Fix missing httpAdmin permissions for Pushbullet, twitter what3words and sensehatsim

fixes #244

hardware/sensehatsim/sensehatsim.js

@@ -1,18 +1,3 @@
-/**
- * Copyright 2016 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- **/
 
 module.exports = function(RED) {
     "use strict";
@@ -389,7 +374,7 @@ module.exports = function(RED) {
     }
     RED.nodes.registerType("rpi-sensehatsim out",SenseHatOutNode);
 
-    RED.httpAdmin.get("/sensehat-simulator",function(req,res) {
+    RED.httpAdmin.get("/sensehat-simulator", RED.auth.needsPermission('sensehat-simulator.read'), function(req,res) {
         res.sendFile(path.join(__dirname,"public","index.html"));
     });
 }

parsers/what3words/what3words.js

@@ -1,18 +1,3 @@
-/**
- * Copyright 2014 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- **/
 
 module.exports = function(RED) {
     "use strict";
@@ -82,7 +67,7 @@ module.exports = function(RED) {
 
     var querystring = require('querystring');
 
-    RED.httpAdmin.get('/what3words/:id', function(req, res) {
+    RED.httpAdmin.get('/what3words/:id', RED.auth.needsPermission('what3words.read'), function(req, res) {
         var credentials = RED.nodes.getCredentials(req.params.id);
         if (credentials) {
             res.send(JSON.stringify({hasPassword:(credentials.pushkey && credentials.pushkey !== "")}));
@@ -91,12 +76,12 @@ module.exports = function(RED) {
         }
     });
 
-    RED.httpAdmin.delete('/what3words/:id', function(req, res) {
+    RED.httpAdmin.delete('/what3words/:id', RED.auth.needsPermission('what3words.write'), function(req, res) {
         RED.nodes.deleteCredentials(req.params.id);
         res.send(200);
     });
 
-    RED.httpAdmin.post('/what3words/:id', function(req, res) {
+    RED.httpAdmin.post('/what3words/:id', RED.auth.needsPermission('what3words.write'), function(req, res) {
         var body = "";
         req.on('data', function(chunk) {
             body += chunk;

social/pushbullet/57-pushbullet.js

@@ -1,18 +1,3 @@
-/**
- * Copyright 2013,2016 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- **/
 
 module.exports = function(RED) {
     "use strict";
@@ -472,7 +457,7 @@ module.exports = function(RED) {
         }
     };
 
-    RED.httpAdmin.get('/pushbullet/:id/migrate', function(req, res) {
+    RED.httpAdmin.get('/pushbullet/:id/migrate', RED.auth.needsPermission('pushbullet.read'), function(req, res) {
         var node = RED.nodes.getNode(req.params.id);
         if (node && node.migrated) {
             if (req.query.save) {
@@ -493,7 +478,7 @@ module.exports = function(RED) {
         }
     });
 
-    RED.httpAdmin.get('/pushbullet/:id/devices', function(req, res) {
+    RED.httpAdmin.get('/pushbullet/:id/devices', RED.auth.needsPermission('pushbullet.read'), function(req, res) {
         var config = RED.nodes.getNode(req.params.id);
         var cred = RED.nodes.getCredentials(req.params.id);
         var pb;

social/twitter/27-twitter.js

@@ -1,18 +1,3 @@
-/**
- * Copyright 2013, 2016 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- **/
 
 module.exports = function(RED) {
     "use strict";
@@ -411,7 +396,7 @@ module.exports = function(RED) {
         "HMAC-SHA1"
     );
 
-    RED.httpAdmin.get('/twitter-credentials/:id/auth', function(req, res) {
+    RED.httpAdmin.get('/twitter-credentials/:id/auth', RED.auth.needsPermission('twitter.read'), function(req, res) {
         var credentials = {};
         oa.getOAuthRequestToken({
             oauth_callback: req.query.callback
@@ -429,7 +414,7 @@ module.exports = function(RED) {
         });
     });
 
-    RED.httpAdmin.get('/twitter-credentials/:id/auth/callback', function(req, res, next) {
+    RED.httpAdmin.get('/twitter-credentials/:id/auth/callback', RED.auth.needsPermission('twitter.read'), function(req, res, next) {
         var credentials = RED.nodes.getCredentials(req.params.id);
         credentials.oauth_verifier = req.query.oauth_verifier;