1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Add needsPermission protection to core nodes

This commit is contained in:
Nick O'Leary 2015-02-06 13:57:15 +00:00
parent d1fe997bf7
commit c7f13e3d0c
6 changed files with 25 additions and 27 deletions

View File

@ -103,21 +103,24 @@
toggle: "active",
onclick: function() {
var label = this.name||"debug";
d3.xhr("debug/"+this.id+"/"+(this.active?"enable":"disable")).post(function(err,resp) {
if (err) {
if (err.status == 404) {
$.ajax({
url: "debug/"+this.id+"/"+(this.active?"enable":"disable"),
type: "POST",
success: function(resp, textStatus, xhr) {
if (xhr.status == 200) {
RED.notify("Successfully activated: "+label,"success");
} else if (xhr.status == 201) {
RED.notify("Successfully deactivated: "+label,"success");
}
},
error: function(jqXHR,textStatus,errorThrown) {
if (jqXHR.status == 404) {
RED.notify("<strong>Error</strong>: debug node not deployed","error");
} else if (err.status == 0) {
} else if (jqXHR.status == 0) {
RED.notify("<strong>Error</strong>: no response from server","error");
} else {
RED.notify("<strong>Error</strong>: unexpected error: ("+err.status+") "+err.response,"error");
}
} else if (resp.status == 200) {
RED.notify("Successfully activated: "+label,"success");
} else if (resp.status == 201) {
RED.notify("Successfully deactivated: "+label,"success");
} else {
RED.notify("<strong>Error</strong>: unexpected response: ("+resp.status+") "+resp.response,"error");
}
});
}

View File

@ -150,12 +150,9 @@ module.exports = function(RED) {
}
RED.nodes.registerType("arduino out",DuinoNodeOut);
RED.httpAdmin.get("/arduinoports",function(req,res) {
RED.httpAdmin.get("/arduinoports", RED.auth.needsPermission("arduino.read"), function(req,res) {
ArduinoFirmata.list(function (err, ports) {
//console.log(JSON.stringify(ports));
res.writeHead(200, {'Content-Type': 'text/plain'});
res.write(JSON.stringify(ports));
res.end();
res.json(ports);
});
});
}

View File

@ -274,11 +274,11 @@ module.exports = function(RED) {
}
RED.nodes.registerType("rpi-mouse",PiMouseNode);
RED.httpAdmin.get('/rpi-gpio/:id',function(req,res) {
res.send( JSON.stringify(pitype) );
RED.httpAdmin.get('/rpi-gpio/:id', RED.auth.needsPermission('rpi-gpio.read'), function(req,res) {
res.json(pitype);
});
RED.httpAdmin.get('/rpi-pins/:id',function(req,res) {
res.send( JSON.stringify(pinsInUse) );
RED.httpAdmin.get('/rpi-pins/:id', RED.auth.needsPermission('rpi-gpio.read'), function(req,res) {
res.json(pinsInUse);
});
}

View File

@ -299,12 +299,9 @@ module.exports = function(RED) {
}
}();
RED.httpAdmin.get("/serialports",function(req,res) {
RED.httpAdmin.get("/serialports", RED.auth.needsPermission('serial.read'), function(req,res) {
serialp.list(function (err, ports) {
//console.log(JSON.stringify(ports));
res.writeHead(200, {'Content-Type': 'text/plain'});
res.write(JSON.stringify(ports));
res.end();
res.json(ports);
});
});
}

View File

@ -17,6 +17,7 @@
var when = require("when");
var log = require("../log");
var needsPermission = require("../api/auth").needsPermission;
var credentialCache = {};
var storage = null;
@ -27,7 +28,7 @@ var redApp = null;
* Adds an HTTP endpoint to allow look up of credentials for a given node id.
*/
function registerEndpoint(type) {
redApp.get('/credentials/' + type + '/:id', function (req, res) {
redApp.get('/credentials/' + type + '/:id', needsPermission(type+".read"), function (req, res) {
// TODO: This could be a generic endpoint with the type value
// parameterised.
//