Is there any way to insert a security in a certain TAB?
I have a system with several TAB's and a specific TAB is for system settings and it doesn't make sense for the common user to have access, just let's say the supervisor or coordinator above the user.
I don't want to confuse you with the security of the entire dashboard, I know that there is a way to apply this security. But this I don't want.
I want something that is specific only to a "TAB".
You need to remember that Dashboard is a "Single-page app" (SPA). That means that, though it LOOKS like multiple pages, it isn't. It is a single web page.
So the short answer is no, I don't think that is possible in a completely secure way.
However, if there is a way to identify which users are admins, not sure if Dashboard allows hiding a tab? I doubt that is fully secure but it would at least prevent casual access.
Noting though that I rarely use Dashboard so I may be outdated in my understanding.
Correct - you can hide tabs - but that is only security by obscurity and someone could easily guess the url of the hidden tab as they are just numbered /1 /2 etc... so I would suggest this is not secure.
I know that you are experienced and senior level programmers. And when it comes to security, you take it extremely seriously.
This system runs on a local network without internet access. So I don't have concerns about the maximum level of security.
This is just to prevent accidents... in the course of using the system.
I would like to implement some basic security on the dasboard itself. To prevent the "Curious" user from messing with something that is theoretically not allowed.
Well, glad you've thought about your environment and needs. Obviously we have to respond assuming that someone will read the thread in the future and misinterpret things so it is good to be cautious.
Just make sure that you never allow the scope to creep and write lots of dire warnings about what will happen if someone ever widens the scope or the security needs creep up.
One possible approach then would be to hide all tabs until someone has filled in a form on the remaining tab. Check the input in a flow and if all is OK, hide that tab and show the other appropriate tabs. Very low security but possibly enough for what you want. Of course, you will need to decide how to keep track of who has filled in the form. The simple thing would be to track the login tab data against the users msg._socketid - this is an indicator of the physical connection. Just note that it will reset if the socket.io connection is lost either due to the user reloading the page or because the users PC went to sleep for example.
If you want to do more, uibuilder offers additional client data you could use. But of course, you lose the no-code dashboard approach that Dashboard gives you.
Well, glad you've thought about your environment and needs. Obviously we have to respond assuming that someone will read the thread in the future and misinterpret things so it is good to be cautious.
Just make sure that you never allow the scope to creep and write lots of dire warnings about what will happen if someone ever widens the scope or the security needs creep up.
yes, we have to keep the forum database up to date.
One possible approach then would be to hide all tabs until someone has filled in a form on the remaining tab. Check the input in a flow and if all is OK, hide that tab and show the other appropriate tabs. Very low security but possibly enough for what you want. Of course, you will need to decide how to keep track of who has filled in the form.
I'm still lost on how to do this. I say where?
If you want to do more, uibuilder offers additional client data you could use. But of course, you lose the no-code dashboard approach that Dashboard gives you.
I've heard about this UI_BUILDER around here but I have no idea how it works.
It is uibuilderui_..... refers to Dashboard related things, uib_.... is the short name that uibuilder uses.
Ouch! Thanks for dismissing several years of work!
But yes, you are wrong.
Just because you don't want to do all of the heavy lifting of setting up a back-end compute tool and hand-coding all the logic does not mean that you won't want to code the front-end.
And then uibuilder also greatly reduces the amount of code you need to hand-craft in order have a data-driven web app working with Node-RED. So it is absolutely a "low-code" option from that perspective.
On top of that, there are also capabilities that enable you to create UI's direct from Node-RED configuration data - so even lower-code options.
And finally, the initial no-code capabilities are about to land. in v6.1.
"they"?
If I had the resources of Microsoft, I could certainly create something vastly better than Access!
But if you mean being able to create a tabular display from node-red data - well uibuilder has been helping with that for some years with the help of front-end frameworks like VueJS and bootstrap-vue. But the next release will be able to create an HTML table from node-red with no coding at all. Display only right now, but edit capabilities will certainly be added.
No problem - with over 40 years in IT, my skin is terribly thick You don't need to worry about my feelings but care over wording in forums is sensible. We all make mistakes though.
Cool. I'm generally around at least every few days so do reach out on the forum, I'm always happy to hear from people about their needs, how things can be improved, etc. I'm happy to take PR's too for anyone who wants to contribute
You might even want to try using the beta v6.1 which has more client information passed back to Node-RED which might be helpful. It also has the beginnings of the zero-code tooling.
