diff --git a/lib/configuration/hooks/dashboard/config/config.js b/lib/configuration/hooks/dashboard/config/config.js index 3759605799..3a88e97565 100644 --- a/lib/configuration/hooks/dashboard/config/config.js +++ b/lib/configuration/hooks/dashboard/config/config.js @@ -5,16 +5,53 @@ */ module.exports = function * () { + let user; + let isAdmin = false; + + try { + user = yield strapi.api.user.services.jwt.getToken(this, true); + + if (user && user.id) { + // Find the user in the database. + user = yield strapi.orm.collections.user.findOne(user.id).populate('roles'); + + // Check if the user has the role `admin`. + isAdmin = _.findWhere(user.roles, {name: 'admin'}); + if (!isAdmin) { + this.status = 403; + this.body = { + message: 'You must be have the role admin to get the config of the app.' + }; + return; + } + } + } catch (err) { + + } try { // Init output object. const output = {}; // Set the config. - output.settings = { - url: strapi.config.url, - i18n: strapi.config.i18n - }; + output.settings = {}; + output.settings.url = strapi.config.url; + + // Define if the app is considered as new. + const userCount = yield strapi.orm.collections.user.count(); + output.settings.isNewApp = !userCount; + + // User is not connected. + if (!user) { + output.connected = false; + this.body = output; + return; + } else { + output.connected = true; + } + + // i18n config. + output.settings.i18n = strapi.config.i18n; // Set the models. output.models = strapi.models; @@ -36,17 +73,6 @@ module.exports = function * () { }); }); - // User count. - const promises = []; - promises.push(strapi.orm.collections.user.count()); - - // Execute promises. - const response = yield promises; - - // Define if the app is considered as new. - const userCount = response[0]; - output.settings.isNewApp = !userCount; - // Finally send the result in the callback. this.body = output; } catch (err) {