Showing
4 changed files
with
12 additions
and
1 deletions
| @@ -317,6 +317,13 @@ public abstract class BaseController { | @@ -317,6 +317,13 @@ public abstract class BaseController { | ||
| 317 | private void checkDashboard(Dashboard dashboard) throws ThingsboardException { | 317 | private void checkDashboard(Dashboard dashboard) throws ThingsboardException { |
| 318 | checkNotNull(dashboard); | 318 | checkNotNull(dashboard); |
| 319 | checkTenantId(dashboard.getTenantId()); | 319 | checkTenantId(dashboard.getTenantId()); |
| 320 | + SecurityUser authUser = getCurrentUser(); | ||
| 321 | + if (authUser.getAuthority() == Authority.CUSTOMER_USER) { | ||
| 322 | + if (dashboard.getCustomerId() == null || dashboard.getCustomerId().getId().equals(ModelConstants.NULL_UUID)) { | ||
| 323 | + throw new ThingsboardException("You don't have permission to perform this operation!", | ||
| 324 | + ThingsboardErrorCode.PERMISSION_DENIED); | ||
| 325 | + } | ||
| 326 | + } | ||
| 320 | if (dashboard.getCustomerId() != null && !dashboard.getCustomerId().getId().equals(ModelConstants.NULL_UUID)) { | 327 | if (dashboard.getCustomerId() != null && !dashboard.getCustomerId().getId().equals(ModelConstants.NULL_UUID)) { |
| 321 | checkCustomerId(dashboard.getCustomerId()); | 328 | checkCustomerId(dashboard.getCustomerId()); |
| 322 | } | 329 | } |
| @@ -23,7 +23,10 @@ export default function AppRun($rootScope, $window, $log, $state, $mdDialog, $fi | @@ -23,7 +23,10 @@ export default function AppRun($rootScope, $window, $log, $state, $mdDialog, $fi | ||
| 23 | var unauthorizedDialog = null; | 23 | var unauthorizedDialog = null; |
| 24 | var forbiddenDialog = null; | 24 | var forbiddenDialog = null; |
| 25 | 25 | ||
| 26 | + $rootScope.iframeMode = false; | ||
| 27 | + | ||
| 26 | if (frame) { | 28 | if (frame) { |
| 29 | + $rootScope.iframeMode = true; | ||
| 27 | var dataWidgetAttr = angular.element(frame).attr('data-widget'); | 30 | var dataWidgetAttr = angular.element(frame).attr('data-widget'); |
| 28 | if (dataWidgetAttr) { | 31 | if (dataWidgetAttr) { |
| 29 | $rootScope.editWidgetInfo = angular.fromJson(dataWidgetAttr); | 32 | $rootScope.editWidgetInfo = angular.fromJson(dataWidgetAttr); |
| @@ -43,6 +43,7 @@ export default function DashboardController(types, widgetService, userService, | @@ -43,6 +43,7 @@ export default function DashboardController(types, widgetService, userService, | ||
| 43 | vm.rpcWidgetTypes = []; | 43 | vm.rpcWidgetTypes = []; |
| 44 | vm.staticWidgetTypes = []; | 44 | vm.staticWidgetTypes = []; |
| 45 | vm.widgetEditMode = $state.$current.data.widgetEditMode; | 45 | vm.widgetEditMode = $state.$current.data.widgetEditMode; |
| 46 | + vm.iframeMode = $rootScope.iframeMode; | ||
| 46 | vm.widgets = []; | 47 | vm.widgets = []; |
| 47 | 48 | ||
| 48 | vm.addWidget = addWidget; | 49 | vm.addWidget = addWidget; |
| @@ -15,7 +15,7 @@ | @@ -15,7 +15,7 @@ | ||
| 15 | limitations under the License. | 15 | limitations under the License. |
| 16 | 16 | ||
| 17 | --> | 17 | --> |
| 18 | -<md-content flex tb-expand-fullscreen="vm.widgetEditMode" hide-expand-button="vm.widgetEditMode"> | 18 | +<md-content flex tb-expand-fullscreen="vm.widgetEditMode || vm.iframeMode" hide-expand-button="vm.widgetEditMode || vm.iframeMode"> |
| 19 | <!--section ng-show="!vm.isAddingWidget && !loading && !vm.widgetEditMode" layout="row" layout-wrap | 19 | <!--section ng-show="!vm.isAddingWidget && !loading && !vm.widgetEditMode" layout="row" layout-wrap |
| 20 | class="tb-header-buttons tb-top-header-buttons md-fab" ng-style="{'right': '50px'}"> | 20 | class="tb-header-buttons tb-top-header-buttons md-fab" ng-style="{'right': '50px'}"> |
| 21 | <md-button ng-if="vm.isTenantAdmin()" ng-show="vm.isEdit" ng-disabled="loading" | 21 | <md-button ng-if="vm.isTenantAdmin()" ng-show="vm.isEdit" ng-disabled="loading" |