adminAuth.users[].*.permissions: array or string?

General
1

Hi all,

A silly question, I've been trying to get a custom HTTP end-point for a node working -- this has an endpoint which lists what serial ports are available (should be a familiar problem).

My endpoint code looks like this:


    RED.httpAdmin.get(
        '/wsmodbus/serial/ports',
        RED.auth.needsPermission('serial.read'),
        function (req, res) {
            const fs = require('fs');
            const os = require('os');

            try {
                /*… etc … */
                res.json(the_list);
            } catch (err) {
                res.status(500);
                res.json([err.message]);
            }
        }
    );

Now, my settings.js has this:

    adminAuth: {
        type: "credentials",
        users: [{
            username: "admin",
            password: "…",
            permissions: "*"
        }]
    },

This is basically what is seen in the documentation.

If I try to hit the endpoint from the UI, I get error 401: Unauthorized. I would have thought * meant access all areas. Node-RED begs to differ it would seem.

Elsewhere, I saw this written as an array. This sed command indeed resolved the 401 error:

sed -ie '/permissions:/ s/"\*"/["*"]/g' config/settings.js

Sadly, JSON won't let me make it both an array and a string simultaneously, I have to choose one or the other. The array form is undocumented, the string form doesn't seem to work as advertised.

Which is it meant to be?

2

The permissions value can be either a single string ("*"), or an array of strings (["*"]).

The array option isn't documented as such as we haven't really documented the ability for users to have finer grained permissions than the 'read-only' or 'full read-write (*) options in the docs.

I've just tested locally and it is working fine for me with either style "*" or [ "*" ].

3

Ahh okay, it was just confusing for a while, the endpoint didn't seem to be operational, having reverted my change to settings.js, it appears to be working fine now so I'm at a loss to explain what is different.

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.