dashboard/app: show jobs/managers/logs only for admin

That's not very interesting for anybody other than admins.

3 files changed, 54 insertions, 19 deletions

diff --git a/dashboard/app/handler.go b/dashboard/app/handler.go
index 91d0210c7..c7bbde23c 100644
--- a/dashboard/app/handler.go
+++ b/dashboard/app/handler.go
@@ -20,6 +20,14 @@ import (
 
 // This file contains common middleware for UI handlers (auth, html templates, etc).
 
+type AccessLevel int
+
+const (
+	AccessPublic AccessLevel = iota + 1
+	AccessUser
+	AccessAdmin
+)
+
 type contextHandler func(c context.Context, w http.ResponseWriter, r *http.Request) error
 
 func handlerWrapper(fn contextHandler) http.Handler {
@@ -41,12 +49,11 @@ func handleContext(fn contextHandler) http.Handler {
 
 func handleAuth(fn contextHandler) contextHandler {
 	return func(c context.Context, w http.ResponseWriter, r *http.Request) error {
-		u := user.Current(c)
-		if u == nil {
-			return fmt.Errorf("sign-in required")
-		}
-		if !u.Admin && (u.AuthDomain != "gmail.com" ||
-			!strings.HasSuffix(u.Email, config.AuthDomain)) {
+		if accessLevel(c, r) == AccessPublic {
+			u := user.Current(c)
+			if u == nil {
+				return fmt.Errorf("sign-in required")
+			}
 			log.Errorf(c, "unauthorized user: domain='%v' email='%v'", u.AuthDomain, u.Email)
 			return fmt.Errorf("%v is not authorized to view this", u.Email)
 		}
@@ -54,6 +61,23 @@ func handleAuth(fn contextHandler) contextHandler {
 	}
 }
 
+func accessLevel(c context.Context, r *http.Request) AccessLevel {
+	if user.IsAdmin(c) {
+		switch r.FormValue("access") {
+		case "public":
+			return AccessPublic
+		case "user":
+			return AccessUser
+		}
+		return AccessAdmin
+	}
+	u := user.Current(c)
+	if u == nil || u.AuthDomain != "gmail.com" || !strings.HasSuffix(u.Email, config.AuthDomain) {
+		return AccessPublic
+	}
+	return AccessUser
+}
+
 func serveTemplate(w http.ResponseWriter, name string, data interface{}) error {
 	buf := new(bytes.Buffer)
 	if err := templates.ExecuteTemplate(buf, name, data); err != nil {
diff --git a/dashboard/app/main.go b/dashboard/app/main.go
index 383ea0cc2..f27b11307 100644
--- a/dashboard/app/main.go
+++ b/dashboard/app/main.go
@@ -135,17 +135,22 @@ func handleMain(c context.Context, w http.ResponseWriter, r *http.Request) error
 	if err != nil {
 		return err
 	}
-	errorLog, err := fetchErrorLogs(c)
-	if err != nil {
-		return err
-	}
-	managers, err := loadManagers(c)
-	if err != nil {
-		return err
-	}
-	jobs, err := loadRecentJobs(c)
-	if err != nil {
-		return err
+	var errorLog []byte
+	var managers []*uiManager
+	var jobs []*uiJob
+	if accessLevel(c, r) == AccessAdmin {
+		errorLog, err = fetchErrorLogs(c)
+		if err != nil {
+			return err
+		}
+		managers, err = loadManagers(c)
+		if err != nil {
+			return err
+		}
+		jobs, err = loadRecentJobs(c)
+		if err != nil {
+			return err
+		}
 	}
 	groups, err := fetchBugs(c)
 	if err != nil {
diff --git a/dashboard/app/main.html b/dashboard/app/main.html
index 7be70c538..88151dbf4 100644
--- a/dashboard/app/main.html
+++ b/dashboard/app/main.html
@@ -14,14 +14,17 @@ Main page.
 <body>
 	{{template "header" .Header}}
 
+	{{if .Log}}
 	<b>Error log:</b><br>
 	<textarea id="log_textarea" readonly rows="20" wrap=off>{{printf "%s" .Log}}</textarea>
 	<script>
-        	var textarea = document.getElementById("log_textarea");
-	        textarea.scrollTop = textarea.scrollHeight;
+		var textarea = document.getElementById("log_textarea");
+		textarea.scrollTop = textarea.scrollHeight;
 	</script>
 	<br><br>
+	{{end}}
 
+	{{if $.Managers}}
 	<table class="list_table" id="managers">
 		<caption>Managers:</caption>
 		<tr>
@@ -56,7 +59,9 @@ Main page.
 		{{end}}
 	</table>
 	<br><br>
+	{{end}}
 
+	{{if $.Jobs}}
 	<table class="list_table" id="jobs">
 		<caption>Recent jobs:</caption>
 		<tr>
@@ -102,6 +107,7 @@ Main page.
 		{{end}}
 	</table>
 	<br><br>
+	{{end}}
 
 	{{range $group := $.BugGroups}}
 		{{template "bug_list" $group}}