frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auth permission should honour the token scope

Browse Source
This commit is contained in:
Nick O'Leary
2015-03-29 21:59:48 +01:00
parent 216b5fba7a
commit c8d6dc2531
5 changed files with 56 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
red/comms.js
View File

@@ -71,8 +71,8 @@ function start() {
handleRemoteSubscription(ws,msg.subscribe);
}
} else {
var completeConnection = function(user,sendAck) {
if (!user || !Permissions.hasPermission(user,"status.read")) {
var completeConnection = function(userScope,sendAck) {
if (!userScope || !Permissions.hasPermission(userScope,"status.read")) {
ws.close();
} else {
pendingAuth = false;
@@ -87,7 +87,7 @@ function start() {
Tokens.get(msg.auth).then(function(client) {
if (client) {
Users.get(client.user).then(function(user) {
completeConnection(user,true);
completeConnection(client.scope,true);
});
} else {
completeConnection(null,false);