make django admin disabled by default

.devcontainer/entrypoint.sh

@@ -100,6 +100,7 @@ MESH_USERNAME = '${MESH_USER}'
 MESH_SITE = 'https://${MESH_HOST}'
 MESH_TOKEN_KEY = '${MESH_TOKEN}'
 REDIS_HOST    = '${REDIS_HOST}'
+ADMIN_ENABLED = True
 EOF
 )"
 

api/tacticalrmm/tacticalrmm/settings.py

@@ -2,7 +2,7 @@ import os
 from datetime import timedelta
 from pathlib import Path
 
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+BASE_DIR = Path(__file__).resolve().parent.parent
 
 SCRIPTS_DIR = "/srv/salt/scripts"
 
@@ -39,11 +39,9 @@ except ImportError:
     pass
 
 INSTALLED_APPS = [
-    "django.contrib.admin",
     "django.contrib.auth",
     "django.contrib.contenttypes",
     "django.contrib.sessions",
-    "django.contrib.messages",
     "django.contrib.staticfiles",
     "rest_framework",
     "rest_framework.authtoken",
@@ -66,10 +64,17 @@ INSTALLED_APPS = [
     "natsapi",
 ]
 
-if not "TRAVIS" in os.environ and not "AZPIPELINE" in os.environ:
-    if DEBUG:
+if not "AZPIPELINE" in os.environ:
+    if DEBUG:  # type: ignore
         INSTALLED_APPS += ("django_extensions",)
 
+if ADMIN_ENABLED:  # type: ignore
+    INSTALLED_APPS += (
+        "django.contrib.admin",
+        "django.contrib.messages",
+    )
+
+
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
@@ -78,10 +83,11 @@ MIDDLEWARE = [
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "tacticalrmm.middleware.AuditMiddleware",
-    "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
 ]
 
+if ADMIN_ENABLED:  # type: ignore
+    MIDDLEWARE += ("django.contrib.messages.middleware.MessageMiddleware",)
 
 REST_KNOX = {
     "TOKEN_TTL": timedelta(hours=5),

api/tacticalrmm/tacticalrmm/urls.py

@@ -1,12 +1,10 @@
 from django.conf import settings
-from django.contrib import admin
 from django.urls import include, path
 from knox import views as knox_views
 
 from accounts.views import CheckCreds, LoginView
 
 urlpatterns = [
-    path(settings.ADMIN_URL, admin.site.urls),
     path("checkcreds/", CheckCreds.as_view()),
     path("login/", LoginView.as_view()),
     path("logout/", knox_views.LogoutView.as_view()),
@@ -27,3 +25,8 @@ urlpatterns = [
     path("accounts/", include("accounts.urls")),
     path("natsapi/", include("natsapi.urls")),
 ]
+
+if hasattr(settings, "ADMIN_ENABLED") and settings.ADMIN_ENABLED:
+    from django.contrib import admin
+
+    urlpatterns += (path(settings.ADMIN_URL, admin.site.urls),)

docker/containers/tactical/entrypoint.sh

@@ -106,6 +106,7 @@ MESH_SITE = 'https://${MESH_HOST}'
 MESH_TOKEN_KEY = '${MESH_TOKEN}'
 REDIS_HOST    = '${REDIS_HOST}'
 MESH_WS_URL = 'ws://${MESH_CONTAINER}:443'
+ADMIN_ENABLED = False
 EOF
 )"
 

install.sh

@@ -366,6 +366,7 @@ MESH_USERNAME = "${meshusername}"
 MESH_SITE = "https://${meshdomain}"
 REDIS_HOST    = "localhost"
 KEEP_SALT = False
+ADMIN_ENABLED = False
 EOF
 )"
 echo "${localvars}" > /rmm/api/tacticalrmm/tacticalrmm/local_settings.py

update.sh

@@ -261,6 +261,15 @@ sudo chown -R $USER:$GROUP /home/${USER}/.cache
 sudo chown ${USER}:${USER} -R /etc/letsencrypt
 sudo chmod 775 -R /etc/letsencrypt
 
+CHECK_ADMIN_ENABLED=$(grep ADMIN_ENABLED /rmm/api/tacticalrmm/tacticalrmm/local_settings.py)
+if ! [[ $CHECK_ADMIN_ENABLED ]]; then
+adminenabled="$(cat << EOF
+ADMIN_ENABLED = False
+EOF
+)"
+echo "${adminenabled}" | tee --append /rmm/api/tacticalrmm/tacticalrmm/local_settings.py > /dev/null
+fi
+
 CHECK_REMOVE_SALT=$(grep KEEP_SALT /rmm/api/tacticalrmm/tacticalrmm/local_settings.py)
 if ! [[ $CHECK_REMOVE_SALT ]]; then
   printf >&2 "${YELLOW}This update removes salt from the rmm${NC}\n"