From 4d18dcb3777bdfa4b7c7a8ce99b7bbca83b6234c Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <jakob.ackermann@overleaf.com>
Date: Thu, 31 Mar 2022 11:37:49 +0100
Subject: [PATCH] Merge pull request #7210 from overleaf/jpa-switch-to-admin

[web] add a button for switching to the admin domain from www.

GitOrigin-RevId: 7e14b9c1415ef6cad5f369d77530599bac3148e7
---
 .../src/Features/Authorization/AuthorizationMiddleware.js   | 4 ++--
 .../app/src/Features/Helpers/AdminAuthorizationHelper.js    | 4 ++--
 services/web/app/src/infrastructure/ExpressLocals.js        | 3 +++
 services/web/app/views/layout/navbar-marketing.pug          | 6 +++++-
 services/web/app/views/layout/navbar.pug                    | 6 +++++-
 .../unit/src/Authorization/AuthorizationMiddlewareTests.js  | 2 +-
 6 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/services/web/app/src/Features/Authorization/AuthorizationMiddleware.js b/services/web/app/src/Features/Authorization/AuthorizationMiddleware.js
index b95eae47c0..f43fc493a4 100644
--- a/services/web/app/src/Features/Authorization/AuthorizationMiddleware.js
+++ b/services/web/app/src/Features/Authorization/AuthorizationMiddleware.js
@@ -8,12 +8,12 @@ const SessionManager = require('../Authentication/SessionManager')
 const TokenAccessHandler = require('../TokenAccess/TokenAccessHandler')
 const { expressify } = require('../../util/promises')
 const {
-  shouldRedirectToAdminDomain,
+  canRedirectToAdminDomain,
 } = require('../Helpers/AdminAuthorizationHelper')
 const { getSafeAdminDomainRedirect } = require('../Helpers/UrlHelper')
 
 function handleAdminDomainRedirect(req, res) {
-  if (shouldRedirectToAdminDomain(SessionManager.getSessionUser(req.session))) {
+  if (canRedirectToAdminDomain(SessionManager.getSessionUser(req.session))) {
     logger.warn({ req }, 'redirecting admin user to admin domain')
     res.redirect(getSafeAdminDomainRedirect(req.originalUrl))
     return true
diff --git a/services/web/app/src/Features/Helpers/AdminAuthorizationHelper.js b/services/web/app/src/Features/Helpers/AdminAuthorizationHelper.js
index 585cfce9e9..6a86e53847 100644
--- a/services/web/app/src/Features/Helpers/AdminAuthorizationHelper.js
+++ b/services/web/app/src/Features/Helpers/AdminAuthorizationHelper.js
@@ -2,7 +2,7 @@ const Settings = require('@overleaf/settings')
 
 module.exports = {
   hasAdminAccess,
-  shouldRedirectToAdminDomain,
+  canRedirectToAdminDomain,
 }
 
 function hasAdminAccess(user) {
@@ -11,7 +11,7 @@ function hasAdminAccess(user) {
   return Boolean(user.isAdmin)
 }
 
-function shouldRedirectToAdminDomain(user) {
+function canRedirectToAdminDomain(user) {
   if (Settings.adminPrivilegeAvailable) return false
   if (!Settings.adminUrl) return false
   if (!user) return false
diff --git a/services/web/app/src/infrastructure/ExpressLocals.js b/services/web/app/src/infrastructure/ExpressLocals.js
index cef8f22615..5791bc2bc8 100644
--- a/services/web/app/src/infrastructure/ExpressLocals.js
+++ b/services/web/app/src/infrastructure/ExpressLocals.js
@@ -13,6 +13,7 @@ const PackageVersions = require('./PackageVersions')
 const Modules = require('./Modules')
 const SafeHTMLSubstitute = require('../Features/Helpers/SafeHTMLSubstitution')
 const {
+  canRedirectToAdminDomain,
   hasAdminAccess,
 } = require('../Features/Helpers/AdminAuthorizationHelper')
 
@@ -302,6 +303,8 @@ module.exports = function (webRouter, privateApiRouter, publicApiRouter) {
     res.locals.getLoggedInUserId = () =>
       SessionManager.getLoggedInUserId(req.session)
     res.locals.getSessionUser = () => SessionManager.getSessionUser(req.session)
+    res.locals.canRedirectToAdminDomain = () =>
+      canRedirectToAdminDomain(SessionManager.getSessionUser(req.session))
     res.locals.hasAdminAccess = () =>
       hasAdminAccess(SessionManager.getSessionUser(req.session))
     next()
diff --git a/services/web/app/views/layout/navbar-marketing.pug b/services/web/app/views/layout/navbar-marketing.pug
index 85549fc2ae..9837634955 100644
--- a/services/web/app/views/layout/navbar-marketing.pug
+++ b/services/web/app/views/layout/navbar-marketing.pug
@@ -16,10 +16,11 @@ nav.navbar.navbar-default.navbar-main
 				a(href='/', aria-label=settings.appName).navbar-brand
 
 		- var canDisplayAdminMenu = hasAdminAccess()
+		- var canDisplayAdminRedirect = canRedirectToAdminDomain()
 		- var canDisplaySplitTestMenu = hasFeature('saas') && (canDisplayAdminMenu || (getSessionUser() && getSessionUser().staffAccess && (getSessionUser().staffAccess.splitTestMetrics || getSessionUser().staffAccess.splitTestManagement)))
 		.navbar-collapse.collapse(data-ol-navbar-main-collapse)
 			ul.nav.navbar-nav.navbar-right
-				if (canDisplayAdminMenu || canDisplaySplitTestMenu)
+				if (canDisplayAdminMenu || canDisplayAdminRedirect || canDisplaySplitTestMenu)
 					li.dropdown.subdued
 						a.dropdown-toggle(
 							href="#",
@@ -38,6 +39,9 @@ nav.navbar.navbar-default.navbar-main
 									a(href="/admin/user") Manage Users
 								li
 									a(href="/admin/project") Project URL Lookup
+							if canDisplayAdminRedirect
+								li
+									a(href=settings.adminUrl) Switch to Admin
 							if canDisplaySplitTestMenu
 								li
 									a(href="/admin/split-test") Manage Split Tests
diff --git a/services/web/app/views/layout/navbar.pug b/services/web/app/views/layout/navbar.pug
index 0304ee4e6e..5e819bc53b 100644
--- a/services/web/app/views/layout/navbar.pug
+++ b/services/web/app/views/layout/navbar.pug
@@ -11,10 +11,11 @@ nav.navbar.navbar-default.navbar-main
 				a(href='/', aria-label=settings.appName).navbar-brand
 
 		- var canDisplayAdminMenu = hasAdminAccess()
+		- var canDisplayAdminRedirect = canRedirectToAdminDomain()
 		- var canDisplaySplitTestMenu = hasFeature('saas') && (canDisplayAdminMenu || (getSessionUser() && getSessionUser().staffAccess && (getSessionUser().staffAccess.splitTestMetrics || getSessionUser().staffAccess.splitTestManagement)))
 		.navbar-collapse.collapse(collapse="navCollapsed")
 			ul.nav.navbar-nav.navbar-right
-				if (canDisplayAdminMenu || canDisplaySplitTestMenu)
+				if (canDisplayAdminMenu || canDisplayAdminRedirect || canDisplaySplitTestMenu)
 					li.dropdown(class="subdued", dropdown)
 						a.dropdown-toggle(href, dropdown-toggle)
 							| Admin
@@ -27,6 +28,9 @@ nav.navbar.navbar-default.navbar-main
 									a(href="/admin/user") Manage Users
 								li
 									a(href="/admin/project") Project URL Lookup
+							if canDisplayAdminRedirect
+								li
+									a(href=settings.adminUrl) Switch to Admin
 							if canDisplaySplitTestMenu
 								li
 									a(href="/admin/split-test") Manage Split Tests
diff --git a/services/web/test/unit/src/Authorization/AuthorizationMiddlewareTests.js b/services/web/test/unit/src/Authorization/AuthorizationMiddlewareTests.js
index f790c30cc2..7327fb1993 100644
--- a/services/web/test/unit/src/Authorization/AuthorizationMiddlewareTests.js
+++ b/services/web/test/unit/src/Authorization/AuthorizationMiddlewareTests.js
@@ -44,7 +44,7 @@ describe('AuthorizationMiddleware', function () {
         '../Authentication/SessionManager': this.SessionManager,
         '../TokenAccess/TokenAccessHandler': this.TokenAccessHandler,
         '../Helpers/AdminAuthorizationHelper': {
-          shouldRedirectToAdminDomain: sinon.stub().returns(false),
+          canRedirectToAdminDomain: sinon.stub().returns(false),
         },
       },
     })