add concept of user/session permissions

(I also considered the names "capabilities" and "scopes", but I think "permissions" is the most widely understood.) This is increasingly necessary as the web API becomes more capable. Among other things, it allows: * non-administrator users who can view but not access camera passwords or change any state * workers that update signal state based on cameras' built-in motion detection or a security system's events but don't need to view videos * control over what can be done without authenticating Currently session permissions are just copied from user permissions, but you can also imagine admin sessions vs not, as a checkbox when signing in. This would match the standard Unix workflow of using a non-administrative session most of the time. Relevant to my current signals work (#28) and to the addition of an administrative API (#35, including #66).
2025-11-20 09:56:07 -05:00 · 2019-06-19 15:17:50 -07:00
parent d8b8d5d5e0
commit fda7e4ca2b
23 changed files with 336 additions and 741 deletions
--- a/ui-src/NVRApplication.js
+++ b/ui-src/NVRApplication.js
@@ -215,7 +215,7 @@ function fetch(selectedRange, videoLength) {
 function updateSession(session) {
  let sessionBar = $('#session');
  sessionBar.empty();
-  if (session === null) {
+  if (session === null || session === undefined) {
    sessionBar.hide();
    return;
  }
@@ -247,7 +247,7 @@ function updateSession(session) {
 */
 function onReceivedTopLevel(data) {
  if (data === null) {
-    data = {cameras: [], session: null, timeZoneName: null};
+    data = {cameras: [], timeZoneName: null};
  }

  newTimeZone(data.timeZoneName);