diff --git a/settings.json.template b/settings.json.template index 9eaec478b..9dec7c670 100644 --- a/settings.json.template +++ b/settings.json.template @@ -18,6 +18,9 @@ "ip": "0.0.0.0", "port" : 9001, + // Option to hide/show the settings.json in admin page, default option is set to true + "showSettingsInAdminPage" : true, + /* // Node native SSL support // this is disabled by default diff --git a/src/node/hooks/express/adminsettings.js b/src/node/hooks/express/adminsettings.js index 4986f093c..73691837a 100644 --- a/src/node/hooks/express/adminsettings.js +++ b/src/node/hooks/express/adminsettings.js @@ -30,7 +30,13 @@ exports.socketio = function (hook_name, args, cb) { } else { - socket.emit("settings", {results: data}); + //if showSettingsInAdminPage is set to false, then return NOT_ALLOWED in the result + if(settings.showSettingsInAdminPage === false) { + socket.emit("settings", {results:'NOT_ALLOWED'}); + } + else { + socket.emit("settings", {results: data}); + } } }); }); diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js index b765670a6..24bc25c39 100644 --- a/src/node/utils/Settings.js +++ b/src/node/utils/Settings.js @@ -209,6 +209,11 @@ exports.requireAuthentication = false; exports.requireAuthorization = false; exports.users = {}; +/* +* Show settings in admin page, by default it is true +*/ +exports.showSettingsInAdminPage = true; + //checks if abiword is avaiable exports.abiwordAvailable = function() { diff --git a/src/static/css/admin.css b/src/static/css/admin.css index 97104de93..e9ba6014b 100644 --- a/src/static/css/admin.css +++ b/src/static/css/admin.css @@ -38,6 +38,12 @@ div.innerwrapper { padding-left: 265px; } +div.innerwrapper-err { + padding: 15px; + padding-left: 265px; + display: none; +} + #wrapper { background: none repeat scroll 0px 0px #FFFFFF; box-shadow: 0px 1px 10px rgba(0, 0, 0, 0.2); diff --git a/src/static/js/admin/settings.js b/src/static/js/admin/settings.js index 42b038d52..6c1f5e236 100644 --- a/src/static/js/admin/settings.js +++ b/src/static/js/admin/settings.js @@ -14,12 +14,20 @@ $(document).ready(function () { socket.on('settings', function (settings) { + /* Check whether the settings.json is authorized to be viewed */ + if(settings.results === 'NOT_ALLOWED') { + $('.innerwrapper').hide(); + $('.innerwrapper-err').show(); + $('.err-message').html("Settings json is not authorized to be viewed in Admin page!!"); + return; + } + /* Check to make sure the JSON is clean before proceeding */ if(isJSONClean(settings.results)) { $('.settings').append(settings.results); $('.settings').focus(); - $('.settings').autosize(); + $('.settings').autosize(); } else{ alert("YOUR JSON IS BAD AND YOU SHOULD FEEL BAD"); diff --git a/src/templates/admin/settings.html b/src/templates/admin/settings.html index 3b8615fc6..560ac507c 100644 --- a/src/templates/admin/settings.html +++ b/src/templates/admin/settings.html @@ -44,6 +44,11 @@ Example production settings template Example development settings template + +
+

+
+