From fd350bbb4e3bb441de42c70e1823adaf0d012892 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@designcreateplay.com>
Date: Wed, 29 May 2013 15:40:48 -0400
Subject: [PATCH] nibbed out and hardcoded uid 1 as an admin... first
 registered user becomes an admin!!

---
 app.js              |  7 +++++--
 src/routes/admin.js | 13 ++++++++++---
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/app.js b/app.js
index 1260e97973..7434cd5f59 100644
--- a/app.js
+++ b/app.js
@@ -20,6 +20,7 @@ fs.readFile(path.join(__dirname, 'config.json'), function(err, data) {
 			}
 
 			var categories = require('./src/categories.js'),
+				RDB = require('./src/redis.js'),
 				templates = require('./public/src/templates.js'),
 				webserver = require('./src/webserver.js'),
 				websockets = require('./src/websockets.js'),
@@ -60,6 +61,8 @@ fs.readFile(path.join(__dirname, 'config.json'), function(err, data) {
 								}
 							});
 
+							// Hardcoding uid 1 as an admin
+							RDB.sadd('administrators', 1);
 						} else {
 							console.log('Info: Good.');
 						}
@@ -118,8 +121,8 @@ fs.readFile(path.join(__dirname, 'config.json'), function(err, data) {
 									if (err) throw err;
 									else {
 										process.stdout.write(
-											"\n\nConfiguration Saved OK\n\nPlease start NodeBB again and navigate to " +
-											base_url + (use_port ? ':' + port : '') + "/install to continue setup.\n\n"
+											"\n\nConfiguration Saved OK\n\nPlease start NodeBB again and register a new user at " +
+											base_url + (use_port ? ':' + port : '') + "/register. This user will automatically become an administrator.\n\n"
 										);
 										process.exit();
 									}
diff --git a/src/routes/admin.js b/src/routes/admin.js
index e5b203a8cd..14a73e36ef 100644
--- a/src/routes/admin.js
+++ b/src/routes/admin.js
@@ -5,6 +5,13 @@ var user = require('./../user.js'),
 	categories = require('./../categories.js');
 
 (function(Admin) {
+	Admin.isAdmin = function(req, res, next) {
+		user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function(isAdmin) {
+			if (!isAdmin) res.redirect('/403');
+			else next();
+		});
+	}
+
 	Admin.create_routes = function(app) {
 
 		(function() {
@@ -12,7 +19,7 @@ var user = require('./../user.js'),
 
 			for (var i=0, ii=routes.length; i<ii; i++) {
 				(function(route) {
-					app.get('/admin/' + route, function(req, res) {
+					app.get('/admin/' + route, Admin.isAdmin, function(req, res) {
 						res.send(templates['admin/header'] + app.create_route('admin/' + route) + templates['admin/footer']);
 					});
 				}(routes[i]));
@@ -20,10 +27,10 @@ var user = require('./../user.js'),
 		}());
 
 		//todo consolidate.
-		app.get('/admin', function(req, res) {
+		app.get('/admin', Admin.isAdmin, function(req, res) {
 			res.send(templates['admin/header'] + app.create_route('admin/index') + templates['admin/footer']);
 		});
-		app.get('/admin/index', function(req, res) {
+		app.get('/admin/index', Admin.isAdmin, function(req, res) {
 			res.send(templates['admin/header'] + app.create_route('admin/index') + templates['admin/footer']);
 		});