Introduction
The developed functionality is related to the authorization of delegation in viewing or in modifying a device to a specific user or group.
The three types of delegations are now available:
- READ_ACCESS: allows the delegated user to view the device and the data connected to it. This is the minimum delegation level and is used as the default value for each delegation;
- READ_WRITE: allows the delegated user to add new data to the sensor in addition to all READ_ACCESS operations;
- MODIFY: allows the delegated user to modify the attributes and settings of the sensor in addition to all READ_WRITE operations.
Please note: the deletion of a device cannot be delegated and is available only to the owner of the device.
The user interface for selecting the type of delegation to the user has been changed.
A select has been added related to the type of delegation both in the modal of personal and group delegations and a column in the table of current delegations.
In the format function, a control on proxies has been added to decide whether or not to show the "NEW DATA IN" button for inserting new data into the device
In the fetch_data function, a control on proxies has been added to decide whether or not to show the "EDIT" button for changing the device.
The functions for adding a new delegation (group or personal) have been updated in order to pass the value selected in the select addition in devices.php
Test
Adding a personal delegation in READ_ACCESS
Through the user who owns the device, in the ownership modal, a new READ_ACCESS delegation is added to the delegated user.
The delegated user:
- Correctly sees the device in the list of delegated devices and in the data inspector
- Does not have permissions to add new data to the device
- Doesn't have permissions to modify the device
Device info table accessible by the delegated user
Adding a group delegation in READ_ACCESS
Through the user who owns the device, in the ownership modal, a new READ_ACCESS delegation is added to a group.
Users belonging to the delegated group:
- They correctly see the device in the list of delegated devices and in the data inspector
- They do not have permission to modify the device or add new data
Adding a personal delegation in READ_WRITE
Through the user who owns the device, in the ownership modal, a new READ_WRITE delegation is added to the delegated user.
The delegated user:
- Correctly sees the device in the list of delegated devices and in the data inspector
- You can add new data through the "NEW DATA IN" button and through the NODE RED application
- Does not have permissions to modify device properties
Device info detailed view available by the delegated user (in addition to READ_ACCESS, the NEW_DATA_IN button is also available)
Adding a group delegation in READ_WRITE
Through the user who owns the device, in the ownership modal, a new READ_WRITE delegation is added to a group.
Users belonging to the delegated group:
- They correctly see the device in the list of delegated devices and in the data inspector
- They can add new data through the "NEW DATA IN" button and through the NODE RED application
- They do not have the permissions to modify the properties of the device.
Adding a personal delegation in MODIFY
Through the user who owns the device, in the ownership modal, a new MODIFY delegation is added to the delegated user.
The delegated user:
- Correctly sees the device in the list of delegated devices and in the data inspector
- You can add new data through the "NEW DATA IN" button and through the NODE RED application
- Can modify the device properties through the "EDIT" button
Device info detailed view available by the delegated user (in addition to READ_WRITE, the EDIT button is also available)
Adding a group delegation in MODIFY
Through the user who owns the device, in the ownership modal, a new MODIFY delegation is added to a group.
Users belonging to the delegated group:
- They correctly see the device in the list of delegated devices and in the data inspector
- They can add new data through the "NEW DATA IN" button and through the NODE RED application
- They can modify the device properties through the "EDIT" button
Addition of multiple delegations of different types
A test has also been carried out by assigning different delegations to a user with different types: delegations can be both single and to a group and of any type.
In each configuration, the system always considers the highest level delegation assigned to the requested user, in this way the permissions on the device are correctly assigned.
Adding delegations on a public device
It is also possible to assign different delegations to a public device. As above, the system always considers delegation to be of the highest level, overriding permissions on the public device where necessary.
