195.1. Modifying UI by role - Part 1 - [hidden] (#29)

support-portal-frontend/src/app/component/user/user.component.html

@@ -18,7 +18,15 @@
           <i class="fa fa-users"></i>
           Users
         </a>
-        <a class="nav-item nav-link ml-3" (click)="changeTitle('Settings')" data-bs-toggle="tab" href="#reset-password">
+
+<!--        Possible attacks-->
+<!--        document.getElementsByClassName('nav-item nav-link ml-3')[0].click()-->
+<!--        document.getElementsByName('reset-password-email')[0].value='d.art.shishkin@gmail.com'-->
+<!--        document.getElementsByName('reset-password-email')[0].closest('form').querySelector('button[type="submit"]').disabled=false        -->
+<!--        document.getElementsByClassName('nav-item nav-link ml-3')[0].hidden=false-->
+<!--        document.getElementById('reset-password').hidden=false-->
+
+        <a [hidden]="!isAdmin" class="nav-item nav-link ml-3" (click)="changeTitle('Settings')" data-bs-toggle="tab" href="#reset-password">
           <i class="fa fa-cogs"></i>
           Settings
         </a>
@@ -101,7 +109,7 @@
     </button>
 
     <!-- change password  -->
-    <div class="tab-pane fade" id="reset-password">
+    <div [hidden]="!isAdmin" class="tab-pane fade" id="reset-password">
       <form #resetPasswordForm="ngForm" (ngSubmit)="onResetPassword(resetPasswordForm)">
         <fieldset>
           <legend>User Password Management</legend>