Minor fixes

Igor Kulikov
1 parent d18ca19b
Showing 4 changed files with 12 additions and 1 deletions
application/src/main/java/org/thingsboard/server/controller/BaseController.java
ui/src/app/app.run.js
ui/src/app/dashboard/dashboard.controller.js
ui/src/app/dashboard/dashboard.tpl.html
--- a/application/src/main/java/org/thingsboard/server/controller/BaseController.java
View file @4971e30
+++ b/application/src/main/java/org/thingsboard/server/controller/BaseController.java
View file @4971e30
@@ -317,6 +317,13 @@ public abstract class BaseController {
     private void checkDashboard(Dashboard dashboard) throws ThingsboardException {
         checkNotNull(dashboard);
         checkTenantId(dashboard.getTenantId());
+        SecurityUser authUser = getCurrentUser();
+        if (authUser.getAuthority() == Authority.CUSTOMER_USER) {
+            if (dashboard.getCustomerId() == null || dashboard.getCustomerId().getId().equals(ModelConstants.NULL_UUID)) {
+                throw new ThingsboardException("You don't have permission to perform this operation!",
+                        ThingsboardErrorCode.PERMISSION_DENIED);
+            }
+        }
         if (dashboard.getCustomerId() != null && !dashboard.getCustomerId().getId().equals(ModelConstants.NULL_UUID)) {
             checkCustomerId(dashboard.getCustomerId());
         }
--- a/ui/src/app/app.run.js
View file @4971e30
+++ b/ui/src/app/app.run.js
View file @4971e30
@@ -23,7 +23,10 @@ export default function AppRun($rootScope, $window, $log, $state, $mdDialog, $fi
     var unauthorizedDialog = null;
     var forbiddenDialog = null;
 
+    $rootScope.iframeMode = false;
+
     if (frame) {
+        $rootScope.iframeMode = true;
         var dataWidgetAttr = angular.element(frame).attr('data-widget');
         if (dataWidgetAttr) {
             $rootScope.editWidgetInfo = angular.fromJson(dataWidgetAttr);
--- a/ui/src/app/dashboard/dashboard.controller.js
View file @4971e30
+++ b/ui/src/app/dashboard/dashboard.controller.js
View file @4971e30
@@ -43,6 +43,7 @@ export default function DashboardController(types, widgetService, userService,
     vm.rpcWidgetTypes = [];
     vm.staticWidgetTypes = [];
     vm.widgetEditMode = $state.$current.data.widgetEditMode;
+    vm.iframeMode = $rootScope.iframeMode;
     vm.widgets = [];
 
     vm.addWidget = addWidget;
--- a/ui/src/app/dashboard/dashboard.tpl.html
View file @4971e30
+++ b/ui/src/app/dashboard/dashboard.tpl.html
View file @4971e30
@@ -15,7 +15,7 @@
     limitations under the License.
 
 -->
-<md-content flex tb-expand-fullscreen="vm.widgetEditMode" hide-expand-button="vm.widgetEditMode">
+<md-content flex tb-expand-fullscreen="vm.widgetEditMode || vm.iframeMode" hide-expand-button="vm.widgetEditMode || vm.iframeMode">
     <!--section ng-show="!vm.isAddingWidget && !loading && !vm.widgetEditMode" layout="row" layout-wrap
              class="tb-header-buttons tb-top-header-buttons md-fab" ng-style="{'right': '50px'}">
         <md-button ng-if="vm.isTenantAdmin()" ng-show="vm.isEdit" ng-disabled="loading"