Merge pull request apache#231 from Microsoft/xiongyf/webportal-dev

[Webportal] Protect user management

rest-server/src/controllers/token.js

@@ -48,8 +48,9 @@ const get = (req, res) => {
           });
         }
         return res.status(200).json({
-          token,
-          user: username
+          user: username,
+          token: token,
+          admin: admin
         });
       });
     }

webportal/config/webpack.common.js

@@ -163,6 +163,10 @@ const config = {
       jQuery: 'jquery',
       'window.jQuery': 'jquery'
     }),
+    new webpack.ProvidePlugin({
+      cookies: 'js-cookie',
+      'window.cookies': 'js-cookie'
+    }),
     new HtmlWebpackPlugin({
       title: 'Platform for AI',
       filename: 'index.html',

webportal/src/app/layout/layout.component.ejs

@@ -34,6 +34,12 @@
     <aside class="main-sidebar">
       <section class="sidebar">
         <ul class="sidebar-menu" data-widget="tree">
+          <li id="sidebar-menu--user-management">
+            <a href="/register.html">
+              <i class="fa fa-user"></i>
+              <span>User Management</span>
+            </a>
+          </li>
           <li id="sidebar-menu--submit-job">
             <a href="/submit.html">
               <i class="fa fa-plus-circle"></i>

webportal/src/app/layout/layout.component.js

@@ -23,14 +23,16 @@ require('bootstrap/dist/css/bootstrap.min.css');
 require('admin-lte/dist/css/AdminLTE.min.css');
 require('admin-lte/dist/css/skins/_all-skins.min.css');
 require('font-awesome/css/font-awesome.min.css');
-const cookies = require('js-cookie');
+const userAuthComponent = require('../user/user-auth/user-auth.component.js');
 const userLogoutComponent = require('../user/user-logout/user-logout.component.js');
 const userLoginNavComponent = require('../user/user-login/user-login-nav.component.ejs');
 
 
 const userLoginNavHtml = userLoginNavComponent({ cookies });
 
-window.cookies = cookies;
 window.userLogout = userLogoutComponent.userLogout;
 
-$('#navbar').html(userLoginNavHtml);
+$('#navbar').html(userLoginNavHtml);
+if (!userAuthComponent.checkAdmin()) {
+  $('#sidebar-menu--user-management').hide();
+}

webportal/src/app/user/user-auth/user-auth.component.js

@@ -26,4 +26,8 @@ const checkToken = (callback) => {
   }
 };
 
-module.exports = { checkToken };
+const checkAdmin = () => {
+  return cookies.get('admin') === 'true';
+};
+
+module.exports = { checkToken, checkAdmin };

webportal/src/app/user/user-login/user-login-nav.component.ejs

@@ -5,7 +5,6 @@
       <span class="hidden-xs">Welcome, <%= cookies.get("user") %></span>
     </a>
     <ul class="dropdown-menu">
-      <li><a href="#" onclick="window.location.replace('/register.html')">New user</a></li>
       <li><a href="#" onclick="userLogout()">Logout</a></li>
     </ul>
   </li>

webportal/src/app/user/user-login/user-login.component.js

@@ -51,7 +51,8 @@ $(document).ready(() => {
         } else {
           cookies.set('user', data.user, { expires: expiration });
           cookies.set('token', data.token, { expires: expiration });
-          window.location.replace("/view.html");
+          cookies.set('admin', data.admin, { expires: expiration });
+          window.location.replace('/view.html');
         }
       },
       error: (xhr, textStatus, error) => {

webportal/src/app/user/user-logout/user-logout.component.js

@@ -19,6 +19,7 @@
 const userLogout = () => {
   cookies.remove('user');
   cookies.remove('token');
+  cookies.remove('admin');
   window.location.replace('/login.html');
 };