1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Add needsPermission protection to core nodes

This commit is contained in:
Nick O'Leary 2015-02-06 13:57:15 +00:00
parent d1fe997bf7
commit c7f13e3d0c
6 changed files with 25 additions and 27 deletions

View File

@ -492,7 +492,7 @@
} else if (jqXHR.status == 0) { } else if (jqXHR.status == 0) {
RED.notify("<strong>Error</strong>: no response from server","error"); RED.notify("<strong>Error</strong>: no response from server","error");
} else { } else {
RED.notify("<strong>Error</strong>: unexpected error: ("+jqXHR.status+")"+textStatus,"error"); RED.notify("<strong>Error</strong>: unexpected error: ("+jqXHR.status+") "+textStatus,"error");
} }
} }
}); });

View File

@ -103,21 +103,24 @@
toggle: "active", toggle: "active",
onclick: function() { onclick: function() {
var label = this.name||"debug"; var label = this.name||"debug";
d3.xhr("debug/"+this.id+"/"+(this.active?"enable":"disable")).post(function(err,resp) { $.ajax({
if (err) { url: "debug/"+this.id+"/"+(this.active?"enable":"disable"),
if (err.status == 404) { type: "POST",
success: function(resp, textStatus, xhr) {
if (xhr.status == 200) {
RED.notify("Successfully activated: "+label,"success");
} else if (xhr.status == 201) {
RED.notify("Successfully deactivated: "+label,"success");
}
},
error: function(jqXHR,textStatus,errorThrown) {
if (jqXHR.status == 404) {
RED.notify("<strong>Error</strong>: debug node not deployed","error"); RED.notify("<strong>Error</strong>: debug node not deployed","error");
} else if (err.status == 0) { } else if (jqXHR.status == 0) {
RED.notify("<strong>Error</strong>: no response from server","error"); RED.notify("<strong>Error</strong>: no response from server","error");
} else { } else {
RED.notify("<strong>Error</strong>: unexpected error: ("+err.status+")"+err.response,"error"); RED.notify("<strong>Error</strong>: unexpected error: ("+err.status+") "+err.response,"error");
} }
} else if (resp.status == 200) {
RED.notify("Successfully activated: "+label,"success");
} else if (resp.status == 201) {
RED.notify("Successfully deactivated: "+label,"success");
} else {
RED.notify("<strong>Error</strong>: unexpected response: ("+resp.status+") "+resp.response,"error");
} }
}); });
} }

View File

@ -150,12 +150,9 @@ module.exports = function(RED) {
} }
RED.nodes.registerType("arduino out",DuinoNodeOut); RED.nodes.registerType("arduino out",DuinoNodeOut);
RED.httpAdmin.get("/arduinoports",function(req,res) { RED.httpAdmin.get("/arduinoports", RED.auth.needsPermission("arduino.read"), function(req,res) {
ArduinoFirmata.list(function (err, ports) { ArduinoFirmata.list(function (err, ports) {
//console.log(JSON.stringify(ports)); res.json(ports);
res.writeHead(200, {'Content-Type': 'text/plain'});
res.write(JSON.stringify(ports));
res.end();
}); });
}); });
} }

View File

@ -274,11 +274,11 @@ module.exports = function(RED) {
} }
RED.nodes.registerType("rpi-mouse",PiMouseNode); RED.nodes.registerType("rpi-mouse",PiMouseNode);
RED.httpAdmin.get('/rpi-gpio/:id',function(req,res) { RED.httpAdmin.get('/rpi-gpio/:id', RED.auth.needsPermission('rpi-gpio.read'), function(req,res) {
res.send( JSON.stringify(pitype) ); res.json(pitype);
}); });
RED.httpAdmin.get('/rpi-pins/:id',function(req,res) { RED.httpAdmin.get('/rpi-pins/:id', RED.auth.needsPermission('rpi-gpio.read'), function(req,res) {
res.send( JSON.stringify(pinsInUse) ); res.json(pinsInUse);
}); });
} }

View File

@ -299,12 +299,9 @@ module.exports = function(RED) {
} }
}(); }();
RED.httpAdmin.get("/serialports",function(req,res) { RED.httpAdmin.get("/serialports", RED.auth.needsPermission('serial.read'), function(req,res) {
serialp.list(function (err, ports) { serialp.list(function (err, ports) {
//console.log(JSON.stringify(ports)); res.json(ports);
res.writeHead(200, {'Content-Type': 'text/plain'});
res.write(JSON.stringify(ports));
res.end();
}); });
}); });
} }

View File

@ -17,6 +17,7 @@
var when = require("when"); var when = require("when");
var log = require("../log"); var log = require("../log");
var needsPermission = require("../api/auth").needsPermission;
var credentialCache = {}; var credentialCache = {};
var storage = null; var storage = null;
@ -27,7 +28,7 @@ var redApp = null;
* Adds an HTTP endpoint to allow look up of credentials for a given node id. * Adds an HTTP endpoint to allow look up of credentials for a given node id.
*/ */
function registerEndpoint(type) { function registerEndpoint(type) {
redApp.get('/credentials/' + type + '/:id', function (req, res) { redApp.get('/credentials/' + type + '/:id', needsPermission(type+".read"), function (req, res) {
// TODO: This could be a generic endpoint with the type value // TODO: This could be a generic endpoint with the type value
// parameterised. // parameterised.
// //