdminVirtualMachines);
+        const user = getState().auth.user;
+        if (user && user.isAdmin) {
+            dispatch<any>(navigateToAdminVirtualMachines);
+        } else {
+            dispatch<any>(navigateToRootProject);
+            dispatch(snackbarActions.OPEN_SNACKBAR({ message: "You don't have permissions to view this page", hideDuration: 2000 }));
+        }
     };
 
 export const openVirtualMachineAttributes = (uuid: string) =>
diff --git a/src/views-components/main-app-bar/admin-menu.tsx b/src/views-components/main-app-bar/admin-menu.tsx
index 8185f471..40ba9161 100644
--- a/src/views-components/main-app-bar/admin-menu.tsx
+++ b/src/views-components/main-app-bar/admin-menu.tsx
@@ -16,7 +16,7 @@ import {
     navigateToApiClientAuthorizations
 } from '~/store/navigation/navigation-action';
 import { openAdminVirtualMachines } from "~/store/virtual-machines/virtual-machines-actions";
-import { navigateToUsers } from '~/store/navigation/navigation-action';
+import { openUserPanel } from "~/store/users/users-actions";
 
 interface AdminMenuProps {
     user?: User;
@@ -37,7 +37,7 @@ export const AdminMenu = connect(mapStateToProps)(
                 <MenuItem onClick={() => dispatch(openAdminVirtualMachines())}>Virtual Machines</MenuItem>
                 <MenuItem onClick={() => dispatch(navigateToSshKeysAdmin)}>Ssh Keys</MenuItem>
                 <MenuItem onClick={() => dispatch(navigateToApiClientAuthorizations)}>Api Tokens</MenuItem>
-                <MenuItem onClick={() => dispatch(navigateToUsers)}>Users</MenuItem>
+                <MenuItem onClick={() => dispatch(openUserPanel())}>Users</MenuItem>
                 <MenuItem onClick={() => dispatch(navigateToComputeNodes)}>Compute Nodes</MenuItem>
                 <MenuItem onClick={() => dispatch(navigateToKeepServices)}>Keep Services</MenuItem>
                 <MenuItem onClick={() => dispatch(logout())}>Logout</MenuItem>
-- 
2.30.2