From ac6d9ba044a3305a26ba1e5babd86ddfe68a7970 Mon Sep 17 00:00:00 2001
From: john <johnbarlas39@gmail.com>
Date: Sat, 3 Dec 2016 20:12:45 +0200
Subject: [PATCH] only admin can view teams and users && redirect all non-found
 routes to the book list

---
 app/authsome_editoria.js                 |  2 ++
 app/components/Navigation/Navigation.jsx |  5 ++---
 app/main.scss                            |  7 -------
 app/routes.jsx                           | 14 ++++++++++++--
 4 files changed, 16 insertions(+), 12 deletions(-)
 delete mode 100644 app/main.scss

diff --git a/app/authsome_editoria.js b/app/authsome_editoria.js
index 22267f4..473aa79 100644
--- a/app/authsome_editoria.js
+++ b/app/authsome_editoria.js
@@ -55,6 +55,8 @@ var editoria = function (user, operation, object) {
   if (!user) return false
   if (user.admin) return true
 
+  if (operation === 'admin') return false
+
   // object might be an array of objects (eg. teams, users, etc.)
   // pick up if that is the case and use the first one to define the type of those objects
   if (Array.isArray(object)) {
diff --git a/app/components/Navigation/Navigation.jsx b/app/components/Navigation/Navigation.jsx
index 18c7d5f..673ecb0 100644
--- a/app/components/Navigation/Navigation.jsx
+++ b/app/components/Navigation/Navigation.jsx
@@ -48,18 +48,17 @@ export default class Navigation extends React.Component {
             <NavItem>Books</NavItem>
           </LinkContainer>
 
-          <Authorize operation='read' object={currentUser.user}>
+          <Authorize operation='read' object='users'>
             <LinkContainer to='/users'>
               <NavItem>Users</NavItem>
             </LinkContainer>
           </Authorize>
 
-          <Authorize operation='read'>
+          <Authorize operation='read' object='teams'>
             <LinkContainer to='/teams'>
               <NavItem>Teams</NavItem>
             </LinkContainer>
           </Authorize>
-
         </Nav>
 
         { logoutButtonIfAuthenticated }
diff --git a/app/main.scss b/app/main.scss
deleted file mode 100644
index bdf2996..0000000
--- a/app/main.scss
+++ /dev/null
@@ -1,7 +0,0 @@
-// @import '~pubsweet-component-pepper-theme/main';
-
-// $icon-font-path: '~bootstrap-sass/assets/fonts/bootstrap/';
-//
-// .bootstrap {
-//   @import '~bootstrap-sass/assets/stylesheets/_bootstrap';
-// }
diff --git a/app/routes.jsx b/app/routes.jsx
index 93c2e0c..2f2b463 100644
--- a/app/routes.jsx
+++ b/app/routes.jsx
@@ -22,6 +22,14 @@ const AuthenticatedManage = requireAuthentication(
   Manage, 'create', (state) => state.collections[0]
 )
 
+const AdminOnlyUsersManager = requireAuthentication(
+  UsersManager, 'admin', (state) => state.collections[0]
+)
+
+const AdminOnlyTeamsManager = requireAuthentication(
+  TeamsManager, 'admin', (state) => state.collections[0]
+)
+
 export default (
   <Route>
     <Redirect from='/' to='books' />
@@ -33,11 +41,13 @@ export default (
       <Route path='books/:id/book-builder' component={BookBuilder} />
       <Route path='books/:bookId/fragments/:fragmentId' component={SimpleEditorWrapper} />
 
-      <Route path='users' component={UsersManager} />
-      <Route path='teams' component={TeamsManager} />
+      <Route path='users' component={AdminOnlyUsersManager} />
+      <Route path='teams' component={AdminOnlyTeamsManager} />
     </Route>
 
     <Route path='/login' component={Login} />
     <Route path='/signup' component={Signup} />
+
+    <Redirect path='*' to='books' />
   </Route>
 )
-- 
GitLab