mirror of
https://github.com/node-red/node-red.git
synced 2023-10-10 13:36:53 +02:00
Add needsPermission protection to core nodes
This commit is contained in:
parent
d1fe997bf7
commit
c7f13e3d0c
@ -103,21 +103,24 @@
|
|||||||
toggle: "active",
|
toggle: "active",
|
||||||
onclick: function() {
|
onclick: function() {
|
||||||
var label = this.name||"debug";
|
var label = this.name||"debug";
|
||||||
d3.xhr("debug/"+this.id+"/"+(this.active?"enable":"disable")).post(function(err,resp) {
|
$.ajax({
|
||||||
if (err) {
|
url: "debug/"+this.id+"/"+(this.active?"enable":"disable"),
|
||||||
if (err.status == 404) {
|
type: "POST",
|
||||||
|
success: function(resp, textStatus, xhr) {
|
||||||
|
if (xhr.status == 200) {
|
||||||
|
RED.notify("Successfully activated: "+label,"success");
|
||||||
|
} else if (xhr.status == 201) {
|
||||||
|
RED.notify("Successfully deactivated: "+label,"success");
|
||||||
|
}
|
||||||
|
},
|
||||||
|
error: function(jqXHR,textStatus,errorThrown) {
|
||||||
|
if (jqXHR.status == 404) {
|
||||||
RED.notify("<strong>Error</strong>: debug node not deployed","error");
|
RED.notify("<strong>Error</strong>: debug node not deployed","error");
|
||||||
} else if (err.status == 0) {
|
} else if (jqXHR.status == 0) {
|
||||||
RED.notify("<strong>Error</strong>: no response from server","error");
|
RED.notify("<strong>Error</strong>: no response from server","error");
|
||||||
} else {
|
} else {
|
||||||
RED.notify("<strong>Error</strong>: unexpected error: ("+err.status+") "+err.response,"error");
|
RED.notify("<strong>Error</strong>: unexpected error: ("+err.status+") "+err.response,"error");
|
||||||
}
|
}
|
||||||
} else if (resp.status == 200) {
|
|
||||||
RED.notify("Successfully activated: "+label,"success");
|
|
||||||
} else if (resp.status == 201) {
|
|
||||||
RED.notify("Successfully deactivated: "+label,"success");
|
|
||||||
} else {
|
|
||||||
RED.notify("<strong>Error</strong>: unexpected response: ("+resp.status+") "+resp.response,"error");
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -150,12 +150,9 @@ module.exports = function(RED) {
|
|||||||
}
|
}
|
||||||
RED.nodes.registerType("arduino out",DuinoNodeOut);
|
RED.nodes.registerType("arduino out",DuinoNodeOut);
|
||||||
|
|
||||||
RED.httpAdmin.get("/arduinoports",function(req,res) {
|
RED.httpAdmin.get("/arduinoports", RED.auth.needsPermission("arduino.read"), function(req,res) {
|
||||||
ArduinoFirmata.list(function (err, ports) {
|
ArduinoFirmata.list(function (err, ports) {
|
||||||
//console.log(JSON.stringify(ports));
|
res.json(ports);
|
||||||
res.writeHead(200, {'Content-Type': 'text/plain'});
|
|
||||||
res.write(JSON.stringify(ports));
|
|
||||||
res.end();
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -274,11 +274,11 @@ module.exports = function(RED) {
|
|||||||
}
|
}
|
||||||
RED.nodes.registerType("rpi-mouse",PiMouseNode);
|
RED.nodes.registerType("rpi-mouse",PiMouseNode);
|
||||||
|
|
||||||
RED.httpAdmin.get('/rpi-gpio/:id',function(req,res) {
|
RED.httpAdmin.get('/rpi-gpio/:id', RED.auth.needsPermission('rpi-gpio.read'), function(req,res) {
|
||||||
res.send( JSON.stringify(pitype) );
|
res.json(pitype);
|
||||||
});
|
});
|
||||||
|
|
||||||
RED.httpAdmin.get('/rpi-pins/:id',function(req,res) {
|
RED.httpAdmin.get('/rpi-pins/:id', RED.auth.needsPermission('rpi-gpio.read'), function(req,res) {
|
||||||
res.send( JSON.stringify(pinsInUse) );
|
res.json(pinsInUse);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -299,12 +299,9 @@ module.exports = function(RED) {
|
|||||||
}
|
}
|
||||||
}();
|
}();
|
||||||
|
|
||||||
RED.httpAdmin.get("/serialports",function(req,res) {
|
RED.httpAdmin.get("/serialports", RED.auth.needsPermission('serial.read'), function(req,res) {
|
||||||
serialp.list(function (err, ports) {
|
serialp.list(function (err, ports) {
|
||||||
//console.log(JSON.stringify(ports));
|
res.json(ports);
|
||||||
res.writeHead(200, {'Content-Type': 'text/plain'});
|
|
||||||
res.write(JSON.stringify(ports));
|
|
||||||
res.end();
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -17,6 +17,7 @@
|
|||||||
var when = require("when");
|
var when = require("when");
|
||||||
|
|
||||||
var log = require("../log");
|
var log = require("../log");
|
||||||
|
var needsPermission = require("../api/auth").needsPermission;
|
||||||
|
|
||||||
var credentialCache = {};
|
var credentialCache = {};
|
||||||
var storage = null;
|
var storage = null;
|
||||||
@ -27,7 +28,7 @@ var redApp = null;
|
|||||||
* Adds an HTTP endpoint to allow look up of credentials for a given node id.
|
* Adds an HTTP endpoint to allow look up of credentials for a given node id.
|
||||||
*/
|
*/
|
||||||
function registerEndpoint(type) {
|
function registerEndpoint(type) {
|
||||||
redApp.get('/credentials/' + type + '/:id', function (req, res) {
|
redApp.get('/credentials/' + type + '/:id', needsPermission(type+".read"), function (req, res) {
|
||||||
// TODO: This could be a generic endpoint with the type value
|
// TODO: This could be a generic endpoint with the type value
|
||||||
// parameterised.
|
// parameterised.
|
||||||
//
|
//
|
||||||
|
Loading…
Reference in New Issue
Block a user