Remove fields for non admin notifiers (arkime#1245)

tests/api-notifiers.t

@@ -1,4 +1,4 @@
-use Test::More tests => 31;
+use Test::More tests => 33;
 use Cwd;
 use URI::Escape;
 use MolochTest;
@@ -86,6 +86,11 @@ my $notAdminToken = getTokenCookie('notadmin');
   ok(exists $notifiers->{test1a}, "notifier update");
   is($notifiers->{test1a}->{fields}[0]->{slackWebhookUrl}->{value}, "test1aurl", "notifier field value update");
 
+# non admin no fields
+  $notifiers = viewerGetToken("/notifiers?molochRegressionUser=notadmin", $notAdminToken);
+  ok(exists $notifiers->{test1a}, "notifier update");
+  ok(!exists $notifiers->{test1a}->{fields}, "fields shouldn't exist for non admin");
+
 # cleanup
   $json = viewerDeleteToken("/notifiers/test1a", $token);
   ok($json->{success}, "notifier delete success");

viewer/viewer.js

@@ -1290,25 +1290,43 @@ function issueAlert (notifierName, alertMessage, continueProcess) {
 }
 
 app.get('/notifierTypes', checkCookieToken, function (req, res) {
-  if (internals.notifiers) {
-    return res.send(internals.notifiers);
+  if (!internals.notifiers) {
+    buildNotifiers();
   }
 
-  buildNotifiers();
-
   return res.send(internals.notifiers);
 });
 
 // get created notifiers
 app.get('/notifiers', checkCookieToken, function (req, res) {
+  function cloneNotifiers(notifiers) {
+    var clone = {};
+
+    for (var key in notifiers) {
+      if (notifiers.hasOwnProperty(key)) {
+        var notifier = notifiers[key];
+        clone[key] = {
+          name: notifier.name,
+          type : notifier.type
+        };
+      }
+    }
+
+    return clone;
+  }
+
   Db.getUser('_moloch_shared', (err, sharedUser) => {
     if (!sharedUser || !sharedUser.found) {
       return res.send({});
     } else {
       sharedUser = sharedUser._source;
     }
 
-    return res.send(sharedUser.notifiers);
+    if (req.user.createEnabled) {
+      return res.send(sharedUser.notifiers);
+    }
+
+    return res.send(cloneNotifiers(sharedUser.notifiers));
   });
 });