From 4e8cb5ffef0aecadae3ee7e3fb5f674907c0c3a2 Mon Sep 17 00:00:00 2001
From: Deluan <deluan@deluan.com>
Date: Mon, 20 Jan 2020 13:52:55 -0500
Subject: [PATCH] Only allow Admins to login to the UI (for now)

---
 server/app/auth.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/app/auth.go b/server/app/auth.go
index 562d3e787..085806c3f 100644
--- a/server/app/auth.go
+++ b/server/app/auth.go
@@ -72,6 +72,10 @@ func validateLogin(userRepo model.UserRepository, userName, password string) (*m
 	if u.Password != password {
 		return nil, nil
 	}
+	if !u.IsAdmin {
+		log.Warn("Non-admin user tried to login", "user", userName)
+		return nil, nil
+	}
 	err = userRepo.UpdateLastLoginAt(u.ID)
 	if err != nil {
 		log.Error("Could not update LastLoginAt", "user", userName)