[plugins] added permission check to system plugins

Countly · Jul 27, 2015 · e5435c7 · e5435c7
1 parent c373bbb
commit e5435c7
Show file tree

Hide file tree

Showing 10 changed files with 116 additions and 90 deletions.
diff --git a/plugins/dbviewer/api/api.js b/plugins/dbviewer/api/api.js
@@ -8,8 +8,8 @@ var plugin = {},
 	plugins.register("/o/db", function(ob){
 		var dbs = {countly:common.db, countly_drill:common.drillDb};
 		var params = ob.params;
-		var validateUserForMgmtReadAPI = ob.validateUserForMgmtReadAPI;
-		validateUserForMgmtReadAPI(function(){
+		var validateUserForGlobalAdmin = ob.validateUserForGlobalAdmin;
+		validateUserForGlobalAdmin(params, function(){
 			if(params.qstring.dbs && params.qstring.collection && params.qstring.document && params.qstring.collection.indexOf("system.indexes") == -1 && params.qstring.collection.indexOf("sessions_") == -1){
 				if(dbs[params.qstring.dbs]){
 					if(isObjectId(params.qstring.document)){
@@ -77,7 +77,7 @@ var plugin = {},
 						callback(null, null);
 				}
 			}
-		}, params);		
+		});		
 		return true;
 	});
 

diff --git a/plugins/dbviewer/frontend/public/javascripts/countly.views.js b/plugins/dbviewer/frontend/public/javascripts/countly.views.js
@@ -111,6 +111,7 @@ window.DBViewerView = countlyView.extend({
 //register views
 app.dbviewerView = new DBViewerView();
 
+if(countlyGlobal["member"].global_admin){
 app.route('/manage/db', 'db', function () {
 	this.dbviewerView.db = null;
 	this.dbviewerView.collection = null;
@@ -159,7 +160,7 @@ app.route('/manage/db/:dbs/:collection/page/:page', 'dbs', function (db, collect
 	}
 	this.renderWhenReady(this.dbviewerView);
 });
-
+}
 app.addPageScript("#", function(){
 	if (Backbone.history.fragment.indexOf("/manage/db") > -1) {
         $("#sidebar-app-select").addClass("disabled");
@@ -171,10 +172,12 @@ $( document ).ready(function() {
     if(!production){
         CountlyHelpers.loadJS("dbviewer/javascripts/json.human.js");
     }
-	var menu = '<a href="#/manage/db" class="item">'+
-		'<div class="logo-icon fa fa-database"></div>'+
-		'<div class="text" data-localize="dbviewer.title"></div>'+
-	'</a>';
-	if($('#management-submenu .help-toggle').length)
-		$('#management-submenu .help-toggle').before(menu);
+    if(countlyGlobal["member"].global_admin){
+        var menu = '<a href="#/manage/db" class="item">'+
+            '<div class="logo-icon fa fa-database"></div>'+
+            '<div class="text" data-localize="dbviewer.title"></div>'+
+        '</a>';
+        if($('#management-submenu .help-toggle').length)
+            $('#management-submenu .help-toggle').before(menu);
+    }
 });
diff --git a/plugins/errorlogs/api/api.js b/plugins/errorlogs/api/api.js
@@ -12,7 +12,7 @@ var plugin = {},
 	plugins.register("/o/errorlogs", function(ob){
 		//get parameters
         var params = ob.params; //request params
-        var validate = ob.validateUserForDataReadAPI; //user validation
+        var validate = ob.validateUserForGlobalAdmin; //user validation
         var paths = ob.paths;
 
         validate(params, function (params) {
@@ -57,7 +57,7 @@ var plugin = {},
     plugins.register("/i/errorlogs", function(ob){
 		//get parameters
         var params = ob.params; //request params
-        var validate = ob.validateUserForDataWriteAPI; //user validation
+        var validate = ob.validateUserForGlobalAdmin; //user validation
 
         validate(params, function (params) {
             if(params.qstring.log && logs[params.qstring.log]){

diff --git a/plugins/errorlogs/frontend/public/javascripts/countly.views.js b/plugins/errorlogs/frontend/public/javascripts/countly.views.js
@@ -52,16 +52,19 @@ window.ErrorLogsView = countlyView.extend({
 
 //register views
 app.errorLogsView = new ErrorLogsView();
-
-app.route('/manage/errorlogs', 'errorlogs', function () {
-	this.renderWhenReady(this.errorLogsView);
-});
+if(countlyGlobal["member"].global_admin){
+    app.route('/manage/errorlogs', 'errorlogs', function () {
+        this.renderWhenReady(this.errorLogsView);
+    });
+}
 
 $( document ).ready(function() {
-	var menu = '<a href="#/manage/errorlogs" class="item">'+
-		'<div class="logo-icon fa fa-exclamation-triangle"></div>'+
-		'<div class="text" data-localize="errorlogs.title"></div>'+
-	'</a>';
-	if($('#management-submenu .help-toggle').length)
-		$('#management-submenu .help-toggle').before(menu);
+    if(countlyGlobal["member"].global_admin){
+        var menu = '<a href="#/manage/errorlogs" class="item">'+
+            '<div class="logo-icon fa fa-exclamation-triangle"></div>'+
+            '<div class="text" data-localize="errorlogs.title"></div>'+
+        '</a>';
+        if($('#management-submenu .help-toggle').length)
+            $('#management-submenu .help-toggle').before(menu);
+    }
 });
diff --git a/plugins/plugins/frontend/public/javascripts/countly.views.js b/plugins/plugins/frontend/public/javascripts/countly.views.js
@@ -97,10 +97,11 @@ window.PluginsView = countlyView.extend({
 
 //register views
 app.pluginsView = new PluginsView();
-
-app.route('/manage/plugins', 'plugins', function () {
-	this.renderWhenReady(this.pluginsView);
-});
+if(countlyGlobal["member"].global_admin){
+    app.route('/manage/plugins', 'plugins', function () {
+        this.renderWhenReady(this.pluginsView);
+    });
+}
 app.addPageScript("/manage/plugins", function(){
    $("#plugins-selector").find(">.button").click(function () {
         if ($(this).hasClass("selected")) {

diff --git a/plugins/populator/frontend/public/javascripts/countly.views.js b/plugins/populator/frontend/public/javascripts/countly.views.js
@@ -62,9 +62,11 @@ window.PopulatorView = countlyView.extend({
 //register views
 app.populatorView = new PopulatorView();
 
-app.route('/manage/populate', 'populate', function () {
-	this.renderWhenReady(this.populatorView);
-});
+if(countlyGlobal["member"].global_admin){
+    app.route('/manage/populate', 'populate', function () {
+        this.renderWhenReady(this.populatorView);
+    });
+}
 
 app.addPageScript("#", function(){
 	if (Backbone.history.fragment.indexOf("/manage/populate") > -1) {
@@ -78,11 +80,12 @@ $( document ).ready(function() {
 	fileref.setAttribute("type","text/javascript");
 	fileref.setAttribute("src", "populator/javascripts/chance.js");
 	document.getElementsByTagName("head")[0].appendChild(fileref);
-
-	var menu = '<a href="#/manage/populate" class="item">'+
-		'<div class="logo-icon fa fa-random"></div>'+
-		'<div class="text" data-localize="populator.title"></div>'+
-	'</a>';
-	if($('#management-submenu .help-toggle').length)
-		$('#management-submenu .help-toggle').before(menu);
+    if(countlyGlobal["member"].global_admin){
+        var menu = '<a href="#/manage/populate" class="item">'+
+            '<div class="logo-icon fa fa-random"></div>'+
+            '<div class="text" data-localize="populator.title"></div>'+
+        '</a>';
+        if($('#management-submenu .help-toggle').length)
+            $('#management-submenu .help-toggle').before(menu);
+    }
 });
diff --git a/plugins/systemlogs/api/api.js b/plugins/systemlogs/api/api.js
@@ -7,7 +7,7 @@ var plugin = {},
 	//read api call
 	plugins.register("/o", function(ob){
 		var params = ob.params
-		var validate = ob.validateUserForDataReadAPI;
+		var validate = ob.validateUserForGlobalAdmin;
 		if(params.qstring.method == 'systemlogs'){
             validate(params, function(params){
 				common.db.collection('systemlogs').find().limit(1000).toArray(function(err, items) {

diff --git a/plugins/systemlogs/frontend/public/javascripts/countly.views.js b/plugins/systemlogs/frontend/public/javascripts/countly.views.js
@@ -57,16 +57,19 @@ window.SystemLogsView = countlyView.extend({
 
 //register views
 app.systemLogsView = new SystemLogsView();
-
-app.route('/manage/systemlogs', 'systemlogs', function () {
-	this.renderWhenReady(this.systemLogsView);
-});
+if(countlyGlobal["member"].global_admin){
+    app.route('/manage/systemlogs', 'systemlogs', function () {
+        this.renderWhenReady(this.systemLogsView);
+    });
+}
 
 $( document ).ready(function() {
-	var menu = '<a href="#/manage/systemlogs" class="item">'+
-		'<div class="logo-icon fa fa-user-secret"></div>'+
-		'<div class="text" data-localize="systemlogs.title"></div>'+
-	'</a>';
-	if($('#management-submenu .help-toggle').length)
-		$('#management-submenu .help-toggle').before(menu);
+    if(countlyGlobal["member"].global_admin){
+        var menu = '<a href="#/manage/systemlogs" class="item">'+
+            '<div class="logo-icon fa fa-user-secret"></div>'+
+            '<div class="text" data-localize="systemlogs.title"></div>'+
+        '</a>';
+        if($('#management-submenu .help-toggle').length)
+            $('#management-submenu .help-toggle').before(menu);
+    }
 });
diff --git a/plugins/updates/api/api.js b/plugins/updates/api/api.js
@@ -28,44 +28,53 @@ var plugin = {},
 	}
 
 	plugins.register('/o/updates', function(ob){
-		if (ob.paths.length > 3 && ob.paths[3] === 'check') {
-			if (ob.params.qstring.key in updates) {
-	            common.returnOutput(ob.params, {status: updates[ob.params.qstring.key].error || 'pending' });
-			} else {
-	            common.returnOutput(ob.params, {status: 'success' });
-			}
-		} else {
-		    common.returnOutput(ob.params, [
-		    	{title: 'Latest version from Github', desc: 'Update Countly server to HEAD of Github repository. WARNING! This is not stable release!', type: 'github', id: 'HEAD'}
-			]);
-		}
+        console.log("/o/updates");
+        var params = ob.params
+		var validate = ob.validateUserForGlobalAdmin;
+        validate(params, function (params) {
+            if (ob.paths.length > 3 && ob.paths[3] === 'check') {
+                if (ob.params.qstring.key in updates) {
+                    common.returnOutput(ob.params, {status: updates[ob.params.qstring.key].error || 'pending' });
+                } else {
+                    common.returnOutput(ob.params, {status: 'success' });
+                }
+            } else {
+                common.returnOutput(ob.params, [
+                    {title: 'Latest version from Github', desc: 'Update Countly server to HEAD of Github repository. WARNING! This is not stable release!', type: 'github', id: 'HEAD'}
+                ]);
+            }
+        });
     	return true;
 	});
 
 	plugins.register('/i/updates', function(ob){
-		var argProps = {
-		        'id':               { 'required': true,  'type': 'String'   },
-		        'type':        		{ 'required': true,  'type': 'String'   },
-		    },
-		    update = {},
-		    params = ob.params;
-
-		if (!(update = common.validateArgs(params.qstring, argProps))) {
-            common.returnOutput(params, {error: 'Not enough args'});
-		    return false;
-		}
-
-		if (update.type === 'github') {
-			if (update.id === 'HEAD') {
-				update.key = Math.round(Math.random() * 100000000);
-				updates[update.key] = update;
-				common.returnOutput(params, update);
-				setTimeout(updateFromGithub.bind(this, update), 500);
-				return true;
-			}
-		}
-
-        common.returnOutput(params, {error: 'Update type not supported yet'});
+        var params = ob.params
+		var validate = ob.validateUserForGlobalAdmin;
+        validate(params, function (params) {
+            var argProps = {
+                    'id':               { 'required': true,  'type': 'String'   },
+                    'type':        		{ 'required': true,  'type': 'String'   },
+                },
+                update = {},
+                params = ob.params;
+
+            if (!(update = common.validateArgs(params.qstring, argProps))) {
+                common.returnOutput(params, {error: 'Not enough args'});
+                return false;
+            }
+
+            if (update.type === 'github') {
+                if (update.id === 'HEAD') {
+                    update.key = Math.round(Math.random() * 100000000);
+                    updates[update.key] = update;
+                    common.returnOutput(params, update);
+                    setTimeout(updateFromGithub.bind(this, update), 500);
+                    return true;
+                }
+            }
+
+            common.returnOutput(params, {error: 'Update type not supported yet'});
+        });
 		return true;
 	});
 }(plugin));

diff --git a/plugins/updates/frontend/public/javascripts/countly.views.js b/plugins/updates/frontend/public/javascripts/countly.views.js
@@ -85,15 +85,19 @@ window.UpdatesView = countlyView.extend({
 //register views
 app.updatesView = new UpdatesView();
 
-app.route('/manage/updates', 'updates', function () {
-	this.renderWhenReady(this.updatesView);
-});
+if(countlyGlobal["member"].global_admin){
+    app.route('/manage/updates', 'updates', function () {
+        this.renderWhenReady(this.updatesView);
+    });
+}
 
 $( document ).ready(function() {
-	var menu = '<a href="#/manage/updates" class="item">'+
-		'<div class="logo-icon fa fa-exclamation-triangle"></div>'+
-		'<div class="text" data-localize="updates.title"></div>'+
-	'</a>';
-	if($('#management-submenu .help-toggle').length)
-		$('#management-submenu .help-toggle').before(menu);
+    if(countlyGlobal["member"].global_admin){
+        var menu = '<a href="#/manage/updates" class="item">'+
+            '<div class="logo-icon fa fa-exclamation-triangle"></div>'+
+            '<div class="text" data-localize="updates.title"></div>'+
+        '</a>';
+        if($('#management-submenu .help-toggle').length)
+            $('#management-submenu .help-toggle').before(menu);
+    }
 });