Use the scope to determine what the user has access to

src/js/client.js

@@ -222,6 +222,7 @@ angular.module('Application').service('Client', ['$http', '$interval', 'md5', 'N
         this._userInfo.displayName = userInfo.displayName;
         this._userInfo.admin = !!userInfo.admin;
         this._userInfo.twoFactorAuthenticationEnabled = userInfo.twoFactorAuthenticationEnabled;
+        this._userInfo.scope = userInfo.scope;
         this._userInfo.gravatar = 'https://www.gravatar.com/avatar/' + md5.createHash(userInfo.email) + '.jpg?s=24&d=mm';
         this._userInfo.gravatarHuge = 'https://www.gravatar.com/avatar/' + md5.createHash(userInfo.email) + '.jpg?s=128&d=mm';
     };
@@ -263,11 +264,17 @@ angular.module('Application').service('Client', ['$http', '$interval', 'md5', 'N
         return token;
     };
 
+    Client.prototype.hasScope = function (scope) {
+        return this.getUserInfo().scope.split(',').indexOf(scope) !== -1;
+    };
+
     /*
      * Rest API wrappers
      */
     Client.prototype.config = function (callback) {
-        get('/api/v1/cloudron/config').success(function(data, status) {
+        var configRoute = this.hasScope('cloudron') ? '/api/v1/cloudron/config' : '/api/v1/user/cloudron_config';
+
+        get(configRoute).success(function(data, status) {
             if (status !== 200 || typeof data !== 'object') return callback(new ClientError(status, data));
             callback(null, data);
         }).error(defaultErrorHandler(callback));
@@ -1028,7 +1035,9 @@ angular.module('Application').service('Client', ['$http', '$interval', 'md5', 'N
 
         callback = typeof callback === 'function' ? callback : function () {};
 
-        this.getAppsByUser(function (error, apps) {
+        var getAppsFunc = this.hasScope('apps') ? this.getApps : this.getAppsByUser;
+
+        getAppsFunc(function (error, apps) {
             if (error) return callback(error);
 
             // insert or update new apps

src/views/activity.js

@@ -1,6 +1,8 @@
 'use strict';
 
 angular.module('Application').controller('ActivityController', ['$scope', '$location', 'Client', function ($scope, $location, Client) {
+    Client.onReady(function () { if (!Client.hasScope('cloudron')) $location.path('/'); });
+
     $scope.config = Client.getConfig();
 
     $scope.busy = false;

src/views/appstore.js

@@ -1,7 +1,7 @@
 'use strict';
 
 angular.module('Application').controller('AppStoreController', ['$scope', '$location', '$timeout', '$routeParams', 'Client', 'AppStore', function ($scope, $location, $timeout, $routeParams, Client, AppStore) {
-    Client.onReady(function () { if (!Client.getUserInfo().admin) $location.path('/'); });
+    Client.onReady(function () { if (!Client.hasScope('apps')) $location.path('/'); });
 
     $scope.HOST_PORT_MIN = 1024;
     $scope.HOST_PORT_MAX = 65535;

src/views/domains.js

@@ -1,7 +1,7 @@
 'use strict';
 
 angular.module('Application').controller('DomainsController', ['$scope', '$location', 'Client', 'ngTld', function ($scope, $location, Client, ngTld) {
-    Client.onReady(function () { if (!Client.getUserInfo().admin) $location.path('/'); });
+    Client.onReady(function () { if (!Client.hasScope('domains')) $location.path('/'); });
 
     $scope.config = Client.getConfig();
     $scope.dnsConfig = null;

src/views/email.js

@@ -3,7 +3,7 @@
 /* global asyncForEach:false */
 
 angular.module('Application').controller('EmailController', ['$scope', '$location', '$timeout', '$rootScope', 'Client', 'AppStore', function ($scope, $location, $timeout, $rootScope, Client, AppStore) {
-    Client.onReady(function () { if (!Client.getUserInfo().admin) $location.path('/'); });
+    Client.onReady(function () { if (!Client.hasScope('mail')) $location.path('/'); });
 
     $scope.ready = false;
     $scope.refreshBusy = true;

src/views/graphs.js

@@ -4,7 +4,7 @@
 'use strict';
 
 angular.module('Application').controller('GraphsController', ['$scope', '$location', 'Client', function ($scope, $location, Client) {
-    Client.onReady(function () { if (!Client.getUserInfo().admin) $location.path('/'); });
+    Client.onReady(function () { if (!Client.hasScope('cloudron')) $location.path('/'); });
 
     $scope.diskUsage = {};
     $scope.memoryUsageSystem = [];

src/views/settings.js

@@ -1,7 +1,7 @@
 'use strict';
 
 angular.module('Application').controller('SettingsController', ['$scope', '$location', '$rootScope', '$timeout', 'Client', 'AppStore', function ($scope, $location, $rootScope, $timeout, Client, AppStore) {
-    Client.onReady(function () { if (!Client.getUserInfo().admin) $location.path('/'); });
+    Client.onReady(function () { if (!Client.hasScope('settings')) $location.path('/'); });
 
     $scope.client = Client;
     $scope.user = Client.getUserInfo();

src/views/support.js

@@ -1,6 +1,8 @@
 'use strict';
 
 angular.module('Application').controller('SupportController', ['$scope', '$location', 'Client', function ($scope, $location, Client) {
+    Client.onReady(function () { if (!Client.hasScope('settings')) $location.path('/'); });
+
     $scope.config = Client.getConfig();
     $scope.user = Client.getUserInfo();
     $scope.apps = Client.getInstalledApps();

src/views/tokens.js

@@ -1,6 +1,8 @@
 'use strict';
 
 angular.module('Application').controller('TokensController', ['$scope', 'Client', function ($scope, Client) {
+    Client.onReady(function () { if (!Client.hasScope('clients')) $location.path('/'); });
+
     $scope.user = Client.getUserInfo();
     $scope.config = Client.getConfig();
 

src/views/users.js

@@ -4,7 +4,7 @@
 /* global asyncForEach:false */
 
 angular.module('Application').controller('UsersController', ['$scope', '$location', '$timeout', 'Client', function ($scope, $location, $timeout, Client) {
-    Client.onReady(function () { if (!Client.getUserInfo().admin) $location.path('/'); });
+    Client.onReady(function () { if (!Client.hasScope('users')) $location.path('/'); });
 
     $scope.ready = false;
     $scope.users = [];