Merge pull request #2991 from LokeshN/deactivate-settings

Issue #2960 - deactivate settings.json

6 files changed, 35 insertions, 2 deletions

diff --git a/settings.json.template b/settings.json.template
index 9eaec478..9dec7c67 100644
--- a/settings.json.template
+++ b/settings.json.template
@@ -18,6 +18,9 @@
   "ip": "0.0.0.0",
   "port" : 9001,
 
+  // Option to hide/show the settings.json in admin page, default option is set to true
+  "showSettingsInAdminPage" : true,
+
   /*
   // Node native SSL support
   // this is disabled by default
diff --git a/src/node/hooks/express/adminsettings.js b/src/node/hooks/express/adminsettings.js
index 4986f093..73691837 100644
--- a/src/node/hooks/express/adminsettings.js
+++ b/src/node/hooks/express/adminsettings.js
@@ -30,7 +30,13 @@ exports.socketio = function (hook_name, args, cb) {
         }
         else
         {
-          socket.emit("settings", {results: data});
+          //if showSettingsInAdminPage is set to false, then return NOT_ALLOWED in the result
+          if(settings.showSettingsInAdminPage === false) {
+            socket.emit("settings", {results:'NOT_ALLOWED'});
+          }
+          else {
+            socket.emit("settings", {results: data});
+          }
         }
       });
     });
diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js
index b765670a..24bc25c3 100644
--- a/src/node/utils/Settings.js
+++ b/src/node/utils/Settings.js
@@ -209,6 +209,11 @@ exports.requireAuthentication = false;
 exports.requireAuthorization = false;
 exports.users = {};
 
+/*
+* Show settings in admin page, by default it is true
+*/
+exports.showSettingsInAdminPage = true;
+
 //checks if abiword is avaiable
 exports.abiwordAvailable = function()
 {
diff --git a/src/static/css/admin.css b/src/static/css/admin.css
index 97104de9..e9ba6014 100644
--- a/src/static/css/admin.css
+++ b/src/static/css/admin.css
@@ -38,6 +38,12 @@ div.innerwrapper {
   padding-left: 265px;

 }

 

+div.innerwrapper-err {

+  padding: 15px;

+  padding-left: 265px;

+  display: none;

+}

+

 #wrapper {

   background: none repeat scroll 0px 0px #FFFFFF;

   box-shadow: 0px 1px 10px rgba(0, 0, 0, 0.2);

diff --git a/src/static/js/admin/settings.js b/src/static/js/admin/settings.js
index 42b038d5..6c1f5e23 100644
--- a/src/static/js/admin/settings.js
+++ b/src/static/js/admin/settings.js
@@ -14,12 +14,20 @@ $(document).ready(function () {
 
   socket.on('settings', function (settings) {
 
+    /* Check whether the settings.json is authorized to be viewed */
+    if(settings.results === 'NOT_ALLOWED') {
+      $('.innerwrapper').hide();
+      $('.innerwrapper-err').show();
+      $('.err-message').html("Settings json is not authorized to be viewed in Admin page!!");
+      return;
+    }
+
     /* Check to make sure the JSON is clean before proceeding */
     if(isJSONClean(settings.results))
     {
       $('.settings').append(settings.results);
       $('.settings').focus();
-      $('.settings').autosize();  
+      $('.settings').autosize();
     }
     else{
       alert("YOUR JSON IS BAD AND YOU SHOULD FEEL BAD");
diff --git a/src/templates/admin/settings.html b/src/templates/admin/settings.html
index 3b8615fc..560ac507 100644
--- a/src/templates/admin/settings.html
+++ b/src/templates/admin/settings.html
@@ -44,6 +44,11 @@
         <a href='https://github.com/ether/etherpad-lite/wiki/Example-Production-Settings.JSON'>Example production settings template</a>
         <a href='https://github.com/ether/etherpad-lite/wiki/Example-Development-Settings.JSON'>Example development settings template</a>
       </div>
+
+      <div class="innerwrapper-err" >
+        <h2 class="err-message"></h2>
+      </div>
+
     </div>
   </body>
 </html>