Add EnableUserEditing, to control whether a regular user can change…

… their own details (default `true`)
navidrome · May 2, 2021 · 7feda4b · 7feda4b
1 parent 2ff1c79
commit 7feda4b
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 0 deletions.
diff --git a/conf/configuration.go b/conf/configuration.go
@@ -42,6 +42,7 @@ type configOptions struct {
 	EnableGravatar         bool
 	EnableFavourites       bool
 	EnableStarRating       bool
+	EnableUserEditing      bool
 	DefaultTheme           string
 	GATrackingID           string
 	EnableLogRedacting     bool
@@ -148,6 +149,7 @@ func init() {
 	viper.SetDefault("enablegravatar", false)
 	viper.SetDefault("enablefavourites", true)
 	viper.SetDefault("enablestarrating", true)
+	viper.SetDefault("enableuserediting", true)
 	viper.SetDefault("defaulttheme", "Dark")
 	viper.SetDefault("gatrackingid", "")
 	viper.SetDefault("enablelogredacting", true)

diff --git a/persistence/user_repository.go b/persistence/user_repository.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"time"
 
+	"github.com/navidrome/navidrome/conf"
+
 	. "github.com/Masterminds/squirrel"
 	"github.com/astaxie/beego/orm"
 	"github.com/deluan/rest"
@@ -145,6 +147,9 @@ func (r *userRepository) Update(entity interface{}, cols ...string) error {
 		return rest.ErrPermissionDenied
 	}
 	if !usr.IsAdmin {
+		if !conf.Server.EnableUserEditing {
+			return rest.ErrPermissionDenied
+		}
 		u.IsAdmin = false
 		u.UserName = usr.UserName
 	}

diff --git a/server/app/serve_index.go b/server/app/serve_index.go
@@ -48,6 +48,7 @@ func serveIndex(ds model.DataStore, fs fs.FS) http.HandlerFunc {
 			"losslessFormats":         strings.ToUpper(strings.Join(consts.LosslessFormats, ",")),
 			"devActivityPanel":        conf.Server.DevActivityPanel,
 			"devFastAccessCoverArt":   conf.Server.DevFastAccessCoverArt,
+			"enableUserEditing":       conf.Server.EnableUserEditing,
 		}
 		j, err := json.Marshal(appConfig)
 		if err != nil {

diff --git a/server/app/serve_index_test.go b/server/app/serve_index_test.go
@@ -189,6 +189,16 @@ var _ = Describe("serveIndex", func() {
 		expected := strings.ToUpper(strings.Join(consts.LosslessFormats, ","))
 		Expect(config).To(HaveKeyWithValue("losslessFormats", expected))
 	})
+
+	It("sets the enableUserEditing", func() {
+		r := httptest.NewRequest("GET", "/index.html", nil)
+		w := httptest.NewRecorder()
+
+		serveIndex(ds, fs)(w, r)
+
+		config := extractAppConfig(w.Body.String())
+		Expect(config).To(HaveKeyWithValue("enableUserEditing", true))
+	})
 })
 
 var appConfigRegex = regexp.MustCompile(`(?m)window.__APP_CONFIG__="([^"]*)`)

diff --git a/ui/src/config.js b/ui/src/config.js
@@ -17,6 +17,7 @@ const defaultConfig = {
   devFastAccessCoverArt: false,
   enableStarRating: true,
   defaultTheme: 'Dark',
+  enableUserEditing: true,
 }
 
 let config

diff --git a/ui/src/layout/AppBar.js b/ui/src/layout/AppBar.js
@@ -80,6 +80,9 @@ const CustomUserMenu = ({ onClick, ...rest }) => {
       return null
     }
     if (permissions !== 'admin') {
+      if (!config.enableUserEditing) {
+        return null
+      }
       userResource.icon = PersonIcon
     } else {
       userResource.icon = SupervisorAccountIcon