From 14ad69bfac2011fac1db90cf144a461b1ebc78f0 Mon Sep 17 00:00:00 2001
From: Jeremy Clements <79224539+jeclrsg@users.noreply.github.com>
Date: Tue, 3 Sep 2024 10:22:05 -0400
Subject: [PATCH] HPCC-32585 ECL Watch v9 redirect security routes non-admin

adds logic to the security/* routes that will prevent a non-admin user
from reaching these urls

Signed-off-by: Jeremy Clements <79224539+jeclrsg@users.noreply.github.com>
---
 esp/src/src-react/hooks/user.ts | 5 +++++
 esp/src/src-react/routes.tsx    | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/esp/src/src-react/hooks/user.ts b/esp/src/src-react/hooks/user.ts
index a1b49dab49e..0eefa837e6c 100644
--- a/esp/src/src-react/hooks/user.ts
+++ b/esp/src/src-react/hooks/user.ts
@@ -3,6 +3,8 @@ import { useConst, useForceUpdate } from "@fluentui/react-hooks";
 import { AccessService, AccountService, WsAccount } from "@hpcc-js/comms";
 import { cookieKeyValStore } from "src/KeyValStore";
 
+declare const dojoConfig;
+
 const defaults = {
     ESPSessionTimeout: 7200,
     ESPAuthenticated: false,
@@ -97,12 +99,15 @@ export function useMyAccount(): { currentUser: WsAccount.MyAccountResponse, isAd
                         const adminGroupNames = ["Administrator", "Directory Administrators"];
                         if (response.isLDAPAdmin || groups.filter(group => !adminGroupNames.indexOf(group.name)).length > 0) {
                             setIsAdmin(true);
+                            dojoConfig.isAdmin = true;
                         } else {
                             setIsAdmin(account.accountType === "Administrator");
+                            dojoConfig.isAdmin = account.accountType === "Administrator";
                         }
                     });
                 } else {
                     setIsAdmin(true);
+                    dojoConfig.isAdmin = true;
                 }
                 setCurrentUser(account);
             });
diff --git a/esp/src/src-react/routes.tsx b/esp/src/src-react/routes.tsx
index 39b52b822bc..bee1c306fd9 100644
--- a/esp/src/src-react/routes.tsx
+++ b/esp/src/src-react/routes.tsx
@@ -2,6 +2,8 @@ import * as React from "react";
 import { Route, RouterContext } from "universal-router";
 import { initialize, parsePage, parseSearch, parseSort, pushUrl, replaceUrl } from "./util/history";
 
+declare const dojoConfig;
+
 export type MainNav = "activities" | "workunits" | "files" | "queries" | "topology" | "operations";
 
 export interface RouteEx<R = any, C extends RouterContext = RouterContext> extends Route<R, C> {
@@ -327,6 +329,7 @@ export const routes: RoutesEx = [
             },
             {
                 path: "/security",
+                action: () => { if (!dojoConfig.isAdmin) { replaceUrl("/topology"); } },
                 children: [
                     {
                         path: "", action: (ctx, params) => import("./components/Security").then(_ => {
@@ -462,6 +465,7 @@ export const routes: RoutesEx = [
             {
 
                 path: "/security",
+                action: () => { if (!dojoConfig.isAdmin) { replaceUrl("/operations"); } },
                 children: [
                     {
                         path: "", action: (ctx, params) => import("./components/Security").then(_ => {