From 67bd338380a77b946966e7be2f3fe3778e87c1d3 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Thu, 1 Feb 2018 16:57:38 +0100 Subject: dashboard/app: show jobs/managers/logs only for admin That's not very interesting for anybody other than admins. --- dashboard/app/handler.go | 36 ++++++++++++++++++++++++++++++------ dashboard/app/main.go | 27 ++++++++++++++++----------- dashboard/app/main.html | 10 ++++++++-- 3 files changed, 54 insertions(+), 19 deletions(-) diff --git a/dashboard/app/handler.go b/dashboard/app/handler.go index 91d0210c7..c7bbde23c 100644 --- a/dashboard/app/handler.go +++ b/dashboard/app/handler.go @@ -20,6 +20,14 @@ import ( // This file contains common middleware for UI handlers (auth, html templates, etc). +type AccessLevel int + +const ( + AccessPublic AccessLevel = iota + 1 + AccessUser + AccessAdmin +) + type contextHandler func(c context.Context, w http.ResponseWriter, r *http.Request) error func handlerWrapper(fn contextHandler) http.Handler { @@ -41,12 +49,11 @@ func handleContext(fn contextHandler) http.Handler { func handleAuth(fn contextHandler) contextHandler { return func(c context.Context, w http.ResponseWriter, r *http.Request) error { - u := user.Current(c) - if u == nil { - return fmt.Errorf("sign-in required") - } - if !u.Admin && (u.AuthDomain != "gmail.com" || - !strings.HasSuffix(u.Email, config.AuthDomain)) { + if accessLevel(c, r) == AccessPublic { + u := user.Current(c) + if u == nil { + return fmt.Errorf("sign-in required") + } log.Errorf(c, "unauthorized user: domain='%v' email='%v'", u.AuthDomain, u.Email) return fmt.Errorf("%v is not authorized to view this", u.Email) } @@ -54,6 +61,23 @@ func handleAuth(fn contextHandler) contextHandler { } } +func accessLevel(c context.Context, r *http.Request) AccessLevel { + if user.IsAdmin(c) { + switch r.FormValue("access") { + case "public": + return AccessPublic + case "user": + return AccessUser + } + return AccessAdmin + } + u := user.Current(c) + if u == nil || u.AuthDomain != "gmail.com" || !strings.HasSuffix(u.Email, config.AuthDomain) { + return AccessPublic + } + return AccessUser +} + func serveTemplate(w http.ResponseWriter, name string, data interface{}) error { buf := new(bytes.Buffer) if err := templates.ExecuteTemplate(buf, name, data); err != nil { diff --git a/dashboard/app/main.go b/dashboard/app/main.go index 383ea0cc2..f27b11307 100644 --- a/dashboard/app/main.go +++ b/dashboard/app/main.go @@ -135,17 +135,22 @@ func handleMain(c context.Context, w http.ResponseWriter, r *http.Request) error if err != nil { return err } - errorLog, err := fetchErrorLogs(c) - if err != nil { - return err - } - managers, err := loadManagers(c) - if err != nil { - return err - } - jobs, err := loadRecentJobs(c) - if err != nil { - return err + var errorLog []byte + var managers []*uiManager + var jobs []*uiJob + if accessLevel(c, r) == AccessAdmin { + errorLog, err = fetchErrorLogs(c) + if err != nil { + return err + } + managers, err = loadManagers(c) + if err != nil { + return err + } + jobs, err = loadRecentJobs(c) + if err != nil { + return err + } } groups, err := fetchBugs(c) if err != nil { diff --git a/dashboard/app/main.html b/dashboard/app/main.html index 7be70c538..88151dbf4 100644 --- a/dashboard/app/main.html +++ b/dashboard/app/main.html @@ -14,14 +14,17 @@ Main page. {{template "header" .Header}} + {{if .Log}} Error log:


+ {{end}} + {{if $.Managers}} @@ -56,7 +59,9 @@ Main page. {{end}}
Managers:


+ {{end}} + {{if $.Jobs}} @@ -102,6 +107,7 @@ Main page. {{end}}
Recent jobs:


+ {{end}} {{range $group := $.BugGroups}} {{template "bug_list" $group}} -- cgit mrf-deployment