adminAuth.users[].*.permissions: array or string?

Hi all,

A silly question, I've been trying to get a custom HTTP end-point for a node working -- this has an endpoint which lists what serial ports are available (should be a familiar problem).

My endpoint code looks like this:


    RED.httpAdmin.get(
        '/wsmodbus/serial/ports',
        RED.auth.needsPermission('serial.read'),
        function (req, res) {
            const fs = require('fs');
            const os = require('os');

            try {
                /*… etc … */
                res.json(the_list);
            } catch (err) {
                res.status(500);
                res.json([err.message]);
            }
        }
    );

Now, my settings.js has this:

    adminAuth: {
        type: "credentials",
        users: [{
            username: "admin",
            password: "…",
            permissions: "*"
        }]
    },

This is basically what is seen in the documentation.

If I try to hit the endpoint from the UI, I get error 401: Unauthorized. I would have thought * meant access all areas. Node-RED begs to differ it would seem.

Elsewhere, I saw this written as an array. This sed command indeed resolved the 401 error:

sed -ie '/permissions:/ s/"\*"/["*"]/g' config/settings.js 

Sadly, JSON won't let me make it both an array and a string simultaneously, I have to choose one or the other. The array form is undocumented, the string form doesn't seem to work as advertised.

Which is it meant to be?

The permissions value can be either a single string ("*"), or an array of strings (["*"]).

The array option isn't documented as such as we haven't really documented the ability for users to have finer grained permissions than the 'read-only' or 'full read-write (*) options in the docs.

I've just tested locally and it is working fine for me with either style "*" or [ "*" ].

Ahh okay, it was just confusing for a while, the endpoint didn't seem to be operational, having reverted my change to settings.js, it appears to be working fine now so I'm at a loss to explain what is different.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.