Fix review comments

Author: hardillb

forge/comms/v2AuthRoutes.js

@@ -42,7 +42,7 @@ module.exports = async function (app) {
                     result: 'allow',
                     is_superuser: false,
                     client_attrs: {
-                        team: 'ff/v1/internal/c/'
+                        team: ''
                     }
                 })
             } else {

forge/db/migrations/20241010-01-EE-add-teambroker-client.js renamed to forge/db/migrations/20241021-01-EE-add-teambroker-client.js

@@ -39,6 +39,7 @@ module.exports = async function (app) {
      * @memberof forge.routes.api.team.broker
      */
     app.get('/clients', {
+        preHandler: app.needsPermission('broker:clients:list'),
         schema: {
             summary: 'List MQTT clients for the team',
             tags: ['MQTT Broker'],
@@ -80,7 +81,7 @@ module.exports = async function (app) {
      * @memberof forge.routes.api.team.broker
      */
     app.post('/client', {
-        preHandler: app.needsPermission('project:create'),
+        preHandler: app.needsPermission('broker:clients:create'),
         schema: {
             summary: 'Create new MQTT client for the team',
             tags: ['MQTT Broker'],
@@ -139,6 +140,7 @@ module.exports = async function (app) {
      * @memberof forge.routes.api.team.broker
      */
     app.get('/client/:username', {
+        preHandler: app.needsPermission('broker:clients:list'),
         schema: {
             summary: 'Get details about a specific MQTT client',
             tags: ['MQTT Broker'],
@@ -181,8 +183,8 @@ module.exports = async function (app) {
      * @static
      * @memberof forge.routes.api.team.broker
      */
-    app.patch('/client/:username', {
-        preHandler: app.needsPermission('project:create'),
+    app.put('/client/:username', {
+        preHandler: app.needsPermission('broker:clients:edit'),
         schema: {
             summary: 'Modify a MQTT Client',
             tags: ['MQTT Broker'],
@@ -264,7 +266,7 @@ module.exports = async function (app) {
      * @memberof forge.routes.api.team.broker
      */
     app.delete('/client/:username', {
-        preHandler: app.needsPermission('project:create'),
+        preHandler: app.needsPermission('broker:clients:delete'),
         schema: {
             summary: 'Delete a MQTT client',
             tags: ['MQTT Broker'],

forge/ee/routes/teamBroker/index.js

@@ -172,7 +172,13 @@ const Permissions = {
     'project:files:list': { description: 'List files under a project', role: Roles.Member },
     'project:files:create': { description: 'Upload files to a project', role: Roles.Member },
     'project:files:edit': { description: 'Modify files in a project', role: Roles.Member },
-    'project:files:delete': { description: 'Delete files in a project', role: Roles.Member }
+    'project:files:delete': { description: 'Delete files in a project', role: Roles.Member },
+
+    // Team Broker
+    'broker:clients:list': { description: 'List Team Broker clients', role: Roles.Member },
+    'broker:clients:create': { description: 'Create Team Broker clients', role: Roles.Admin },
+    'broker:clients:edit': { description: 'Edit Team Broker clients', role: Roles.Admin },
+    'broker:clients:delete': { description: 'Delete Team Broker clients', role: Roles.Admin }
 }
 
 module.exports = {

forge/lib/permissions.js

@@ -4,7 +4,7 @@ const setup = require('../../setup')
 
 const MAX_BROKER_USERS = 5
 
-describe('Team Broker API', function () {
+describe.only('Team Broker API', function () {
     let app
     const TestObjects = { tokens: {} }
 
@@ -101,7 +101,7 @@ describe('Team Broker API', function () {
 
         it('Modify an existing MQTT broker user for a team', async function () {
             const response = await app.inject({
-                method: 'PATCH',
+                method: 'PUT',
                 url: `/api/v1/teams/${app.team.hashid}/broker/client/alice`,
                 body: {
                     acls: [
@@ -264,7 +264,7 @@ describe('Team Broker API', function () {
         })
         it('Test Authentication pass after password change', async function () {
             let response = await app.inject({
-                method: 'PATCH',
+                method: 'PUT',
                 url: `/api/v1/teams/${app.team.hashid}/broker/client/alice`,
                 body: {
                     password: 'ccPassword'
@@ -399,7 +399,7 @@ describe('Team Broker API', function () {
             result.should.have.property('result', 'allow')
             result.should.have.property('is_superuser', false)
             result.should.have.property('client_attrs')
-            result.client_attrs.should.have.property('team', 'ff/v1/internal/c/')
+            result.client_attrs.should.have.property('team', '')
         })
         it('Test Authentication forge_platform fail', async function () {
             const response = await app.inject({