Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-08-15 19:50:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implemented user group permission query in the web app.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2020-01-04 13:19:32 -08:00
parent a85dc11ba3
commit 13cf8c12eb
3 changed files with 95 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
views/default-mobile.handlebars
View File

@ -3425,37 +3425,63 @@
//
// Get the right of a user on a given device group
function GetMeshRights(mesh, user) {
function GetMeshRights(mesh, userid) {
if (mesh == null) { return 0; }
if (user == null) { user = userinfo._id; }
if (userid == null) { userid = userinfo._id; }
if (typeof mesh == 'string') { mesh = meshes[mesh] }
if ((mesh == null) || (mesh.links == null)) { return 0; }
var rights = mesh.links[user];
if (rights == null) { return 0; }
return rights.rights;
// Check direct link permission
var rights = 0, r = mesh.links[userid];
if (r != null) {
rights = r.rights;
if (rights == 0xFFFFFFFF) { return rights; } // User has full rights thru a direct link, stop here.
}
// Check permissions thru user groups
var user = null;
if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } }
if (user != null) {
for (var i in user.links) {
if (i.startsWith('ugrp/')) {
r = mesh.links[i];
if (r != null) {
if (r.rights == 0xFFFFFFFF) { return r.rights; } // User has full rights thru a user group, stop here.
rights |= r.rights; // TODO: Deal with reverse permissions
}
}
}
}
return rights;
}
// Returns true if the user can view the given device group
function IsMeshViewable(mesh, user) {
if (mesh == null) { return 0; }
if (user == null) { user = userinfo._id; }
function IsMeshViewable(mesh, userid) {
if (mesh == null) { return false; }
if (userid == null) { userid = userinfo._id; }
if (typeof mesh == 'string') { mesh = meshes[mesh] }
if ((mesh == null) || (mesh.links == null)) { return false; }
var rights = mesh.links[user];
if (rights == null) { return false; }
return true;
if (mesh.links[userid] != null) { return true; } // User has visilibity thru a direct link
// Check permissions thru user groups
var user = null;
if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } }
if (user != null) {
for (var i in user.links) {
if ((i.startsWith('ugrp/')) && (mesh.links[i] != null)) { return true; } // User has visilibity thru a user group
}
}
return rights;
}
// Return the user rights for a given node
function GetNodeRights(node, user) {
function GetNodeRights(node, userid) {
if (node == null) { return 0; }
if (user == null) { user = userinfo._id; }
if (userid == null) { userid = userinfo._id; }
if (typeof node == 'string') { node = getNodeFromId(node); if (node == null) { return 0; } }
var mesh = meshes[node.meshid];
if ((mesh == null) || (mesh.links == null)) { return 0; }
var meshlinks = mesh.links[user];
if (meshlinks == null) { return 0; }
return meshlinks.rights;
return GetMeshRights(node.meshid, userid);
}
//

62
views/default.handlebars
View File

@ -10539,37 +10539,63 @@
//
// Get the right of a user on a given device group
function GetMeshRights(mesh, user) {
function GetMeshRights(mesh, userid) {
if (mesh == null) { return 0; }
if (user == null) { user = userinfo._id; }
if (userid == null) { userid = userinfo._id; }
if (typeof mesh == 'string') { mesh = meshes[mesh] }
if ((mesh == null) || (mesh.links == null)) { return 0; }
var rights = mesh.links[user];
if (rights == null) { return 0; }
return rights.rights;
// Check direct link permission
var rights = 0, r = mesh.links[userid];
if (r != null) {
rights = r.rights;
if (rights == 0xFFFFFFFF) { return rights; } // User has full rights thru a direct link, stop here.
}
// Check permissions thru user groups
var user = null;
if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } }
if (user != null) {
for (var i in user.links) {
if (i.startsWith('ugrp/')) {
r = mesh.links[i];
if (r != null) {
if (r.rights == 0xFFFFFFFF) { return r.rights; } // User has full rights thru a user group, stop here.
rights |= r.rights; // TODO: Deal with reverse permissions
}
}
}
}
return rights;
}
// Returns true if the user can view the given device group
function IsMeshViewable(mesh, user) {
if (mesh == null) { return 0; }
if (user == null) { user = userinfo._id; }
function IsMeshViewable(mesh, userid) {
if (mesh == null) { return false; }
if (userid == null) { userid = userinfo._id; }
if (typeof mesh == 'string') { mesh = meshes[mesh] }
if ((mesh == null) || (mesh.links == null)) { return false; }
var rights = mesh.links[user];
if (rights == null) { return false; }
return true;
if (mesh.links[userid] != null) { return true; } // User has visilibity thru a direct link
// Check permissions thru user groups
var user = null;
if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } }
if (user != null) {
for (var i in user.links) {
if ((i.startsWith('ugrp/')) && (mesh.links[i] != null)) { return true; } // User has visilibity thru a user group
}
}
return rights;
}
// Return the user rights for a given node
function GetNodeRights(node, user) {
function GetNodeRights(node, userid) {
if (node == null) { return 0; }
if (user == null) { user = userinfo._id; }
if (userid == null) { userid = userinfo._id; }
if (typeof node == 'string') { node = getNodeFromId(node); if (node == null) { return 0; } }
var mesh = meshes[node.meshid];
if ((mesh == null) || (mesh.links == null)) { return 0; }
var meshlinks = mesh.links[user];
if (meshlinks == null) { return 0; }
return meshlinks.rights;
return GetMeshRights(node.meshid, userid);
}
//

11
webserver.js
View File

@ -4025,14 +4025,17 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} else return 0;
// Check direct user to device group permissions
var rights = 0;
r = user.links[meshid];
if ((r != null) && (r.rights == 0xFFFFFFFF)) { return r.rights; } // If the user has full access thru direct link, stop here.
var rights = r.rights;
if (r != null) {
var rights = r.rights;
if (rights == 0xFFFFFFFF) { return rights; } // If the user has full access thru direct link, stop here.
}
// Check if we are part of any user groups that would give this user more access.
for (var i in user.links) {
if (i.startsWith('ugrp')) {
const g = obj.usersGroups[i];
const g = obj.userGroups[i];
if (g) {
r = g.links[meshid];
if (r != null) {
@ -4068,7 +4071,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Check if we are part of any user groups that would give this user visibility to this device group.
for (var i in user.links) {
if (i.startsWith('ugrp')) {
const g = obj.usersGroups[i];
const g = obj.userGroups[i];
if (g && (g.links[meshid] != null)) { return true; } // If the user has a user group link, stop here.
}
}