Disable user management endpoints if admin is enabled

ds-wizard · Sep 19, 2024 · 0763ca5 · 0763ca5
1 parent d449c81
commit 0763ca5
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/wizard-server/src/Wizard/Service/User/UserService.hs b/wizard-server/src/Wizard/Service/User/UserService.hs
@@ -77,6 +77,7 @@ createUserByAdmin :: UserCreateDTO -> AppContextM UserDTO
 createUserByAdmin reqDto =
  runInTransaction $ do
  checkPermission _UM_PERM
+ checkIfAdminIsDisabled
  uUuid <- liftIO generateUuid
  tenantUuid <- asks currentTenantUuid
  clientUrl <- getClientUrl
@@ -97,6 +98,7 @@ createUserByAdminWithUuid reqDto uUuid tenantUuid clientUrl shouldSendRegistrati
 registerUser :: UserCreateDTO -> AppContextM UserDTO
 registerUser reqDto =
  runInTransaction $ do
+ checkIfAdminIsDisabled
  checkIfRegistrationIsEnabled
  uUuid <- liftIO generateUuid
  uPasswordHash <- generatePasswordHash reqDto.password
@@ -111,6 +113,7 @@ registerUser reqDto =
 createUser :: UserCreateDTO -> U.UUID -> String -> String -> [String] -> U.UUID -> String -> Bool -> AppContextM UserDTO
 createUser reqDto uUuid uPasswordHash uRole uPermissions tenantUuid clientUrl shouldSendRegistrationEmail =
  runInTransaction $ do
+ checkIfAdminIsDisabled
  checkUserLimit
  checkActiveUserLimit
  validateUserEmailUniqueness reqDto.email tenantUuid
@@ -276,6 +279,7 @@ deleteUser :: U.UUID -> AppContextM ()
 deleteUser userUuid =
  runInTransaction $ do
  checkPermission _UM_PERM
+ checkIfAdminIsDisabled
  _ <- findUserByUuid userUuid
  deleteAuditByCreatedBy userUuid
  clearBranchCreatedBy userUuid
@@ -321,3 +325,6 @@ sendAnalyticsEmailIfEnabled user = do
 
 checkIfRegistrationIsEnabled =
  checkIfTenantFeatureIsEnabled "Registration" (\c -> c.authentication.internal.registration.enabled)
+
+checkIfAdminIsDisabled =
+ checkIfServerFeatureIsEnabled "User Management Endpoints" (\s -> not s.admin.enabled)