Reusable templates feature desktop

docs/configure/local.md

@@ -127,6 +127,50 @@ or if using Windows:
 
 - `docker run -d -p 8080:3000 -v %CD%/test.env:/app/.env owasp/threat-dragon:stable`
 
+## Configuring Templates for Desktop
+
+Navigate to the cog icon in the navigation bar and click **Manage Templates**.
+
+![Manage template image]({{ '/assets/images/manage-template.png'
+ | relative_url }}){: style="max-width: 400px; width: 100%;" }
+
+If templates have not been configured before, you will be presented with a setup dialog offering three options:
+
+![Folder Setup Dialog Box]({{ '/assets/images/folder-setup-dialog.png'
+ | relative_url }}){: style="max-width: 400px; width: 100%;" }
+
+- **Use default location** — creates a `templates` folder in the application data directory
+(`AppData/Roaming/Threat Dragon/templates` on Windows)
+- **Choose custom location** — opens a folder browser so you can select any folder on your filesystem
+- **Select existing template folder** — point to a folder that already contains a `template_info.json` index file
+
+For the default and custom location options, Threat Dragon will automatically create a `template_info.json`
+index file in the selected folder if one does not already exist.
+
+For the existing folder option, the folder must already contain a valid `template_info.json` file.
+If the file is not found, setup will fail with an error.
+
+### Folder Structure
+
+All template files are stored flat in the configured folder alongside the index file:
+
+```plaintext
+templates/
+├── template_info.json       ← index file listing all templates
+├── my-template-abc123.json  ← template model file
+└── another-template-xyz.json
+```
+
+The `template_info.json` file is managed automatically by Threat Dragon — you do not need to edit it manually.
+
+### Changing the Template Folder Location
+
+The configured template folder path is persisted in `AppData/Roaming/Threat Dragon/templates-path.txt`.
+To change the template storage location, delete this file and restart Threat Dragon and
+you will be prompted to configure a new location on next launch.
+
+Note that templates from the previous folder will not be migrated automatically.
+
 ### Example production local environment
 
 Important: this example file contains test values, do not use these values for anything other than short-term tests.

docs/usage/templates.md

@@ -13,7 +13,7 @@ quickly create new threat models based on pre-defined structures.
 
 **Note**: The template feature is currently available for GitHub repositories and for local users
 who have templates stored in their local file system. Support for Atlassian Bitbucket, GitLab, Google Drive,
-and desktop is coming in future releases.
+is coming in future releases.
 
 ## Create a new model from a template
 
@@ -50,7 +50,7 @@ where you can enter general information about your model.
 The template's diagrams, components, and threats will already be populated as a starting point.
 The name that you provide for the model will be used as the file name within the repository.
 
-## Loading a template from a local file
+### Loading a template from a local file
 
 In addition to organisation templates, you can also start from a local template file.
 This is useful when you have received a template file from a colleague.
@@ -71,10 +71,7 @@ The imported template's diagrams, components, and threats will be used as a star
 to your organisation's template repository. Only administrators can add templates to
 the shared template gallery.
 
-## Exporting an existing model as a template
-
-**Note** : This feature is currently only available for web-based local sessions and GitHub authenticated
-sessions. Support for additional providers will be added in a future releases.
+### Exporting an existing model as a template
 
 If you have created a threat model that would be useful as a template for others,
 you can export it as a template file that can be shared or imported later.
@@ -106,7 +103,7 @@ The exported template file can then be:
 **Note**: The export removes any organisation-specific information (such as repository paths)
 and generates new unique identifiers, making it suitable for use as a reusable template.
 
-## Managing Templates (Administrators)
+### Managing Templates (Administrators)
 
 Users with **push** or **admin** permissions on the template repository (`GITHUB_CONTENT_REPO`)
 are considered administrators and can manage the organisation's shared template gallery.
@@ -119,7 +116,7 @@ which takes you to the Manage Templates page where you can add, edit, and delete
  | relative_url }}){: style="max-width: 400px; width: 100%;" }
 
 For information on configuring the template repository, see the
-[GitHub configuration guide](../configure/github.md#template-repository-configuration).
+[GitHub configuration guide]({{ '/configure/github.html#template-repository-configuration'| relative_url }}).
 
 ### Bootstrapping the Template Repository
 
@@ -179,3 +176,143 @@ template are not affected, but the template will no longer be available for crea
 **Session timeout**: When logging in to an external drive or repository, be aware that sessions
 can time out. This timeout length varies by provider; if this is a problem, keep the session
 alive using a tab in the same browser window.
+
+## Using the Desktop application
+
+![Start Button]({{ '/assets/images/start.png'| relative_url }})
+
+The threat dragon desktop application can be configured with templates stored in local file system.
+
+For information on how to configure templates in your desktop deployment, see the
+[Local configuration guide]({{ '/configure/local.html#configuring-templates-for-desktop' | relative_url }})
+
+![Template button image]({{ '/assets/images/template-button.png'
+| relative_url }}){: .float-right style="max-width: 170px; width: 100%;" }
+
+To create a new threat model from a template, go to the Welcome page and click the
+**Create model from a Template** button.
+
+You will then be presented with the Template Gallery showing all available templates.
+Browse or search for a template that fits your needs, then click on the template card to select it.
+
+![Template Gallery]({{ '/assets/images/template-gallery.png'
+ | relative_url }}){: style="max-width: 500px; width: 100%;" }
+
+After selecting a template, you will be taken to the threat model edit screen.
+The template's diagrams, components, and threats will be pre-populated,
+but metadata fields such as owner, reviewer, and contributors will be empty for you to fill in.
+
+### Loading a template from a file
+
+In addition to templates stored in your configured folder, you can also load a template directly
+from any file on your filesystem. This is useful when you have received a template file from a colleague
+that you want to use as a one-off starting point without adding it to your gallery.
+
+**Note**: Template files use a different schema to standard threat model files and are not interchangeable.
+To use an existing model as a starting point, first export it as a template using the **Export as Template** option.
+
+From the Template Gallery, click the **Start from a Local Template** button to browse for a template file.
+![Local template image]({{ '/assets/images/local-template.png'
+ | relative_url }}){: style="max-width: 500px; width: 100%;" }
+
+The file will be validated to ensure it is a properly formatted Threat Dragon template.
+Once loaded, you will be taken to the threat model edit screen with the template's diagrams,
+components,and threats pre-populated.
+
+**Note**: This creates a new model based on the selected file. It does not add the template
+to your configured template folder.
+
+### Exporting an existing model as a template on Desktop
+
+If you have created a threat model that would be useful as a template for others,
+you can export it as a template file that can be shared or imported later.
+
+From your threat model's details page, click on the manage dropdown and select **Export as Template**.
+You will be taken to the export template page where you can review and customise the template details.
+
+![Export template image]({{ '/assets/images/export-template-button.png'
+ | relative_url }}){: style="max-width: 400px; width: 100%;" }
+
+![Export template page]({{ '/assets/images/export-template-page.png'
+ | relative_url }}){: style="max-width: 1000px; width: 100%;" }
+
+On the export template page, you can:
+
+- Review the template name and description
+- Add or modify tags for easier searching
+
+Once you are satisfied with the template details, click **Save Template** to download the
+template file to your local filesystem.
+
+The exported template file can then be:
+
+- Shared directly with colleagues so they can use it as a one-off starting point, without needing to add it to their gallery
+- Imported into your own template gallery using the 'Manage Templates' portal.
+- Used as a local backup or starting point for future models
+
+**Note**: The export removes any model-specific information and generates new unique identifiers,
+making it suitable for use as a reusable template.
+
+### Managing Templates
+
+On the desktop application, all users have full administrator access to the template gallery.
+
+Click the **cog icon** in the navigation bar and select **Manage Templates** to open the
+Manage Templates page,where you can add, edit, and delete templates.
+
+![Manage template image]({{ '/assets/images/manage-template.png'
+ | relative_url }}){: style="max-width: 400px; width: 100%;" }
+
+**Note**: You can only add, edit, or delete templates if you have write access to the configured template folder.
+If the folder is read-only, the Manage Templates page will open in read-only mode and modification options will be hidden.
+
+![Manage template image]({{ '/assets/images/read-only-templates-portal.png'
+ | relative_url }}){: style="max-width: 700px; width: 100%;"}
+
+For information on configuring the template folder, see the
+[Desktop Template Configuration Guide]({{ '/configure/local.html#configuring-templates-for-desktop' | relative_url }}).
+
+### Bootstrapping the Template Folder
+
+On the desktop application, template storage is initialised automatically when you configure a folder location.
+Simply navigate to Manage Templates, select a setup option, and Threat Dragon will create the template_info.json
+index file in the chosen folder automatically.
+
+No separate initialisation step is required.
+
+### Importing Templates to the Gallery on Desktop
+
+1. Obtain a template file (either exported from an existing model or received from a colleague)
+2. Navigate to the Manage Templates portal
+3. Click the **Add New Template** button
+   ![import-templates]({{ '/assets/images/import-template-button.png'
+    | relative_url }}){: style="max-width: 170px; width: 100%;"}
+4. Select the template file from your local filesystem
+
+The template will now appear in the Template Gallery.
+
+### Updating Template Metadata on Desktop
+
+You can update a template's name, description, or tags without modifying the template content.
+
+1. Navigate to the Manage Templates page
+2. Find the template you want to update
+3. Click the kebab menu on the template card and select **Edit**
+4. Modify the name, description, or tags as needed
+
+![Kebab-Menu]({{ '/assets/images/kebab-menu.png' | relative_url }})
+
+![Edit-Template]({{ '/assets/images/edit-template.png'
+ | relative_url }}){: style="max-width: 400px; width: 100%;" }
+
+### Deleting Templates on Desktop
+
+You can delete templates from your template gallery.
+
+1. Navigate to the Manage Templates page
+2. Find the template you want to delete
+3. Click the kebab menu on the template card and select **Delete**
+4. Confirm the deletion
+
+**Warning**: Deleting a template cannot be undone. Existing threat models created from the
+template are not affected, but the template will no longer be available for creating new models.

td.server/src/config/bearer.config.js

@@ -49,6 +49,15 @@ const middleware = (req, res, next) => {
     }
 };
 
+const adminMiddleware = (req, res, next) => {
+    if (!req.user?.isAdmin) {
+        logger.warn(`User ${req.user?.id} attempted to access admin resource ${req.url}`);
+        return errors.forbidden(res, logger);
+      }
+        return next();
+};
+
 export default {
-    middleware
+    middleware,
+    adminMiddleware
 };