From 821cf3cbea36beb6d4f2cda4850aa0c28508b861 Mon Sep 17 00:00:00 2001
From: Terrtia <or1994@hotmail.fr>
Date: Thu, 20 Jun 2019 11:15:56 +0200
Subject: [PATCH] chg: [UI user_management] user_role acl: hide admin panel

---
 var/www/modules/settings/Flask_settings.py   | 21 ++++++----
 var/www/templates/settings/menu_sidebar.html | 40 ++++++++++----------
 2 files changed, 35 insertions(+), 26 deletions(-)

diff --git a/var/www/modules/settings/Flask_settings.py b/var/www/modules/settings/Flask_settings.py
index 2914213d..2080c637 100644
--- a/var/www/modules/settings/Flask_settings.py
+++ b/var/www/modules/settings/Flask_settings.py
@@ -119,7 +119,10 @@ def settings_page():
     current_version = r_serv_db.get('ail:version')
     update_metadata = get_update_metadata()
 
+    admin_level = current_user.is_in_role('admin')
+
     return render_template("settings_index.html", git_metadata=git_metadata,
+                            admin_level=admin_level,
                             current_version=current_version)
 
 @settings.route("/settings/edit_profile", methods=['GET'])
@@ -127,7 +130,9 @@ def settings_page():
 @login_analyst
 def edit_profile():
     user_metadata = get_user_metadata(current_user.get_id())
-    return render_template("edit_profile.html", user_metadata=user_metadata)
+    admin_level = current_user.is_in_role('admin')
+    return render_template("edit_profile.html", user_metadata=user_metadata,
+                            admin_level=admin_level)
 
 @settings.route("/settings/new_token", methods=['GET'])
 @login_required
@@ -158,7 +163,9 @@ def create_user():
     else:
         user_id = None
     all_roles = get_all_roles()
-    return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role, error=error, error_mail=error_mail)
+    return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role,
+                                        error=error, error_mail=error_mail,
+                                        admin_level=True)
 
 @settings.route("/settings/create_user_post", methods=['POST'])
 @login_required
@@ -179,9 +186,9 @@ def create_user_post():
                     if check_password_strength(password1):
                         password = password1
                     else:
-                        return render_template("create_user.html", all_roles=all_roles, error="Incorrect Password")
+                        return render_template("create_user.html", all_roles=all_roles, error="Incorrect Password", admin_level=True)
                 else:
-                    return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match")
+                    return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match", admin_level=True)
             # generate password
             else:
                 password = secrets.token_urlsafe()
@@ -201,9 +208,9 @@ def create_user_post():
                     return redirect(url_for('settings.users_list', new_user=email, new_user_password=password, new_user_edited=False))
 
         else:
-            return render_template("create_user.html", all_roles=all_roles)
+            return render_template("create_user.html", all_roles=all_roles, admin_level=True)
     else:
-        return render_template("create_user.html", all_roles=all_roles, error_mail=True)
+        return render_template("create_user.html", all_roles=all_roles, error_mail=True, admin_level=True)
 
 @settings.route("/settings/users_list", methods=['GET'])
 @login_required
@@ -216,7 +223,7 @@ def users_list():
         new_user_dict['email'] = new_user
         new_user_dict['edited'] = request.args.get('new_user_edited')
         new_user_dict['password'] = request.args.get('new_user_password')
-    return render_template("users_list.html", all_users=all_users, new_user=new_user_dict)
+    return render_template("users_list.html", all_users=all_users, new_user=new_user_dict, admin_level=True)
 
 @settings.route("/settings/edit_user", methods=['GET'])
 @login_required
diff --git a/var/www/templates/settings/menu_sidebar.html b/var/www/templates/settings/menu_sidebar.html
index f1af27d1..3fe196e4 100644
--- a/var/www/templates/settings/menu_sidebar.html
+++ b/var/www/templates/settings/menu_sidebar.html
@@ -37,23 +37,25 @@
       	    </li>
           </ul>
         </nav>
-        <nav class="navbar navbar-expand navbar-light bg-light flex-md-column flex-row align-items-start py-2" id="nav_users">
-      		<h5 class="d-flex text-muted w-100" id="nav_user_management">
-      		  <span>User Management</span>
-      		</h5>
-          <ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills-->
-      	    <li class="nav-item">
-      	      <a class="nav-link" href="{{url_for('settings.create_user')}}" id="nav_create_user">
-      	        <i class="fas fa-user-plus"></i>
-      	        <span>Create User</span>
-      	      </a>
-      	    </li>
-            <li class="nav-item">
-      	      <a class="nav-link" href="{{url_for('settings.users_list')}}" id="nav_users_list">
-      	        <i class="fas fa-users"></i>
-      	        <span>Users List</span>
-      	      </a>
-      	    </li>
-          </ul>
-      	</nav>
+        {% if admin_level %}
+          <nav class="navbar navbar-expand navbar-light bg-light flex-md-column flex-row align-items-start py-2" id="nav_users">
+        		<h5 class="d-flex text-muted w-100" id="nav_user_management">
+        		  <span>User Management</span>
+        		</h5>
+            <ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills-->
+        	    <li class="nav-item">
+        	      <a class="nav-link" href="{{url_for('settings.create_user')}}" id="nav_create_user">
+        	        <i class="fas fa-user-plus"></i>
+        	        <span>Create User</span>
+        	      </a>
+        	    </li>
+              <li class="nav-item">
+        	      <a class="nav-link" href="{{url_for('settings.users_list')}}" id="nav_users_list">
+        	        <i class="fas fa-users"></i>
+        	        <span>Users List</span>
+        	      </a>
+        	    </li>
+            </ul>
+        	</nav>
+        {% endif %}
       </div>