frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Permit login with blank scope

Browse Source 
Required for the editor, which doesn't know the appropriate scope
for the user logging in. The user will adopt their default permission
scope once logged in.
This commit is contained in:
Nick O'Leary
2015-07-15 10:11:16 +01:00
parent 10ad7fbf6e
commit 9fb81b2814
7 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
red/api/auth/permissions.js
View File

@@ -32,11 +32,15 @@ function hasPermission(userScope,permission) {
}
return true;
}
if (userScope == "*") {
if (permission === "") {
return true;
}
if (userScope === "*") {
return true;
}
if (util.isArray(permission)) {
for (i=0;i<permission.length;i++) {
if (!hasPermission(userScope,permission[i])) {
@@ -45,8 +49,8 @@ function hasPermission(userScope,permission) {
}
return true;
}
if (userScope == "read") {
if (userScope === "read") {
return readRE.test(permission);
} else {
return false; // anything not allowed is disallowed

3
red/api/auth/strategies.js
View File

@@ -85,6 +85,9 @@ var passwordTokenExchange = function(client, username, password, scope, done) {
Users.authenticate(username,password).then(function(user) {
if (user) {
if (scope === "") {
scope = user.permissions;
}
if (permissions.hasPermission(user.permissions,scope)) {
loginAttempts = loginAttempts.filter(function(logEntry) {
return logEntry.user !== username;