ensure permissions for nodered

Author: skadefro

OpenFlow/src/Messages/Message.ts

@@ -2,7 +2,7 @@ import * as crypto from "crypto";
 import { SocketMessage } from "../SocketMessage";
 import { WebSocketClient, QueuedMessage } from "../WebSocketClient";
 import { QueryMessage } from "./QueryMessage";
-import { Base } from "../base";
+import { Base, Rights } from "../base";
 import { SigninMessage } from "./SigninMessage";
 import { User } from "../User";
 import { Auth } from "../Auth";
@@ -497,6 +497,16 @@ export class Message {
         var user: User;
         try {
             msg = EnsureNoderedInstanceMessage.assign(this.data);
+
+            // var noderedusers = await User.ensureRole(cli.jwt, name + "noderedusers", null);
+            // noderedusers.addRight(cli.user._id, cli.user.username, [Rights.full_control]);
+            // noderedusers.removeRight(cli.user._id, [Rights.delete]);
+            // noderedusers.AddMember(cli.user);
+            var noderedadmins = await User.ensureRole(cli.jwt, name + "noderedadmins", null);
+            noderedadmins.addRight(cli.user._id, cli.user.username, [Rights.full_control]);
+            noderedadmins.removeRight(cli.user._id, [Rights.delete]);
+            noderedadmins.AddMember(cli.user);
+
             var name = cli.user.username;
             var namespace = Config.namespace;
             var hostname = Config.nodered_domain_schema.replace("$nodered_id$", name);
@@ -513,7 +523,7 @@ export class Message {
                                 containers: [
                                     {
                                         name: 'nodered',
-                                        image: 'cloudhack/openflownodered:0.0.180',
+                                        image: 'cloudhack/openflownodered:0.0.183',
                                         imagePullPolicy: "Always",
                                         env: [
                                             { name: "saml_federation_metadata", value: Config.saml_federation_metadata },
@@ -524,7 +534,8 @@ export class Message {
                                             { name: "protocol", value: Config.protocol },
                                             { name: "port", value: Config.port.toString() },
                                             { name: "aes_secret", value: Config.aes_secret },
-
+                                            { name: "noderedusers", value: (name + "noderedusers") },
+                                            { name: "noderedadmins", value: (name + "noderedadmins") },
                                         ]
                                     }
                                 ]

OpenFlowNodeRED/src/Config.ts

@@ -20,6 +20,11 @@ export class Config {
     public static domain: string = Config.getEnv("domain", "localhost");
     public static protocol: string = Config.getEnv("protocol", "http");
     public static nodered_domain_schema: string = Config.getEnv("nodered_domain_schema", "");
+    public static noderedusers: string = Config.getEnv("noderedusers", "");
+    public static noderedadmins: string = Config.getEnv("noderedadmins", "");
+
+
+
 
     public static api_ws_url: string = Config.getEnv("api_ws_url", "ws://localhost:3000");
     public static amqp_url: string = Config.getEnv("amqp_url", "amqp://localhost");

OpenFlowNodeRED/src/WebServer.ts

@@ -96,6 +96,15 @@ export class WebServer {
                 // });
                 this.settings.adminAuth = await samlauth.noderedcontribauthsaml.configure(Config.baseurl(), Config.saml_federation_metadata, Config.saml_issuer,
                     (profile: string | any, done: any) => {
+                        var roles: string[] = profile["http://schemas.xmlsoap.org/claims/Group"];
+                        if (roles !== undefined) {
+                            if (Config.noderedusers !== "") {
+                                if (roles.indexOf(Config.noderedusers) !== -1 || roles.indexOf(Config.noderedusers) !== -1) { profile.permissions = "read"; }
+                            }
+                            if (Config.noderedadmins !== "") {
+                                if (roles.indexOf(Config.noderedadmins) !== -1 || roles.indexOf(Config.noderedadmins) !== -1) { profile.permissions = "*"; }
+                            }
+                        }
                         // profile.permissions = "*";
                         done(profile);
                     }, "");

VERSION

@@ -1 +1 @@
-0.0.182
+0.0.183