Add needsPermission protection to core nodes

2015-02-06 13:57:15 +00:00 · 2015-02-06 13:57:15 +00:00 · c7f13e3d0c
parent d1fe997bf7
commit c7f13e3d0c
6 changed files with 25 additions and 27 deletions
--- a/nodes/core/core/20-inject.html
+++ b/nodes/core/core/20-inject.html
@ -492,7 +492,7 @@
                        } else if (jqXHR.status == 0) {
                            RED.notify("<strong>Error</strong>: no response from server","error");
                        } else {
-                            RED.notify("<strong>Error</strong>: unexpected error: ("+jqXHR.status+")"+textStatus,"error");
+                            RED.notify("<strong>Error</strong>: unexpected error: ("+jqXHR.status+") "+textStatus,"error");
                        }
                    }
                });
--- a/nodes/core/core/58-debug.html
+++ b/nodes/core/core/58-debug.html
@ -103,21 +103,24 @@
            toggle: "active",
            onclick: function() {
                var label = this.name||"debug";
-                d3.xhr("debug/"+this.id+"/"+(this.active?"enable":"disable")).post(function(err,resp) {
-                    if (err) {
-                        if (err.status == 404) {
+                $.ajax({
+                    url: "debug/"+this.id+"/"+(this.active?"enable":"disable"),
+                    type: "POST",
+                    success: function(resp, textStatus, xhr) {
+                        if (xhr.status == 200) {
+                            RED.notify("Successfully activated: "+label,"success");
+                        } else if (xhr.status == 201) {
+                            RED.notify("Successfully deactivated: "+label,"success");
+                        }
+                    },
+                    error: function(jqXHR,textStatus,errorThrown) {
+                        if (jqXHR.status == 404) {
                            RED.notify("<strong>Error</strong>: debug node not deployed","error");
-                        } else if (err.status == 0) {
+                        } else if (jqXHR.status == 0) {
                            RED.notify("<strong>Error</strong>: no response from server","error");
                        } else {
-                            RED.notify("<strong>Error</strong>: unexpected error: ("+err.status+")"+err.response,"error");
+                            RED.notify("<strong>Error</strong>: unexpected error: ("+err.status+") "+err.response,"error");
                        }
-                    } else if (resp.status == 200) {
-                        RED.notify("Successfully activated: "+label,"success");
-                    } else if (resp.status == 201) {
-                        RED.notify("Successfully deactivated: "+label,"success");
-                    } else {
-                        RED.notify("<strong>Error</strong>: unexpected response: ("+resp.status+") "+resp.response,"error");
                    }
                });
            }
--- a/nodes/core/hardware/35-arduino.js
+++ b/nodes/core/hardware/35-arduino.js
@ -150,12 +150,9 @@ module.exports = function(RED) {
    }
    RED.nodes.registerType("arduino out",DuinoNodeOut);

-    RED.httpAdmin.get("/arduinoports",function(req,res) {
+    RED.httpAdmin.get("/arduinoports", RED.auth.needsPermission("arduino.read"), function(req,res) {
        ArduinoFirmata.list(function (err, ports) {
-            //console.log(JSON.stringify(ports));
-            res.writeHead(200, {'Content-Type': 'text/plain'});
-            res.write(JSON.stringify(ports));
-            res.end();
+            res.json(ports);
        });
    });
 }
--- a/nodes/core/hardware/36-rpi-gpio.js
+++ b/nodes/core/hardware/36-rpi-gpio.js
@ -274,11 +274,11 @@ module.exports = function(RED) {
    }
    RED.nodes.registerType("rpi-mouse",PiMouseNode);

-    RED.httpAdmin.get('/rpi-gpio/:id',function(req,res) {
-        res.send( JSON.stringify(pitype) );
+    RED.httpAdmin.get('/rpi-gpio/:id', RED.auth.needsPermission('rpi-gpio.read'), function(req,res) {
+        res.json(pitype);
    });

-    RED.httpAdmin.get('/rpi-pins/:id',function(req,res) {
-        res.send( JSON.stringify(pinsInUse) );
+    RED.httpAdmin.get('/rpi-pins/:id', RED.auth.needsPermission('rpi-gpio.read'), function(req,res) {
+        res.json(pinsInUse);
    });
 }
--- a/nodes/core/io/25-serial.js
+++ b/nodes/core/io/25-serial.js
@ -299,12 +299,9 @@ module.exports = function(RED) {
        }
    }();

-    RED.httpAdmin.get("/serialports",function(req,res) {
+    RED.httpAdmin.get("/serialports", RED.auth.needsPermission('serial.read'), function(req,res) {
        serialp.list(function (err, ports) {
-            //console.log(JSON.stringify(ports));
-            res.writeHead(200, {'Content-Type': 'text/plain'});
-            res.write(JSON.stringify(ports));
-            res.end();
+            res.json(ports);
        });
    });
 }
--- a/red/nodes/credentials.js
+++ b/red/nodes/credentials.js
@ -17,6 +17,7 @@
 var when = require("when");

 var log = require("../log");
+var needsPermission = require("../api/auth").needsPermission;

 var credentialCache = {};
 var storage = null;
@ -27,7 +28,7 @@ var redApp = null;
 * Adds an HTTP endpoint to allow look up of credentials for a given node id.
 */
 function registerEndpoint(type) {
-    redApp.get('/credentials/' + type + '/:id', function (req, res) {
+    redApp.get('/credentials/' + type + '/:id', needsPermission(type+".read"), function (req, res) {
        // TODO: This could be a generic endpoint with the type value
        //       parameterised.
        //