Implementing Admin Approval for User-Created Workflows in Node-RED

I have an idea to add a feature in the Node-RED source code. This feature would require that after a user creates their own workflow, it must be approved by an administrator before it can be deployed. How can this be implemented?

1 Like

Following the pure sense of your words, this is not possible. As long as the flow isn't deployed, it's only existing in the browser of your user person - thus on the client side.
Once the flow is deployed - sent to the server side - you may patch into the process that follows and prevent the execution of this flow until a review process was performed. There are server side events that signal a deployment process, that you may use to trigger your changed logic.
Whereas everything is possible & NR is a great tool, just be aware that it looks like a long way you have to go until you get what you intend.
There might yet be an alternative: FlowFuse - the commercial product built upon Node-RED. I propose to check its feature on their webpage...

3 Likes

I 2nd this.

FlowFuse has much tighter control over ACLs and alike - we use it in our business, and can control the Nodes they have access to - allowing them to create flows without any risk to internal systems.

We isolate Node RED installs, where we control the feature set/Nodes exposed in each instance.

To have flow approval in Node RED if not available now, will doubt its part of the vision for Node RED - of course we are not core developers of the project, so I may be way of the Mark, but flow approval isn't something I can envision my self, At least there doesn't seem to be a common need for it.

You can use FlowFuse as a staging & production system perhaps, with limited functionality on the staging instance, and an administrator/Team Owner can move the flow to a production instance within FlowFuse once checked - but that is an internal practice you will have to adopt.

2 Likes

To do this for your own deployments, I think that Marcus has already touched on the answer. That would be that each dev must have their own instance of Node-RED and you define a process for promoting flows from dev to staging and then the admin is the only person permitted to promote to live (though you could easily replace "admin" by an automated process too).

I would probably be tempted to use Node-RED's built-in library capability to do this - by having a standard library name that developers can move bits-of or full flows to.

Though you could probably use Node-RED's projects capability instead. Personally, I'm not a fan of the projects and I like the idea and flexibility of using the library which, as you can see from the image, simply saves flows to a JSON file. Assuming all dev instances and the staging instance are on the same server, having a shared folder (using filing system soft links perhaps) should be trivial.

3 Likes

ah, I am found FlowFuse, I just tried it, very nice I want to do