frodovdr
/
node-red
mirror of https://github.com/node-red/node-red.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Permit login with blank scope 

Required for the editor, which doesn't know the appropriate scope
for the user logging in. The user will adopt their default permission
scope once logged in.
This commit is contained in:
Nick O'Leary 2015-07-15 10:11:16 +01:00
parent 10ad7fbf6e
commit 9fb81b2814
7 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
editor/js/ui/deploy.js
View File

@ -237,7 +237,7 @@ RED.deploy = (function() {
}).fail(function(xhr,textStatus,err) {
RED.nodes.dirty(true);
if (xhr.responseText) {
RED.notify(RED._("notification.error",{message:xhr.responseJSON.message}),"error");
RED.notify(RED._("notification.error",{message:xhr.responseText}),"error");
} else {
RED.notify(RED._("notification.error",{message:RED._("deploy.errors.noResponse")}),"error");
}

2
editor/js/ui/editor.js
View File

@ -287,6 +287,8 @@ RED.editor = (function() {
}).done(function() {
RED.library.loadFlowLibrary();
RED.notify(RED._("library.savedNodes"),"success");
}).fail(function(xhr,textStatus,err) {
RED.notify(RED._("library.saveFailed",{message:xhr.responseText}),"error");
});
}
}

2
editor/js/ui/library.js
View File

@ -329,7 +329,7 @@ RED.library = (function() {
}).done(function(data,textStatus,xhr) {
RED.notify(RED._("library.savedType", {type:options.type}),"success");
}).fail(function(xhr,textStatus,err) {
RED.notify(RED._("library.saveFailed",{message:xhr.responseJSON.message}),"error");
RED.notify(RED._("library.saveFailed",{message:xhr.responseText}),"error");
});
}
$( "#node-dialog-library-save-confirm" ).dialog({

2
editor/js/user.js
View File

@ -86,7 +86,7 @@ RED.user = (function() {
var body = {
client_id: "node-red-editor",
grant_type: "password",
scope:"*"
scope:""
}
for (var i=0;i<data.prompts.length;i++) {
var field = data.prompts[i];

14
red/api/auth/permissions.js
View File

@ -32,11 +32,15 @@ function hasPermission(userScope,permission) {
}
return true;
}
if (userScope == "*") {
if (permission === "") {
return true;
}
if (userScope === "*") {
return true;
}
if (util.isArray(permission)) {
for (i=0;i<permission.length;i++) {
if (!hasPermission(userScope,permission[i])) {
@ -45,8 +49,8 @@ function hasPermission(userScope,permission) {
}
return true;
}
if (userScope == "read") {
if (userScope === "read") {
return readRE.test(permission);
} else {
return false; // anything not allowed is disallowed

3
red/api/auth/strategies.js
View File

@ -85,6 +85,9 @@ var passwordTokenExchange = function(client, username, password, scope, done) {
Users.authenticate(username,password).then(function(user) {
if (user) {
if (scope === "") {
scope = user.permissions;
}
if (permissions.hasPermission(user.permissions,scope)) {
loginAttempts = loginAttempts.filter(function(logEntry) {
return logEntry.user !== username;

4
test/red/api/auth/permissions_spec.js
View File

@ -40,5 +40,9 @@ describe("Auth permissions", function() {
permissions.hasPermission("read",["foo.read","foo.write"]).should.be.false;
permissions.hasPermission("read",["foo.read","bar.read"]).should.be.true;
});
it('permits an empty permission', function() {
permissions.hasPermission("*","").should.be.true;
permissions.hasPermission("read",[""]).should.be.true;
});
});
});