-
-
Notifications
You must be signed in to change notification settings - Fork 432
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add viewer privilage #274
base: master
Are you sure you want to change the base?
Add viewer privilage #274
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for opening a PR !
However, it looks like the new implementation does not actually prevent the user from sending write commands to the socket.io handler. Users can actually write to the board even with a simple viewer token, the menu is just hidden in the ui
index.py
Outdated
# encode.py | ||
import datetime | ||
import jwt # import jwt library | ||
SECRET_KEY = "test123" | ||
# json data to encode | ||
json_data = { | ||
"roles": ["moderator:firstboard","viewer:hboard"] | ||
} | ||
encode_data = jwt.encode(payload=json_data, \ | ||
key=SECRET_KEY, algorithm="HS256") | ||
print(encode_data) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# encode.py | |
import datetime | |
import jwt # import jwt library | |
SECRET_KEY = "test123" | |
# json data to encode | |
json_data = { | |
"roles": ["moderator:firstboard","viewer:hboard"] | |
} | |
encode_data = jwt.encode(payload=json_data, \ | |
key=SECRET_KEY, algorithm="HS256") | |
print(encode_data) |
We probably don't want to create a python script here
package.json
Outdated
@@ -14,7 +14,7 @@ | |||
"jsonwebtoken": "^8.5.1", | |||
"polyfill-library": "^3.107.1", | |||
"serve-static": "^1.14.1", | |||
"socket.io": "^4", | |||
"socket.io": "^4.6.1", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This does not seem to be linked to the current PR. You can open a distinct pr to update dependencies
class BoardTemplate extends Template { | ||
parameters(parsedUrl, request, isModerator) { | ||
const params = super.parameters(parsedUrl, request, isModerator); | ||
const parts = parsedUrl.pathname.split("boards/", 2); | ||
console.log(parts[1]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
console.log(parts[1]); |
if (userRole === "viewer") { | ||
params["hideMenu"] = true; | ||
} else { | ||
params["hideMenu"] = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
params["hideMenu"] = false; | |
params["hideMenu"] = false; |
you don't want to override that. keep the value from the query
I've converted the PR to a draft, feel free to pass it back to "ready for review" when you want me to look at it again |
I've made an update to our whiteboard application that adds a new "viewer" permission to the JWT payload. This update will allow us to restrict users to only viewing the whiteboard, without giving them editing capabilities.