fleet/website/api/policies/is-super-admin.js

/**
 * is-super-admin
 *
 * A simple policy that blocks requests from non-super-admins.
 *
 * For more about how to use policies, see:
 *   https://sailsjs.com/config/policies
 *   https://sailsjs.com/docs/concepts/policies
 *   https://sailsjs.com/docs/concepts/policies/access-control-and-permissions
 */
module.exports = async function (req, res, proceed) {

  // First, check whether the request comes from a logged-in user.
  // > For more about where `req.me` comes from, check out this app's
  // > custom hook (`api/hooks/custom/index.js`).
  if (!req.me) {
    // Rather than use the standard res.unauthorized(), if the request did not come from a logged-in user,
    // we'll redirect them to an generic version of the customer login page.
    if (req.wantsJSON) {
      return res.sendStatus(401);
    } else {
      return res.redirect('/customers/login?admin');
    }
  }//•

  // Then check that this user is a "super admin".
  if (!req.me.isSuperAdmin) {
    return res.forbidden();
  }//•

  // IWMIH, we've got ourselves a "super admin".
  return proceed();

};
Move fleetdm.com into main Fleet repo (#83) * rename dir * no need to install website or docs from npm At some point, would also be nice to be able to exclude assets/ as well, and to only install a pre-built version of Fleet's frontend code * Bring in fleetdm.com website From https://github.com/fleetdm/fleetdm.com as of https://github.com/fleetdm/fleetdm.com/releases/tag/v0.0.21 * add procfile for heroku Using https://github.com/timanovsky/subdir-heroku-buildpack * avoid getting anybody's hopes up * Create deploy-fleet-website.yml (#82) * Create deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * update pjs with SPDX-like license expressions. also fix repo URL and remove package lock * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * remove dummy uri * Dissect deploy script * Update deploy-fleet-website.yml * workaround for eslintrc nesting issue * lint fixes * forgot the .js * add per-commit git config * Update deploy-fleet-website.yml * might as well remove that * cleanup * connect w/ heroku app and have it actually push * fix bug I introduced in 578a1a01ffb8404aae869e05005e30a6ba2b2a95 * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * the beauty, the glory, of javascript * GH actions don't like "\n" * Update deploy-fleet-website.yml * restore \n chars from 0d45e568f693efba7d7072085bc98d72a482d9ae hoping I was wrong in 0d45e568f693efba7d7072085bc98d72a482d9ae but see also https://github.community/t/what-is-the-correct-character-escaping-for-workflow-command-values-e-g-echo-xxxx/118465/5 * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * rename script to prevent duplicate building * Configure the real website * clean up * a test of the deploy workflow * add handbook to npmignore * I guess you could call this fixing a typo * point workflow at master branch * now clearly bogus: this completely unused version string 2020-12-02 20:48:03 +00:00			`/**`
			`* is-super-admin`
			`*`
			`* A simple policy that blocks requests from non-super-admins.`
			`*`
			`* For more about how to use policies, see:`
			`* https://sailsjs.com/config/policies`
			`* https://sailsjs.com/docs/concepts/policies`
			`* https://sailsjs.com/docs/concepts/policies/access-control-and-permissions`
			`*/`
			`module.exports = async function (req, res, proceed) {`

			`// First, check whether the request comes from a logged-in user.`
			// > For more about where `req.me` comes from, check out this app's
			// > custom hook (`api/hooks/custom/index.js`).
			`if (!req.me) {`
Website: Add admin tool for generating Fleet Premium licenses. (#8478) * create admin/generate-license page * create generate-license-key action, update routes, policies, importer, regenerate cloud-sdk * update layouts * use moment * Update view-generate-license.js * Fixing lint errors * Update generate-license-key.js * Update redirects in is-super-admin policy * redirect super admins to the license generator * Update login form * requested changes from mike-j-thomas * Update generate-license.page.js * Update is-super-admin.js * Update view-login.js * Update generate-license-key.js * Update generate-license-key.js * use naming convention for js timestamps * validTo » expiresAt Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com> 2022-12-05 20:53:16 +00:00			`// Rather than use the standard res.unauthorized(), if the request did not come from a logged-in user,`
			`// we'll redirect them to an generic version of the customer login page.`
			`if (req.wantsJSON) {`
			`return res.sendStatus(401);`
			`} else {`
			`return res.redirect('/customers/login?admin');`
			`}`
Move fleetdm.com into main Fleet repo (#83) * rename dir * no need to install website or docs from npm At some point, would also be nice to be able to exclude assets/ as well, and to only install a pre-built version of Fleet's frontend code * Bring in fleetdm.com website From https://github.com/fleetdm/fleetdm.com as of https://github.com/fleetdm/fleetdm.com/releases/tag/v0.0.21 * add procfile for heroku Using https://github.com/timanovsky/subdir-heroku-buildpack * avoid getting anybody's hopes up * Create deploy-fleet-website.yml (#82) * Create deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * update pjs with SPDX-like license expressions. also fix repo URL and remove package lock * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * remove dummy uri * Dissect deploy script * Update deploy-fleet-website.yml * workaround for eslintrc nesting issue * lint fixes * forgot the .js * add per-commit git config * Update deploy-fleet-website.yml * might as well remove that * cleanup * connect w/ heroku app and have it actually push * fix bug I introduced in 578a1a01ffb8404aae869e05005e30a6ba2b2a95 * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * the beauty, the glory, of javascript * GH actions don't like "\n" * Update deploy-fleet-website.yml * restore \n chars from 0d45e568f693efba7d7072085bc98d72a482d9ae hoping I was wrong in 0d45e568f693efba7d7072085bc98d72a482d9ae but see also https://github.community/t/what-is-the-correct-character-escaping-for-workflow-command-values-e-g-echo-xxxx/118465/5 * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * rename script to prevent duplicate building * Configure the real website * clean up * a test of the deploy workflow * add handbook to npmignore * I guess you could call this fixing a typo * point workflow at master branch * now clearly bogus: this completely unused version string 2020-12-02 20:48:03 +00:00			`}//•`

			`// Then check that this user is a "super admin".`
			`if (!req.me.isSuperAdmin) {`
			`return res.forbidden();`
			`}//•`

			`// IWMIH, we've got ourselves a "super admin".`
			`return proceed();`

			`};`