mirror of
https://github.com/node-red/node-red.git
synced 2023-10-10 13:36:53 +02:00
Add needsPermission protection to core nodes
This commit is contained in:
parent
d1fe997bf7
commit
c7f13e3d0c
@ -103,21 +103,24 @@
|
||||
toggle: "active",
|
||||
onclick: function() {
|
||||
var label = this.name||"debug";
|
||||
d3.xhr("debug/"+this.id+"/"+(this.active?"enable":"disable")).post(function(err,resp) {
|
||||
if (err) {
|
||||
if (err.status == 404) {
|
||||
$.ajax({
|
||||
url: "debug/"+this.id+"/"+(this.active?"enable":"disable"),
|
||||
type: "POST",
|
||||
success: function(resp, textStatus, xhr) {
|
||||
if (xhr.status == 200) {
|
||||
RED.notify("Successfully activated: "+label,"success");
|
||||
} else if (xhr.status == 201) {
|
||||
RED.notify("Successfully deactivated: "+label,"success");
|
||||
}
|
||||
},
|
||||
error: function(jqXHR,textStatus,errorThrown) {
|
||||
if (jqXHR.status == 404) {
|
||||
RED.notify("<strong>Error</strong>: debug node not deployed","error");
|
||||
} else if (err.status == 0) {
|
||||
} else if (jqXHR.status == 0) {
|
||||
RED.notify("<strong>Error</strong>: no response from server","error");
|
||||
} else {
|
||||
RED.notify("<strong>Error</strong>: unexpected error: ("+err.status+") "+err.response,"error");
|
||||
}
|
||||
} else if (resp.status == 200) {
|
||||
RED.notify("Successfully activated: "+label,"success");
|
||||
} else if (resp.status == 201) {
|
||||
RED.notify("Successfully deactivated: "+label,"success");
|
||||
} else {
|
||||
RED.notify("<strong>Error</strong>: unexpected response: ("+resp.status+") "+resp.response,"error");
|
||||
}
|
||||
});
|
||||
}
|
||||
|
@ -150,12 +150,9 @@ module.exports = function(RED) {
|
||||
}
|
||||
RED.nodes.registerType("arduino out",DuinoNodeOut);
|
||||
|
||||
RED.httpAdmin.get("/arduinoports",function(req,res) {
|
||||
RED.httpAdmin.get("/arduinoports", RED.auth.needsPermission("arduino.read"), function(req,res) {
|
||||
ArduinoFirmata.list(function (err, ports) {
|
||||
//console.log(JSON.stringify(ports));
|
||||
res.writeHead(200, {'Content-Type': 'text/plain'});
|
||||
res.write(JSON.stringify(ports));
|
||||
res.end();
|
||||
res.json(ports);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
@ -274,11 +274,11 @@ module.exports = function(RED) {
|
||||
}
|
||||
RED.nodes.registerType("rpi-mouse",PiMouseNode);
|
||||
|
||||
RED.httpAdmin.get('/rpi-gpio/:id',function(req,res) {
|
||||
res.send( JSON.stringify(pitype) );
|
||||
RED.httpAdmin.get('/rpi-gpio/:id', RED.auth.needsPermission('rpi-gpio.read'), function(req,res) {
|
||||
res.json(pitype);
|
||||
});
|
||||
|
||||
RED.httpAdmin.get('/rpi-pins/:id',function(req,res) {
|
||||
res.send( JSON.stringify(pinsInUse) );
|
||||
RED.httpAdmin.get('/rpi-pins/:id', RED.auth.needsPermission('rpi-gpio.read'), function(req,res) {
|
||||
res.json(pinsInUse);
|
||||
});
|
||||
}
|
||||
|
@ -299,12 +299,9 @@ module.exports = function(RED) {
|
||||
}
|
||||
}();
|
||||
|
||||
RED.httpAdmin.get("/serialports",function(req,res) {
|
||||
RED.httpAdmin.get("/serialports", RED.auth.needsPermission('serial.read'), function(req,res) {
|
||||
serialp.list(function (err, ports) {
|
||||
//console.log(JSON.stringify(ports));
|
||||
res.writeHead(200, {'Content-Type': 'text/plain'});
|
||||
res.write(JSON.stringify(ports));
|
||||
res.end();
|
||||
res.json(ports);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
@ -17,6 +17,7 @@
|
||||
var when = require("when");
|
||||
|
||||
var log = require("../log");
|
||||
var needsPermission = require("../api/auth").needsPermission;
|
||||
|
||||
var credentialCache = {};
|
||||
var storage = null;
|
||||
@ -27,7 +28,7 @@ var redApp = null;
|
||||
* Adds an HTTP endpoint to allow look up of credentials for a given node id.
|
||||
*/
|
||||
function registerEndpoint(type) {
|
||||
redApp.get('/credentials/' + type + '/:id', function (req, res) {
|
||||
redApp.get('/credentials/' + type + '/:id', needsPermission(type+".read"), function (req, res) {
|
||||
// TODO: This could be a generic endpoint with the type value
|
||||
// parameterised.
|
||||
//
|
||||
|
Loading…
Reference in New Issue
Block a user