I have created one to-do list with the access control , where user and admin can add task in the list , but only admin can delete the task not the user , but i don't know where the problem is , in my code the user is can able to delete , but i don't want that . i just want to give that delete permission to the admin not the user . i want when the user will click the delete button it will show pop up alert .
[
{
"id": "54f307e930537306",
"type": "sqlite",
"z": "e4cce7cb21b245cb",
"mydb": "efc25760311815df",
"sqlquery": "msg.topic",
"sql": "DELETE FROM list WHERE rowid = {{req.params.rowid}}",
"name": "db1",
"x": 510,
"y": 200,
"wires": [
[]
]
},
{
"id": "be2c3811ec261bc1",
"type": "inject",
"z": "e4cce7cb21b245cb",
"name": "create list",
"props": [
{
"p": "payload"
},
{
"p": "topic",
"vt": "str"
}
],
"repeat": "",
"crontab": "",
"once": false,
"onceDelay": 0.1,
"topic": "CREATE TABLE list(list)",
"payload": "",
"payloadType": "date",
"x": 270,
"y": 140,
"wires": [
[
"54f307e930537306"
]
]
},
{
"id": "61d43c6c6eb8e185",
"type": "inject",
"z": "e4cce7cb21b245cb",
"name": "delete list",
"props": [
{
"p": "payload"
},
{
"p": "topic",
"vt": "str"
}
],
"repeat": "",
"crontab": "",
"once": false,
"onceDelay": 0.1,
"topic": "DELETE FROM list;",
"payload": "",
"payloadType": "date",
"x": 250,
"y": 240,
"wires": [
[
"54f307e930537306"
]
]
},
{
"id": "7476e933267ac97d",
"type": "comment",
"z": "e4cce7cb21b245cb",
"name": "create tables",
"info": "",
"x": 250,
"y": 100,
"wires": []
},
{
"id": "b5acdc7f6b58e3cd",
"type": "comment",
"z": "e4cce7cb21b245cb",
"name": "delete tables",
"info": "",
"x": 250,
"y": 200,
"wires": []
},
{
"id": "efc25760311815df",
"type": "sqlitedb",
"db": "E:\\acl\\table.db",
"mode": "RWC"
}
]
[
{
"id": "39931c664b6f7c7c",
"type": "http in",
"z": "1398c183662f7310",
"name": "",
"url": "/todolist",
"method": "get",
"upload": false,
"swaggerDoc": "",
"x": 90,
"y": 140,
"wires": [
[
"4b219bb347e11f32"
]
]
},
{
"id": "4f890b1aaa8f2da3",
"type": "template",
"z": "1398c183662f7310",
"name": "website",
"field": "payload",
"fieldType": "msg",
"format": "handlebars",
"syntax": "mustache",
"template": "<!DOCTYPE html>\n<html>\n <head>\n <link rel=\"stylesheet\" href=\"https://cdn.jsdelivr.net/npm/bootswatch@4.5.2/dist/slate/bootstrap.min.css\"\n integrity=\"sha384-8iuq0iaMHpnH2vSyvZMSIqQuUnQA7QM+f6srIdlgBrTSEyd//AWNMyEaSF2yPzNQ\" crossorigin=\"anonymous\">\n <title>Todo-List</title>\n</head>\n\n\n<body>\n <div class=\"container\">\n<h1>My TO-DO List</h1>\n</div>\n<div class=\"container\">\n <table class=\"table\">\n <thead>\n <tr>\n <th scope=\"col\">List</th>\n <th scope=\"col\"></th>\n \n \n \n </tr>\n </thead>\n <tbody>\n {{#payload}} \n <tr class=\"table-primary\">\n <td style=\"color:white\">{{list}}</td>\n \n <td><a href=\"/todolist/delete/{{rowid}}\" class=\"btn btn-danger\">Delete</a></td>\n </tr>\n {{/payload}} \n \n \n </tbody>\n </table>\n <form method=\"POST\" action=\"/todolist\">\n <label for=\"name\">Make your own list</label>\n <input class=\"form-control\" id=\"list\" name=\"list\">\n {{!-- <label for=\"url\">Url</label>\n <input class=\"form-control\" id=\"url\" name=\"url\"> --}}\n <button class=\"btn btn-primary\" onclick=\"test()\">Add</button>\n </form>\n \n</div>\n \n\n</body>\n\n</html>",
"output": "str",
"x": 620,
"y": 120,
"wires": [
[
"583037ebaf9ac6ea"
]
]
},
{
"id": "045a0235e9353a04",
"type": "http in",
"z": "1398c183662f7310",
"name": "",
"url": "/todolist",
"method": "post",
"upload": false,
"swaggerDoc": "",
"x": 90,
"y": 200,
"wires": [
[
"903c4f053052a161"
]
]
},
{
"id": "903c4f053052a161",
"type": "template",
"z": "1398c183662f7310",
"name": "insert",
"field": "topic",
"fieldType": "msg",
"format": "handlebars",
"syntax": "mustache",
"template": "INSERT INTO list VALUES ('{{payload.list}}')\n",
"output": "str",
"x": 270,
"y": 200,
"wires": [
[
"527fdbc0efa2ca01"
]
]
},
{
"id": "4b219bb347e11f32",
"type": "sqlite",
"z": "1398c183662f7310",
"mydb": "efc25760311815df",
"sqlquery": "fixed",
"sql": "SELECT rowid, * FROM list\n \n",
"name": "db",
"x": 470,
"y": 120,
"wires": [
[
"4f890b1aaa8f2da3"
]
]
},
{
"id": "527fdbc0efa2ca01",
"type": "sqlite",
"z": "1398c183662f7310",
"mydb": "efc25760311815df",
"sqlquery": "msg.topic",
"sql": "INSERT INTO LIST VALUES (?)\n \n",
"name": "dbsq",
"x": 510,
"y": 200,
"wires": [
[
"4b219bb347e11f32"
]
]
},
{
"id": "321835e031a8a6f8",
"type": "http in",
"z": "1398c183662f7310",
"name": "",
"url": "/todolist/delete/:rowid",
"method": "get",
"upload": false,
"swaggerDoc": "",
"x": 110,
"y": 260,
"wires": [
[
"7683f130b0c7f976"
]
]
},
{
"id": "7683f130b0c7f976",
"type": "template",
"z": "1398c183662f7310",
"name": "delete",
"field": "topic",
"fieldType": "msg",
"format": "sql",
"syntax": "mustache",
"template": "DELETE FROM list WHERE rowid ={{req.params.rowid}}\n\n\n",
"output": "str",
"x": 370,
"y": 260,
"wires": [
[
"527fdbc0efa2ca01"
]
]
},
{
"id": "583037ebaf9ac6ea",
"type": "http response",
"z": "1398c183662f7310",
"name": "",
"statusCode": "",
"headers": {},
"x": 790,
"y": 120,
"wires": []
},
{
"id": "efc25760311815df",
"type": "sqlitedb",
"db": "E:\\acl\\table.db",
"mode": "RWC"
}
]
[
{
"id": "0f72583a6e3b7796",
"type": "http response",
"z": "88801074abacc452",
"name": "",
"statusCode": "",
"headers": {},
"x": 790,
"y": 200,
"wires": []
},
{
"id": "904c322a27e79625",
"type": "http response",
"z": "88801074abacc452",
"name": "",
"statusCode": "",
"headers": {},
"x": 770,
"y": 140,
"wires": []
},
{
"id": "5746b2c8a2d3fd1a",
"type": "http in",
"z": "88801074abacc452",
"name": "",
"url": "/acl",
"method": "get",
"upload": false,
"swaggerDoc": "",
"x": 80,
"y": 120,
"wires": [
[
"3e12d89df745c665"
]
]
},
{
"id": "5260e67ad96e62cf",
"type": "template",
"z": "88801074abacc452",
"name": "for admins only",
"field": "payload",
"fieldType": "msg",
"format": "handlebars",
"syntax": "mustache",
"template": "<!DOCTYPE html>\n<html>\n <head>\n <link rel=\"stylesheet\" href=\"https://cdn.jsdelivr.net/npm/bootswatch@4.5.2/dist/slate/bootstrap.min.css\"\n integrity=\"sha384-8iuq0iaMHpnH2vSyvZMSIqQuUnQA7QM+f6srIdlgBrTSEyd//AWNMyEaSF2yPzNQ\" crossorigin=\"anonymous\">\n <title>Todo-List</title>\n </head>\n\n<body>\n <div class=\"container\">\n<h1>My TO-DO List</h1>\n</div>\n<div class=\"container\">\n <table class=\"table\">\n <thead>\n <tr>\n <th scope=\"col\">List</th>\n <th scope=\"col\"></th>\n \n \n \n </tr>\n </thead>\n <tbody>\n {{#payload}} \n <tr class=\"table-primary\">\n <td style=\"color:white\">{{list}}</td>\n <td><a href=\"/todolist/delete/{{rowid}}\" class=\"btn btn-danger\">Delete</a></td>\n </tr>\n {{/payload}}\n \n </tbody>\n </table>\n <form method=\"POST\" action=\"/todolist\">\n <label for=\"name\">Make your own list</label>\n <input class=\"form-control\" id=\"list\" name=\"list\">\n {{!-- <label for=\"url\">Url</label>\n <input class=\"form-control\" id=\"url\" name=\"url\"> --}}\n <button class=\"btn btn-primary\" onclick=\"test()\">Add</button>\n </form>\n \n</div>\n<script> \n $(\"delete-button\").empty();\n</script>\n \n\n</body>\n\n</html>",
"x": 600,
"y": 140,
"wires": [
[
"904c322a27e79625"
]
]
},
{
"id": "8549f30d31d44505",
"type": "template",
"z": "88801074abacc452",
"name": "for allowed users only",
"field": "payload",
"fieldType": "msg",
"format": "handlebars",
"syntax": "mustache",
"template": "<!DOCTYPE html>\n<html>\n <head>\n <link rel=\"stylesheet\" href=\"https://cdn.jsdelivr.net/npm/bootswatch@4.5.2/dist/slate/bootstrap.min.css\"\n integrity=\"sha384-8iuq0iaMHpnH2vSyvZMSIqQuUnQA7QM+f6srIdlgBrTSEyd//AWNMyEaSF2yPzNQ\" crossorigin=\"anonymous\">\n <title>Todo-List</title>\n</head>\n\n<body>\n <div class=\"container\">\n<h1>My TO-DO List</h1>\n</div>\n<div class=\"container\">\n <table class=\"table\">\n <thead>\n <tr>\n <th scope=\"col\">List</th>\n <th scope=\"col\"></th>\n \n \n \n </tr>\n </thead>\n <tbody>\n {{#payload}} \n <tr class=\"table-primary\">\n <td style=\"color:white\">{{list}}</td>\n \n \n <td><button class=\"btn btn-danger\" onclick=\"myFunction()\">Delete</button></td>\n \n \n </tr>\n {{/payload}}\n \n \n </tbody>\n </table>\n <form method=\"POST\" action=\"/todolist\">\n <label for=\"name\">Make your own list</label>\n <input class=\"form-control\" id=\"list\" name=\"list\">\n \n <button class=\"btn btn-primary\" onclick=\"test()\">Add</button>\n </form>\n \n</div>\n<script>\nfunction myFunction() {\n alert(\"Only admin can access\");\n}\n</script>\n \n\n</body>\n\n</html>",
"x": 600,
"y": 200,
"wires": [
[
"0f72583a6e3b7796"
]
]
},
{
"id": "825acb9cda2aceff",
"type": "switch",
"z": "88801074abacc452",
"name": "check user scope",
"property": "payload.user.scope",
"propertyType": "msg",
"rules": [
{
"t": "eq",
"v": "admin",
"vt": "str"
},
{
"t": "eq",
"v": "user",
"vt": "str"
}
],
"checkall": "false",
"repair": false,
"outputs": 2,
"x": 370,
"y": 160,
"wires": [
[
"5260e67ad96e62cf"
],
[
"8549f30d31d44505"
]
]
},
{
"id": "a74709e6c02ff041",
"type": "template",
"z": "88801074abacc452",
"name": "custom login page",
"field": "payload",
"fieldType": "msg",
"format": "handlebars",
"syntax": "mustache",
"template": "<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <meta name=\"apple-mobile-web-app-capable\" content=\"yes\">\n <meta name=\"mobile-web-app-capable\" content=\"yes\">\n <style>\n * {\n box-sizing: border-box;\n}\n\nhtml {\n height: 100%;\n}\n\nbody {\n margin: 0;\n height: 100%;\n font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, Helvetica, Arial, sans-serif, \"Apple Color Emoji\", \"Segoe UI Emoji\", \"Segoe UI Symbol\";\n font-size: 15px;\n background: #000;\n}\n\n.form-group {\n margin-bottom: 15px;\n}\n\n.form-group input {\n width: 100%;\n border-radius: 2px;\n\n display: block;\n width: 100%;\n height: 34px;\n padding: 6px 12px;\n font-size: 14px;\n line-height: 1.42857143;\n color: #555;\n outline: 0;\n border: 1px solid #ddd;\n}\n\n.login-wrapper > a, button {\n text-decoration: none;\n cursor: pointer;\n background-color: #00979C;\n border: 1px solid #008d92;\n color: #f3f5f6;\n transition: color 0.2s, background-color 0.2s;\n\n text-align: center;\n padding: 12px 60px;\n font-size: 1.2rem;\n display: inline-block;\n margin-bottom: 1rem;\n border-radius: 2px;\n background-color: #00979C;\n font-weight: bold;\n text-transform: uppercase;\n}\n\n.login-wrapper > a:hover, .login-wrapper > a:active,\nbutton:hover, button:active {\n background-color: #00b5bb;\n color: #f3f5f6;\n border-color: #00abb0;\n}\n\n.login-wrapper {\n position: absolute;\n padding: 15px;\n margin: 0 auto;\n width: 400px;\n color: #EFF0F1;\n text-align: center;\n left: calc(50% - 200px);\n top: calc(50% - 180px);\n}\n\n.response {\n margin-top: 10px;\n padding: 15px;\n color: #fff;\n border-radius: 2px;\n}\n\n.response.success {\n background-color: #51b385;\n border-color: #63bb92;\n}\n\n.response.error {\n background-color: #c11532;\n border-color: #c11532;\n}\n\n@media (max-width: 768px) {\n .login-wrapper {\n width: 100%;\n left: 0;\n top: 100px;\n padding: 15px 30px;\n }\n}\n </style>\n <title>Access Control List</title>\n</head>\n<body>\n\n <div class=\"login-wrapper\">\n \n <h1>Login</h1>\n <form id=\"login-form\">\n <div class=\"form-group\">\n <input type=\"text\" name=\"username\" placeholder=\"Username\"/> \n </div>\n <div class=\"form-group\">\n <input type=\"password\" name=\"password\" placeholder=\"Password\"/> \n </div>\n <button type=\"submit\">Login</button>\n <div class=\"response\"></div>\n </form>\n\n </div>\n \n <script src=\"http://code.jquery.com/jquery-3.3.1.min.js\"></script>\n <script>\n var responseTimer;\n\n function showResponse(message, type) {\n $(\".response\").text(message);\n $(\".response\").removeClass(\"success\").removeClass(\"error\").addClass(type).show();\n\n clearTimeout(responseTimer);\n responseTimer = setTimeout(function () {\n $(\".response\").fadeOut();\n }, 4000);\n }\n\n function getParameterByName(name) {\n var match = RegExp('[?&]' + name + '=([^&]*)').exec(window.location.search);\n return match && decodeURIComponent(match[1].replace(/\\+/g, ' '));\n }\n\n $(\"#login-form\").submit(function (e) {\n e.preventDefault();\n var username = $(this).find(\"input[name=username]\").val();\n var password = $(this).find(\"input[name=password]\").val();\n var cred = {\n username: username,\n password: password\n };\n $.post('/users', cred).done(function () {\n showResponse(\"Login success! Redirecting...\", \"success\");\n setTimeout(function () {\n window.location = '/acl'; \n }, 2000); \n }).fail(function (xhr) {\n var msg = \"\";\n switch(xhr.status) {\n case 0:\n msg = \"Failed to connect with server.\";\n break;\n case 401: \n msg = \"Unauthorized: username and password not found\";\n break;\n default: \n msg = \"Server error: oops.. something went wrong...\";\n }\n showResponse(msg, \"error\");\n });\n });\n </script>\n\n</body>\n</html>",
"x": 330,
"y": 240,
"wires": [
[
"2d6b83ebd7516c52"
]
]
},
{
"id": "3e12d89df745c665",
"type": "users_isloggedin",
"z": "88801074abacc452",
"name": "log in",
"enableCustomHandler": true,
"outputs": 2,
"x": 170,
"y": 180,
"wires": [
[
"825acb9cda2aceff"
],
[
"a74709e6c02ff041"
]
]
},
{
"id": "2d6b83ebd7516c52",
"type": "http response",
"z": "88801074abacc452",
"name": "",
"statusCode": "",
"headers": {},
"x": 510,
"y": 260,
"wires": []
}
]
icon.