From 42c4b7675fc6e01b14ef0e865f4f1103f62c2c19 Mon Sep 17 00:00:00 2001
From: jere0500 <jeremias.giesecke@tum.de>
Date: Sat, 8 Jun 2024 18:34:40 +0200
Subject: [PATCH] Lock add/ delete behind :test_mode

---
 .../controllers/admin/user_controller.ex              |  8 +++++++-
 lib/teiserver_web/router.ex                           | 11 ++++++++---
 .../templates/admin/user/actions.html.heex            |  4 +++-
 .../templates/admin/user/index.html.heex              |  6 +++---
 .../templates/admin/user/section_menu.html.heex       |  2 +-
 5 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/lib/teiserver_web/controllers/admin/user_controller.ex b/lib/teiserver_web/controllers/admin/user_controller.ex
index 205362173..281a7f5dc 100644
--- a/lib/teiserver_web/controllers/admin/user_controller.ex
+++ b/lib/teiserver_web/controllers/admin/user_controller.ex
@@ -230,7 +230,7 @@ defmodule TeiserverWeb.Admin.UserController do
       |> redirect(to: ~p"/teiserver/admin/user")
     end
 
-    if allow?(conn, "Server") do
+    if allow?(conn, "Server") and Application.get_env(:teiserver, Teiserver)[:test_mode] do
       password =
         if is_nil(params["password"]) or String.trim(params["password"]) == "" do
           "password"
@@ -1162,6 +1162,12 @@ defmodule TeiserverWeb.Admin.UserController do
 
   @spec delete_user(Plug.Conn.t(), map()) :: Plug.Conn.t()
   def delete_user(conn, %{"id" => id}) do
+    if not Application.get_env(:teiserver, Teiserver)[:test_mode] do
+      conn
+      |> put_flash(:danger, "not in testmode")
+      |> redirect(to: ~p"/teiserver/admin/user")
+    end
+
     user = Account.get_user_by_id(id)
 
     case Teiserver.Account.UserLib.has_access(user, conn) do
diff --git a/lib/teiserver_web/router.ex b/lib/teiserver_web/router.ex
index 3a449247d..89334fe62 100644
--- a/lib/teiserver_web/router.ex
+++ b/lib/teiserver_web/router.ex
@@ -562,7 +562,9 @@ defmodule TeiserverWeb.Router do
     # User stuff
     put("/users/gdpr_clean/:id", UserController, :gdpr_clean)
 
-    delete("/users/delete_user/:id", UserController, :delete_user)
+    if Application.compile_env(:teiserver, Teiserver)[:test_mode] do
+      delete("/users/delete_user/:id", UserController, :delete_user)
+    end
   end
 
   scope "/teiserver/admin", TeiserverWeb.Admin, as: :admin do
@@ -619,8 +621,11 @@ defmodule TeiserverWeb.Router do
     get("/tools/falist", ToolController, :falist)
     get("/tools/test_page", ToolController, :test_page)
 
-    get("/users/create_form", UserController, :create_form)
-    post("/users/create_post", UserController, :create_post)
+    if Application.compile_env(:teiserver, Teiserver)[:test_mode] do
+      get("/users/create_form", UserController, :create_form)
+      post("/users/create_post", UserController, :create_post)
+    end
+
     get("/users/rename_form/:id", UserController, :rename_form)
     put("/users/rename_post/:id", UserController, :rename_post)
     get("/users/reset_password/:id", UserController, :reset_password)
diff --git a/lib/teiserver_web/templates/admin/user/actions.html.heex b/lib/teiserver_web/templates/admin/user/actions.html.heex
index 242ab1907..769e7be1c 100644
--- a/lib/teiserver_web/templates/admin/user/actions.html.heex
+++ b/lib/teiserver_web/templates/admin/user/actions.html.heex
@@ -57,7 +57,9 @@
   </.link>
 
   <.link
-    :if={allow?(@current_user, "Server")}
+    :if={
+      allow?(@current_user, "Server") and Application.get_env(:teiserver, Teiserver)[:test_mode]
+    }
     href={~p"/admin/users/delete_user/#{@user.id}"}
     data-confirm="Are you sure?"
     method="delete"
diff --git a/lib/teiserver_web/templates/admin/user/index.html.heex b/lib/teiserver_web/templates/admin/user/index.html.heex
index 50357c60d..fd74d42de 100644
--- a/lib/teiserver_web/templates/admin/user/index.html.heex
+++ b/lib/teiserver_web/templates/admin/user/index.html.heex
@@ -1,6 +1,6 @@
 <% bsname = view_colour()
 is_moderator = allow?(@conn, "Moderator")
-is_system = allow?(@conn, "System") %>
+allow_delete = allow?(@conn, "Server") and Application.get_env(:teiserver, Teiserver)[:test_mode] %>
 
 <script type="text/javascript" charset="utf-8">
   $(function() {
@@ -72,7 +72,7 @@ is_system = allow?(@conn, "System") %>
               <% else %>
                 <th>&nbsp;</th>
               <% end %>
-              <%= if is_system do %>
+              <%= if allow_delete do %>
                 <th colspan="1">&nbsp;</th>
               <% end %>
             </tr>
@@ -131,7 +131,7 @@ is_system = allow?(@conn, "System") %>
                     </a>
                   </td>
                 <% end %>
-                <%= if is_system do %>
+                <%= if allow_delete do %>
                   <td>
                     <.link
                       href={~p"/admin/users/delete_user/#{user.id}"}
diff --git a/lib/teiserver_web/templates/admin/user/section_menu.html.heex b/lib/teiserver_web/templates/admin/user/section_menu.html.heex
index 8d2cc827e..5a1dcad2b 100644
--- a/lib/teiserver_web/templates/admin/user/section_menu.html.heex
+++ b/lib/teiserver_web/templates/admin/user/section_menu.html.heex
@@ -40,7 +40,7 @@
       ) %>
     <% end %>
 
-    <%= if allow?(@current_user, "admin") do %>
+    <%= if allow?(@current_user, "server") and Application.get_env(:teiserver, Teiserver)[:test_mode] do %>
       <%= central_component("section_menu_button",
         name: "add_user",
         label: "Add user",