Add role for personal nodereds

skadefro · skadefro · commit c6f36b65afb5 · 2019-08-05T19:48:25.000+02:00
diff --git a/OpenFlow/src/User.ts b/OpenFlow/src/User.ts
@@ -63,6 +63,11 @@ export class User extends Base {
         role = new Role(); role._id = id; role.name = name;
         role = await Config.db.InsertOne(role, "users", 0, false, jwt);
         role = Role.assign(role);
+        role.addRight(WellknownIds.admins, "admins", [Rights.full_control]);
+        role.removeRight(WellknownIds.admins, [Rights.delete]);
+        role.addRight(role._id, role.name, [Rights.full_control]);
+        role.removeRight(role._id, [Rights.delete]);
+        await role.Save(jwt);
         return role;
     }
     HasRoleName(name: string): Boolean {
diff --git a/OpenFlow/src/base.ts b/OpenFlow/src/base.ts
@@ -15,6 +15,8 @@ export class WellknownIds {
     static robot_users: string = "5aef0142f3683977b0aa3dd3";
     static robot_admins: string = "5aef0142f3683977b0aa3dd2";
 
+    static personal_nodered_users: string = "5a23f18a2e8987292ddbe062";
+
 }
 export class Rights {
     static create = 1;
diff --git a/OpenFlow/src/index.ts b/OpenFlow/src/index.ts
@@ -39,6 +39,7 @@ async function initDatabase(): Promise<boolean> {
         var admins: Role = await User.ensureRole(jwt, "admins", WellknownIds.admins);
         var users: Role = await User.ensureRole(jwt, "users", WellknownIds.users);
         var root: User = await User.ensureUser(jwt, "root", "root", WellknownIds.root, null);
+
         root.addRight(WellknownIds.admins, "admins", [Rights.full_control]);
         root.removeRight(WellknownIds.admins, [Rights.delete]);
         root.addRight(WellknownIds.root, "root", [Rights.full_control]);
@@ -55,6 +56,12 @@ async function initDatabase(): Promise<boolean> {
         users.AddMember(root);
         await users.Save(jwt);
 
+
+        var personal_nodered_users: Role = await User.ensureRole(jwt, "personal nodered users", WellknownIds.personal_nodered_users);
+        personal_nodered_users.AddMember(admins);
+        personal_nodered_users.addRight(WellknownIds.admins, "admins", [Rights.full_control]);
+        personal_nodered_users.removeRight(WellknownIds.admins, [Rights.delete]);
+        await personal_nodered_users.Save(jwt);
         var nodered_admins: Role = await User.ensureRole(jwt, "nodered admins", WellknownIds.nodered_admins);
         nodered_admins.AddMember(admins);
         nodered_admins.addRight(WellknownIds.admins, "admins", [Rights.full_control]);
diff --git a/OpenFlow/src/public/index.html b/OpenFlow/src/public/index.html
@@ -27,22 +27,23 @@
           <a class="nav-link" href="#/main"><span translate lib="web">home</span> <span
               class="sr-only">(current)</span></a>
         </li>
-        <li class="nav-item">
+        <li class="nav-item" ng-show="menuctrl.hasrole('users')">
           <a class="nav-link" href="#/Entities/entities"><span translate lib="web">entities</span></a>
         </li>
         <li class="nav-item">
           <a class="nav-link" href="#/Workflows"><span translate lib="web">workflows</span></a>
         </li>
-        <li class="nav-item">
+        <li class="nav-item" ng-show="menuctrl.hasrole('users')">
           <a class="nav-link" href="#/RPAWorkflows"><span translate lib="web">RPA workflows</span></a>
         </li>
-        <li class="nav-item">
+        <li class="nav-item" ng-show="menuctrl.hasrole('users')">
           <a class="nav-link" href="#/Reports"><span translate lib="web">reports</span></a>
         </li>
-        <li class="nav-item" ng-show="menuctrl.WebSocketClient.allow_personal_nodered == true">
+        <li class="nav-item"
+          ng-show="menuctrl.WebSocketClient.allow_personal_nodered == true && menuctrl.hasrole('personal nodered users')">
           <a class="nav-link" href="#/Nodered"><span translate lib="web">nodered</span></a>
         </li>
-        <li class="nav-item dropdown">
+        <li class="nav-item dropdown" ng-show="menuctrl.hasrole('users') || menuctrl.hasrole('admins')">
           <a class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"
             translate lib="web">admin</a>
           <div class="dropdown-menu">
diff --git a/OpenFlowNodeRED/src/Base.ts b/OpenFlowNodeRED/src/Base.ts
@@ -13,6 +13,7 @@ export class WellknownIds {
     static robot_users: string = "5aef0142f3683977b0aa3dd3";
     static robot_admins: string = "5aef0142f3683977b0aa3dd2";
 
+    static personal_nodered_users: string = "5a23f18a2e8987292ddbe062";
 }
 export class Rights {
     static create = 1;
@@ -23,20 +24,20 @@ export class Rights {
     static full_control = -1;
 }
 interface IBase {
-    _id:string;
-    _type:string;
-    name:string;
-    getRight(_id:string, deny:boolean):Ace;
-    addRight(_id:string,name:string, Rights:number[],deny:boolean):void;
-    removeRight(_id:string,Rights:number[],deny:boolean):void;
+    _id: string;
+    _type: string;
+    name: string;
+    getRight(_id: string, deny: boolean): Ace;
+    addRight(_id: string, name: string, Rights: number[], deny: boolean): void;
+    removeRight(_id: string, Rights: number[], deny: boolean): void;
 }
 export class Base implements IBase {
-    _id:string;
-    _type:string = "unknown";
-    _acl:Ace[] = [];
-    name:string;
-    _name:string;
-    _encrypt:string[] = [];
+    _id: string;
+    _type: string = "unknown";
+    _acl: Ace[] = [];
+    name: string;
+    _name: string;
+    _encrypt: string[] = [];
 
     _createdbyid: string;
     _createdby: string;
@@ -53,7 +54,7 @@ export class Base implements IBase {
      * @param  {T} o Base object
      * @returns T New object as Type
      */
-    static assign<T>(o:T): T {
+    static assign<T>(o: T): T {
         return Object.assign(new Base(), o);
     }
     /**
@@ -62,16 +63,16 @@ export class Base implements IBase {
      * @param  {boolean=false} deny look for deny or allow permission
      * @returns Ace Ace if found, else null
      */
-    getRight(_id:string, deny:boolean=false):Ace {
-        var result:Ace = null;
-        if(!this._acl) { this._acl = []; }
+    getRight(_id: string, deny: boolean = false): Ace {
+        var result: Ace = null;
+        if (!this._acl) { this._acl = []; }
         this._acl.forEach((a, index) => {
-            if(a._id===_id && a.deny===deny) {
+            if (a._id === _id && a.deny === deny) {
                 this._acl[index] = Ace.assign(a);
                 result = this._acl[index];
             }
         });
-        if(result) {
+        if (result) {
             result = Ace.assign(result);
         }
         return result;
@@ -81,10 +82,10 @@ export class Base implements IBase {
      * @param  {Ace} x
      * @returns void
      */
-    setRight(x:Ace): void {
-        if(!this._acl) { this._acl = []; }
+    setRight(x: Ace): void {
+        if (!this._acl) { this._acl = []; }
         this._acl.forEach((a, index) => {
-            if(a._id===x._id && a.deny===x.deny) {
+            if (a._id === x._id && a.deny === x.deny) {
                 this._acl[index] = x;
             }
         });
@@ -97,10 +98,10 @@ export class Base implements IBase {
      * @param  {boolean=false} deny Deny the right
      * @returns void
      */
-    addRight(_id:string,name:string, rights:number[],deny:boolean=false):void {
-        var right:Ace = this.getRight(_id, deny);
-        if(!right) { right = new Ace(); this._acl.push(right); }
-        right.deny = deny;right._id = _id; right.name = name;
+    addRight(_id: string, name: string, rights: number[], deny: boolean = false): void {
+        var right: Ace = this.getRight(_id, deny);
+        if (!right) { right = new Ace(); this._acl.push(right); }
+        right.deny = deny; right._id = _id; right.name = name;
         rights.forEach(bit => {
             right.setBit(bit);
         });
@@ -113,10 +114,10 @@ export class Base implements IBase {
      * @param  {boolean=false} deny Deny right
      * @returns void
      */
-    removeRight(_id:string,rights:number[]=null,deny:boolean=false): void {
-        if(!this._acl) { this._acl = []; }
-        var right:Ace = this.getRight(_id, deny);
-        if(!right) { return; }
+    removeRight(_id: string, rights: number[] = null, deny: boolean = false): void {
+        if (!this._acl) { this._acl = []; }
+        var right: Ace = this.getRight(_id, deny);
+        if (!right) { return; }
         rights.forEach(bit => {
             right.unsetBit(bit);
         });
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.0.324
+0.0.325

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,8 @@ export class WellknownIds {`
`15`	`15`	`static robot_users: string = "5aef0142f3683977b0aa3dd3";`
`16`	`16`	`static robot_admins: string = "5aef0142f3683977b0aa3dd2";`
`17`	`17`
	`18`	`+ static personal_nodered_users: string = "5a23f18a2e8987292ddbe062";`
	`19`	`+`
`18`	`20`	`}`
`19`	`21`	`export class Rights {`
`20`	`22`	`static create = 1;`