Access Control list

I have created one to-do list with the access control , where user and admin can add task in the list , but only admin can delete the task not the user , but i don't know where the problem is , in my code the user is can able to delete , but i don't want that . i just want to give that delete permission to the admin not the user . i want when the user will click the delete button it will show pop up alert .

 [
    {
        "id": "54f307e930537306",
        "type": "sqlite",
        "z": "e4cce7cb21b245cb",
        "mydb": "efc25760311815df",
        "sqlquery": "msg.topic",
        "sql": "DELETE FROM list WHERE rowid = {{req.params.rowid}}",
        "name": "db1",
        "x": 510,
        "y": 200,
        "wires": [
            []
        ]
    },
    {
        "id": "be2c3811ec261bc1",
        "type": "inject",
        "z": "e4cce7cb21b245cb",
        "name": "create list",
        "props": [
            {
                "p": "payload"
            },
            {
                "p": "topic",
                "vt": "str"
            }
        ],
        "repeat": "",
        "crontab": "",
        "once": false,
        "onceDelay": 0.1,
        "topic": "CREATE TABLE list(list)",
        "payload": "",
        "payloadType": "date",
        "x": 270,
        "y": 140,
        "wires": [
            [
                "54f307e930537306"
            ]
        ]
    },
    {
        "id": "61d43c6c6eb8e185",
        "type": "inject",
        "z": "e4cce7cb21b245cb",
        "name": "delete list",
        "props": [
            {
                "p": "payload"
            },
            {
                "p": "topic",
                "vt": "str"
            }
        ],
        "repeat": "",
        "crontab": "",
        "once": false,
        "onceDelay": 0.1,
        "topic": "DELETE FROM list;",
        "payload": "",
        "payloadType": "date",
        "x": 250,
        "y": 240,
        "wires": [
            [
                "54f307e930537306"
            ]
        ]
    },
    {
        "id": "7476e933267ac97d",
        "type": "comment",
        "z": "e4cce7cb21b245cb",
        "name": "create tables",
        "info": "",
        "x": 250,
        "y": 100,
        "wires": []
    },
    {
        "id": "b5acdc7f6b58e3cd",
        "type": "comment",
        "z": "e4cce7cb21b245cb",
        "name": "delete tables",
        "info": "",
        "x": 250,
        "y": 200,
        "wires": []
    },
    {
        "id": "efc25760311815df",
        "type": "sqlitedb",
        "db": "E:\\acl\\table.db",
        "mode": "RWC"
    }
]





[
    {
        "id": "39931c664b6f7c7c",
        "type": "http in",
        "z": "1398c183662f7310",
        "name": "",
        "url": "/todolist",
        "method": "get",
        "upload": false,
        "swaggerDoc": "",
        "x": 90,
        "y": 140,
        "wires": [
            [
                "4b219bb347e11f32"
            ]
        ]
    },
    {
        "id": "4f890b1aaa8f2da3",
        "type": "template",
        "z": "1398c183662f7310",
        "name": "website",
        "field": "payload",
        "fieldType": "msg",
        "format": "handlebars",
        "syntax": "mustache",
        "template": "<!DOCTYPE html>\n<html>\n    <head>\n        <link rel=\"stylesheet\" href=\"https://cdn.jsdelivr.net/npm/bootswatch@4.5.2/dist/slate/bootstrap.min.css\"\n            integrity=\"sha384-8iuq0iaMHpnH2vSyvZMSIqQuUnQA7QM+f6srIdlgBrTSEyd//AWNMyEaSF2yPzNQ\" crossorigin=\"anonymous\">\n   <title>Todo-List</title>\n</head>\n\n\n<body>\n    <div class=\"container\">\n<h1>My TO-DO List</h1>\n</div>\n<div class=\"container\">\n    <table class=\"table\">\n        <thead>\n            <tr>\n                <th scope=\"col\">List</th>\n                <th scope=\"col\"></th>\n                \n                  \n               \n            </tr>\n        </thead>\n        <tbody>\n            {{#payload}}    \n            <tr class=\"table-primary\">\n                <td style=\"color:white\">{{list}}</td>\n               \n                <td><a href=\"/todolist/delete/{{rowid}}\" class=\"btn btn-danger\">Delete</a></td>\n            </tr>\n            {{/payload}} \n            \n            \n        </tbody>\n    </table>\n    <form method=\"POST\" action=\"/todolist\">\n    <label for=\"name\">Make your own list</label>\n    <input class=\"form-control\" id=\"list\" name=\"list\">\n     {{!-- <label for=\"url\">Url</label>\n    <input class=\"form-control\" id=\"url\" name=\"url\"> --}}\n    <button class=\"btn btn-primary\" onclick=\"test()\">Add</button>\n    </form>\n    \n</div>\n    \n\n</body>\n\n</html>",
        "output": "str",
        "x": 620,
        "y": 120,
        "wires": [
            [
                "583037ebaf9ac6ea"
            ]
        ]
    },
    {
        "id": "045a0235e9353a04",
        "type": "http in",
        "z": "1398c183662f7310",
        "name": "",
        "url": "/todolist",
        "method": "post",
        "upload": false,
        "swaggerDoc": "",
        "x": 90,
        "y": 200,
        "wires": [
            [
                "903c4f053052a161"
            ]
        ]
    },
    {
        "id": "903c4f053052a161",
        "type": "template",
        "z": "1398c183662f7310",
        "name": "insert",
        "field": "topic",
        "fieldType": "msg",
        "format": "handlebars",
        "syntax": "mustache",
        "template": "INSERT INTO list VALUES ('{{payload.list}}')\n",
        "output": "str",
        "x": 270,
        "y": 200,
        "wires": [
            [
                "527fdbc0efa2ca01"
            ]
        ]
    },
    {
        "id": "4b219bb347e11f32",
        "type": "sqlite",
        "z": "1398c183662f7310",
        "mydb": "efc25760311815df",
        "sqlquery": "fixed",
        "sql": "SELECT rowid, * FROM list\n    \n",
        "name": "db",
        "x": 470,
        "y": 120,
        "wires": [
            [
                "4f890b1aaa8f2da3"
            ]
        ]
    },
    {
        "id": "527fdbc0efa2ca01",
        "type": "sqlite",
        "z": "1398c183662f7310",
        "mydb": "efc25760311815df",
        "sqlquery": "msg.topic",
        "sql": "INSERT INTO LIST VALUES (?)\n    \n",
        "name": "dbsq",
        "x": 510,
        "y": 200,
        "wires": [
            [
                "4b219bb347e11f32"
            ]
        ]
    },
    {
        "id": "321835e031a8a6f8",
        "type": "http in",
        "z": "1398c183662f7310",
        "name": "",
        "url": "/todolist/delete/:rowid",
        "method": "get",
        "upload": false,
        "swaggerDoc": "",
        "x": 110,
        "y": 260,
        "wires": [
            [
                "7683f130b0c7f976"
            ]
        ]
    },
    {
        "id": "7683f130b0c7f976",
        "type": "template",
        "z": "1398c183662f7310",
        "name": "delete",
        "field": "topic",
        "fieldType": "msg",
        "format": "sql",
        "syntax": "mustache",
        "template": "DELETE FROM list WHERE rowid ={{req.params.rowid}}\n\n\n",
        "output": "str",
        "x": 370,
        "y": 260,
        "wires": [
            [
                "527fdbc0efa2ca01"
            ]
        ]
    },
    {
        "id": "583037ebaf9ac6ea",
        "type": "http response",
        "z": "1398c183662f7310",
        "name": "",
        "statusCode": "",
        "headers": {},
        "x": 790,
        "y": 120,
        "wires": []
    },
    {
        "id": "efc25760311815df",
        "type": "sqlitedb",
        "db": "E:\\acl\\table.db",
        "mode": "RWC"
    }
]





[
    {
        "id": "0f72583a6e3b7796",
        "type": "http response",
        "z": "88801074abacc452",
        "name": "",
        "statusCode": "",
        "headers": {},
        "x": 790,
        "y": 200,
        "wires": []
    },
    {
        "id": "904c322a27e79625",
        "type": "http response",
        "z": "88801074abacc452",
        "name": "",
        "statusCode": "",
        "headers": {},
        "x": 770,
        "y": 140,
        "wires": []
    },
    {
        "id": "5746b2c8a2d3fd1a",
        "type": "http in",
        "z": "88801074abacc452",
        "name": "",
        "url": "/acl",
        "method": "get",
        "upload": false,
        "swaggerDoc": "",
        "x": 80,
        "y": 120,
        "wires": [
            [
                "3e12d89df745c665"
            ]
        ]
    },
    {
        "id": "5260e67ad96e62cf",
        "type": "template",
        "z": "88801074abacc452",
        "name": "for admins only",
        "field": "payload",
        "fieldType": "msg",
        "format": "handlebars",
        "syntax": "mustache",
        "template": "<!DOCTYPE html>\n<html>\n    <head>\n        <link rel=\"stylesheet\" href=\"https://cdn.jsdelivr.net/npm/bootswatch@4.5.2/dist/slate/bootstrap.min.css\"\n            integrity=\"sha384-8iuq0iaMHpnH2vSyvZMSIqQuUnQA7QM+f6srIdlgBrTSEyd//AWNMyEaSF2yPzNQ\" crossorigin=\"anonymous\">\n    <title>Todo-List</title>\n    </head>\n\n<body>\n    <div class=\"container\">\n<h1>My TO-DO List</h1>\n</div>\n<div class=\"container\">\n    <table class=\"table\">\n        <thead>\n            <tr>\n                <th scope=\"col\">List</th>\n                <th scope=\"col\"></th>\n                \n                  \n               \n            </tr>\n        </thead>\n        <tbody>\n            {{#payload}}    \n            <tr class=\"table-primary\">\n                <td style=\"color:white\">{{list}}</td>\n                <td><a href=\"/todolist/delete/{{rowid}}\" class=\"btn btn-danger\">Delete</a></td>\n                </tr>\n            {{/payload}}\n            \n        </tbody>\n    </table>\n    <form method=\"POST\" action=\"/todolist\">\n    <label for=\"name\">Make your own list</label>\n    <input class=\"form-control\" id=\"list\" name=\"list\">\n     {{!-- <label for=\"url\">Url</label>\n    <input class=\"form-control\" id=\"url\" name=\"url\"> --}}\n    <button class=\"btn btn-primary\" onclick=\"test()\">Add</button>\n    </form>\n    \n</div>\n<script>            \n       $(\"delete-button\").empty();\n</script>\n    \n\n</body>\n\n</html>",
        "x": 600,
        "y": 140,
        "wires": [
            [
                "904c322a27e79625"
            ]
        ]
    },
    {
        "id": "8549f30d31d44505",
        "type": "template",
        "z": "88801074abacc452",
        "name": "for allowed users only",
        "field": "payload",
        "fieldType": "msg",
        "format": "handlebars",
        "syntax": "mustache",
        "template": "<!DOCTYPE html>\n<html>\n    <head>\n        <link rel=\"stylesheet\" href=\"https://cdn.jsdelivr.net/npm/bootswatch@4.5.2/dist/slate/bootstrap.min.css\"\n            integrity=\"sha384-8iuq0iaMHpnH2vSyvZMSIqQuUnQA7QM+f6srIdlgBrTSEyd//AWNMyEaSF2yPzNQ\" crossorigin=\"anonymous\">\n    <title>Todo-List</title>\n</head>\n\n<body>\n    <div class=\"container\">\n<h1>My TO-DO List</h1>\n</div>\n<div class=\"container\">\n    <table class=\"table\">\n        <thead>\n            <tr>\n                <th scope=\"col\">List</th>\n                <th scope=\"col\"></th>\n                \n                  \n               \n            </tr>\n        </thead>\n        <tbody>\n            {{#payload}}    \n            <tr class=\"table-primary\">\n                <td style=\"color:white\">{{list}}</td>\n                 \n                 \n              <td><button class=\"btn btn-danger\" onclick=\"myFunction()\">Delete</button></td>\n              \n               \n            </tr>\n            {{/payload}}\n           \n            \n        </tbody>\n    </table>\n    <form method=\"POST\" action=\"/todolist\">\n    <label for=\"name\">Make your own list</label>\n    <input class=\"form-control\" id=\"list\" name=\"list\">\n  \n    <button class=\"btn btn-primary\" onclick=\"test()\">Add</button>\n    </form>\n    \n</div>\n<script>\nfunction myFunction() {\n  alert(\"Only admin can access\");\n}\n</script>\n    \n\n</body>\n\n</html>",
        "x": 600,
        "y": 200,
        "wires": [
            [
                "0f72583a6e3b7796"
            ]
        ]
    },
    {
        "id": "825acb9cda2aceff",
        "type": "switch",
        "z": "88801074abacc452",
        "name": "check user scope",
        "property": "payload.user.scope",
        "propertyType": "msg",
        "rules": [
            {
                "t": "eq",
                "v": "admin",
                "vt": "str"
            },
            {
                "t": "eq",
                "v": "user",
                "vt": "str"
            }
        ],
        "checkall": "false",
        "repair": false,
        "outputs": 2,
        "x": 370,
        "y": 160,
        "wires": [
            [
                "5260e67ad96e62cf"
            ],
            [
                "8549f30d31d44505"
            ]
        ]
    },
    {
        "id": "a74709e6c02ff041",
        "type": "template",
        "z": "88801074abacc452",
        "name": "custom login page",
        "field": "payload",
        "fieldType": "msg",
        "format": "handlebars",
        "syntax": "mustache",
        "template": "<html lang=\"en\">\n<head>\n  <meta charset=\"utf-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n  <meta name=\"apple-mobile-web-app-capable\" content=\"yes\">\n  <meta name=\"mobile-web-app-capable\" content=\"yes\">\n  <style>\n      * {\n  box-sizing: border-box;\n}\n\nhtml {\n  height: 100%;\n}\n\nbody {\n  margin: 0;\n  height: 100%;\n  font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, Helvetica, Arial, sans-serif, \"Apple Color Emoji\", \"Segoe UI Emoji\", \"Segoe UI Symbol\";\n  font-size: 15px;\n  background: #000;\n}\n\n.form-group {\n  margin-bottom: 15px;\n}\n\n.form-group input {\n  width: 100%;\n  border-radius: 2px;\n\n  display: block;\n  width: 100%;\n  height: 34px;\n  padding: 6px 12px;\n  font-size: 14px;\n  line-height: 1.42857143;\n  color: #555;\n  outline: 0;\n  border: 1px solid #ddd;\n}\n\n.login-wrapper > a, button {\n  text-decoration: none;\n  cursor: pointer;\n  background-color: #00979C;\n  border: 1px solid #008d92;\n  color: #f3f5f6;\n  transition: color 0.2s, background-color 0.2s;\n\n  text-align: center;\n  padding: 12px 60px;\n  font-size: 1.2rem;\n  display: inline-block;\n  margin-bottom: 1rem;\n  border-radius: 2px;\n  background-color: #00979C;\n  font-weight: bold;\n  text-transform: uppercase;\n}\n\n.login-wrapper > a:hover, .login-wrapper > a:active,\nbutton:hover, button:active {\n  background-color: #00b5bb;\n  color: #f3f5f6;\n  border-color: #00abb0;\n}\n\n.login-wrapper {\n  position: absolute;\n  padding: 15px;\n  margin: 0 auto;\n  width: 400px;\n  color: #EFF0F1;\n  text-align: center;\n  left: calc(50% - 200px);\n  top: calc(50% - 180px);\n}\n\n.response {\n  margin-top: 10px;\n  padding: 15px;\n  color: #fff;\n  border-radius: 2px;\n}\n\n.response.success {\n  background-color: #51b385;\n  border-color: #63bb92;\n}\n\n.response.error {\n  background-color: #c11532;\n  border-color: #c11532;\n}\n\n@media (max-width: 768px) {\n  .login-wrapper {\n    width: 100%;\n    left: 0;\n    top: 100px;\n    padding: 15px 30px;\n  }\n}\n  </style>\n  <title>Access Control List</title>\n</head>\n<body>\n\n  <div class=\"login-wrapper\">\n    \n    <h1>Login</h1>\n    <form id=\"login-form\">\n      <div class=\"form-group\">\n        <input type=\"text\" name=\"username\" placeholder=\"Username\"/>  \n      </div>\n      <div class=\"form-group\">\n        <input type=\"password\" name=\"password\" placeholder=\"Password\"/>  \n      </div>\n      <button type=\"submit\">Login</button>\n      <div class=\"response\"></div>\n    </form>\n\n  </div>\n    \n  <script src=\"http://code.jquery.com/jquery-3.3.1.min.js\"></script>\n  <script>\n    var responseTimer;\n\n    function showResponse(message, type) {\n      $(\".response\").text(message);\n      $(\".response\").removeClass(\"success\").removeClass(\"error\").addClass(type).show();\n\n      clearTimeout(responseTimer);\n      responseTimer = setTimeout(function () {\n        $(\".response\").fadeOut();\n      }, 4000);\n    }\n\n    function getParameterByName(name) {\n      var match = RegExp('[?&]' + name + '=([^&]*)').exec(window.location.search);\n      return match && decodeURIComponent(match[1].replace(/\\+/g, ' '));\n    }\n\n    $(\"#login-form\").submit(function (e) {\n      e.preventDefault();\n      var username = $(this).find(\"input[name=username]\").val();\n      var password = $(this).find(\"input[name=password]\").val();\n      var cred = {\n        username: username,\n        password: password\n      };\n      $.post('/users', cred).done(function () {\n        showResponse(\"Login success! Redirecting...\", \"success\");\n        setTimeout(function () {\n            window.location = '/acl';  \n        }, 2000);        \n      }).fail(function (xhr) {\n        var msg = \"\";\n        switch(xhr.status) {\n          case 0:\n            msg = \"Failed to connect with server.\";\n            break;\n          case 401: \n            msg = \"Unauthorized: username and password not found\";\n            break;\n          default: \n            msg = \"Server error: oops.. something went wrong...\";\n        }\n        showResponse(msg, \"error\");\n      });\n    });\n  </script>\n\n</body>\n</html>",
        "x": 330,
        "y": 240,
        "wires": [
            [
                "2d6b83ebd7516c52"
            ]
        ]
    },
    {
        "id": "3e12d89df745c665",
        "type": "users_isloggedin",
        "z": "88801074abacc452",
        "name": "log in",
        "enableCustomHandler": true,
        "outputs": 2,
        "x": 170,
        "y": 180,
        "wires": [
            [
                "825acb9cda2aceff"
            ],
            [
                "a74709e6c02ff041"
            ]
        ]
    },
    {
        "id": "2d6b83ebd7516c52",
        "type": "http response",
        "z": "88801074abacc452",
        "name": "",
        "statusCode": "",
        "headers": {},
        "x": 510,
        "y": 260,
        "wires": []
    }
]

Please fix up your post - it is currently unreadable.

In order to make code readable and usable it is necessary to surround your code with three backticks (also known as a left quote or backquote ```)

``` 
   code goes here 
```

You can edit and correct your post by clicking the pencil :pencil2: icon.

See this post for more details - How to share code or flow json