thingsboard-aplcache
Changes
ui/src/app/app.run.js 3(+3 -0)
Details
diff --git a/application/src/main/java/org/thingsboard/server/controller/BaseController.java b/application/src/main/java/org/thingsboard/server/controller/BaseController.java
index fe65fb5..2f63967 100644
--- a/application/src/main/java/org/thingsboard/server/controller/BaseController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/BaseController.java
@@ -317,6 +317,13 @@ public abstract class BaseController {
private void checkDashboard(Dashboard dashboard) throws ThingsboardException {
checkNotNull(dashboard);
checkTenantId(dashboard.getTenantId());
+ SecurityUser authUser = getCurrentUser();
+ if (authUser.getAuthority() == Authority.CUSTOMER_USER) {
+ if (dashboard.getCustomerId() == null || dashboard.getCustomerId().getId().equals(ModelConstants.NULL_UUID)) {
+ throw new ThingsboardException("You don't have permission to perform this operation!",
+ ThingsboardErrorCode.PERMISSION_DENIED);
+ }
+ }
if (dashboard.getCustomerId() != null && !dashboard.getCustomerId().getId().equals(ModelConstants.NULL_UUID)) {
checkCustomerId(dashboard.getCustomerId());
}
ui/src/app/app.run.js 3(+3 -0)
diff --git a/ui/src/app/app.run.js b/ui/src/app/app.run.js
index f6cbc18..057b413 100644
--- a/ui/src/app/app.run.js
+++ b/ui/src/app/app.run.js
@@ -23,7 +23,10 @@ export default function AppRun($rootScope, $window, $log, $state, $mdDialog, $fi
var unauthorizedDialog = null;
var forbiddenDialog = null;
+ $rootScope.iframeMode = false;
+
if (frame) {
+ $rootScope.iframeMode = true;
var dataWidgetAttr = angular.element(frame).attr('data-widget');
if (dataWidgetAttr) {
$rootScope.editWidgetInfo = angular.fromJson(dataWidgetAttr);
diff --git a/ui/src/app/dashboard/dashboard.controller.js b/ui/src/app/dashboard/dashboard.controller.js
index 3b5d819..49bd3bd 100644
--- a/ui/src/app/dashboard/dashboard.controller.js
+++ b/ui/src/app/dashboard/dashboard.controller.js
@@ -43,6 +43,7 @@ export default function DashboardController(types, widgetService, userService,
vm.rpcWidgetTypes = [];
vm.staticWidgetTypes = [];
vm.widgetEditMode = $state.$current.data.widgetEditMode;
+ vm.iframeMode = $rootScope.iframeMode;
vm.widgets = [];
vm.addWidget = addWidget;
diff --git a/ui/src/app/dashboard/dashboard.tpl.html b/ui/src/app/dashboard/dashboard.tpl.html
index 99f9c60..0b2bdd6 100644
--- a/ui/src/app/dashboard/dashboard.tpl.html
+++ b/ui/src/app/dashboard/dashboard.tpl.html
@@ -15,7 +15,7 @@
limitations under the License.
-->
-<md-content flex tb-expand-fullscreen="vm.widgetEditMode" hide-expand-button="vm.widgetEditMode">
+<md-content flex tb-expand-fullscreen="vm.widgetEditMode || vm.iframeMode" hide-expand-button="vm.widgetEditMode || vm.iframeMode">
<!--section ng-show="!vm.isAddingWidget && !loading && !vm.widgetEditMode" layout="row" layout-wrap
class="tb-header-buttons tb-top-header-buttons md-fab" ng-style="{'right': '50px'}">
<md-button ng-if="vm.isTenantAdmin()" ng-show="vm.isEdit" ng-disabled="loading"