#160 Allow access to admin pages just for admin users

TheHive-Project · Mar 27, 2017 · d880c94 · d880c94
1 parent f51208e
commit d880c94
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 41 deletions.
diff --git a/ui/.jshintrc b/ui/.jshintrc
@@ -27,6 +27,7 @@
     "c3": false,
     "saveSvgAsPng": false,
     "Blob": false,
-    "File": false
+    "File": false,
+    "hljs": false
   }
 }
diff --git a/ui/app/scripts/app.js b/ui/app/scripts/app.js
@@ -48,6 +48,17 @@ angular.module('thehive', ['ngAnimate', 'ngMessages', 'ui.bootstrap', 'ui.router
                 templateUrl: 'views/app.html',
                 controller: 'RootCtrl',
                 resolve: {
+                    currentUser: function($q, AuthenticationSrv) {
+                        var deferred = $q.defer();
+
+                        AuthenticationSrv.current(function(userData) {
+                            deferred.resolve(userData);
+                        }, function(err) {
+                            deferred.reject(err);
+                        });
+
+                        return deferred.promise;
+                    },
                     appConfig: function(VersionSrv) {
                         return VersionSrv.get();
                     }
@@ -94,7 +105,20 @@ angular.module('thehive', ['ngAnimate', 'ngMessages', 'ui.bootstrap', 'ui.router
             .state('app.administration', {
                 abstract: true,
                 url: 'administration',
-                template: '<ui-view/>'
+                template: '<ui-view/>',
+                onEnter: function($state, AuthenticationSrv){
+                    var currentUser = AuthenticationSrv.currentUser;
+
+                    if(!currentUser || !currentUser.roles || _.map(currentUser.roles, function(role) {
+                        return role.toLowerCase();
+                    }).indexOf('admin') === -1) {
+                        if(!$state.is('app.cases')) {
+                            $state.go('app.cases');
+                        } else {
+                            return $state.reload();
+                        }
+                    }
+                }
             })
             .state('app.administration.users', {
                 url: '/users',

diff --git a/ui/app/scripts/controllers/RootCtrl.js b/ui/app/scripts/controllers/RootCtrl.js
@@ -2,7 +2,7 @@
  * Controller for main page
  */
 angular.module('theHiveControllers').controller('RootCtrl',
-    function($scope, $uibModal, $location, $state, $base64, AuthenticationSrv, MispSrv, StreamSrv, StreamStatSrv, TemplateSrv, MetricsCacheSrv, AlertSrv) {
+    function($scope, $uibModal, $location, $state, $base64, AuthenticationSrv, MispSrv, StreamSrv, StreamStatSrv, TemplateSrv, MetricsCacheSrv, AlertSrv, currentUser) {
         'use strict';
 
         $scope.querystring = '';
@@ -12,48 +12,44 @@ angular.module('theHiveControllers').controller('RootCtrl',
         $scope.mispEnabled = false;
 
         StreamSrv.init();
-        $scope.currentUser = AuthenticationSrv.current(function() {
-            // while succeed get myCurrentTasks stats
-
-            $scope.templates = TemplateSrv.query();
-
-            $scope.myCurrentTasks = StreamStatSrv({
-                scope: $scope,
-                rootId: 'any',
-                query: {
-                    '_and': [{
-                        'status': 'InProgress'
-                    }, {
-                        'owner': $scope.currentUser.id
-                    }]
-                },
-                result: {},
-                objectType: 'case_task',
-                field: 'status'
-            });
-
-            $scope.waitingTasks = StreamStatSrv({
-                scope: $scope,
-                rootId: 'any',
-                query: {
-                    'status': 'Waiting'
-                },
-                result: {},
-                objectType: 'case_task',
-                field: 'status'
-            });
+        $scope.currentUser = currentUser;
+
+        $scope.templates = TemplateSrv.query();
+
+        $scope.myCurrentTasks = StreamStatSrv({
+            scope: $scope,
+            rootId: 'any',
+            query: {
+                '_and': [{
+                    'status': 'InProgress'
+                }, {
+                    'owner': $scope.currentUser.id
+                }]
+            },
+            result: {},
+            objectType: 'case_task',
+            field: 'status'
+        });
 
-            // Get metrics cache
-            MetricsCacheSrv.all().then(function(list) {
-                $scope.metricsCache = list;
-            });
+        $scope.waitingTasks = StreamStatSrv({
+            scope: $scope,
+            rootId: 'any',
+            query: {
+                'status': 'Waiting'
+            },
+            result: {},
+            objectType: 'case_task',
+            field: 'status'
+        });
 
-            // Get MISP counts
-            $scope.mispEvents = MispSrv.stats($scope);
-        }, function(data, status) {
-            AlertSrv.error('RootCtrl', data, status);
+        // Get metrics cache
+        MetricsCacheSrv.all().then(function(list) {
+            $scope.metricsCache = list;
         });
 
+        // Get MISP counts
+        $scope.mispEvents = MispSrv.stats($scope);
+
         $scope.$on('templates:refresh', function(){
             $scope.templates = TemplateSrv.query();
         });