Check user role when accessing community admin page

EUDAT-B2SHARE · Feb 27, 2020 · 82324ac · 82324ac
1 parent 28ce67e
commit 82324ac
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/webui/src/components/community_admin.jsx b/webui/src/components/community_admin.jsx
@@ -3,6 +3,7 @@ import { Link } from 'react-router';
 import { DropdownList, Multiselect } from 'react-widgets';
 import { fromJS, OrderedMap, Map } from 'immutable';
 import { serverCache, notifications , browser , Error, loginURL} from '../data/server';
+import { isCommunityAdmin } from './record.jsx';
 import { LoginOrRegister } from './user.jsx';
 import { Wait, Err } from './waiting.jsx';
 
@@ -49,6 +50,10 @@ export const CommunityAdmin = React.createClass({
             return <Err err={community}/>;
         }
 
+        if (!isCommunityAdmin(community.get('id'))) {
+            return <Err err={{code: 403, text: "You don't have the required role to access this page"}}/>;
+        }
+
         const communityName = community.get('name');
 
         var roles = {};

diff --git a/webui/src/components/record.jsx b/webui/src/components/record.jsx
@@ -502,7 +502,7 @@ function isRecordOwner(record) {
     return record.getIn(['metadata', 'owners']).indexOf(userId) >= 0;
 }
 
-function isCommunityAdmin(communityId) {
+export function isCommunityAdmin(communityId) {
     if (!serverCache.getUser()) {
         return false;
     }