From 13cf8c12eb46c604c9b5d6b189c5c23b1c803f1e Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Sat, 4 Jan 2020 13:19:32 -0800 Subject: [PATCH] Implemented user group permission query in the web app. --- views/default-mobile.handlebars | 62 +++++++++++++++++++++++---------- views/default.handlebars | 62 +++++++++++++++++++++++---------- webserver.js | 11 +++--- 3 files changed, 95 insertions(+), 40 deletions(-) diff --git a/views/default-mobile.handlebars b/views/default-mobile.handlebars index 5da2ee06..34f4353a 100644 --- a/views/default-mobile.handlebars +++ b/views/default-mobile.handlebars @@ -3425,37 +3425,63 @@ // // Get the right of a user on a given device group - function GetMeshRights(mesh, user) { + function GetMeshRights(mesh, userid) { if (mesh == null) { return 0; } - if (user == null) { user = userinfo._id; } + if (userid == null) { userid = userinfo._id; } if (typeof mesh == 'string') { mesh = meshes[mesh] } if ((mesh == null) || (mesh.links == null)) { return 0; } - var rights = mesh.links[user]; - if (rights == null) { return 0; } - return rights.rights; + + // Check direct link permission + var rights = 0, r = mesh.links[userid]; + if (r != null) { + rights = r.rights; + if (rights == 0xFFFFFFFF) { return rights; } // User has full rights thru a direct link, stop here. + } + + // Check permissions thru user groups + var user = null; + if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } } + if (user != null) { + for (var i in user.links) { + if (i.startsWith('ugrp/')) { + r = mesh.links[i]; + if (r != null) { + if (r.rights == 0xFFFFFFFF) { return r.rights; } // User has full rights thru a user group, stop here. + rights |= r.rights; // TODO: Deal with reverse permissions + } + } + } + } + + return rights; } // Returns true if the user can view the given device group - function IsMeshViewable(mesh, user) { - if (mesh == null) { return 0; } - if (user == null) { user = userinfo._id; } + function IsMeshViewable(mesh, userid) { + if (mesh == null) { return false; } + if (userid == null) { userid = userinfo._id; } if (typeof mesh == 'string') { mesh = meshes[mesh] } if ((mesh == null) || (mesh.links == null)) { return false; } - var rights = mesh.links[user]; - if (rights == null) { return false; } - return true; + if (mesh.links[userid] != null) { return true; } // User has visilibity thru a direct link + + // Check permissions thru user groups + var user = null; + if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } } + if (user != null) { + for (var i in user.links) { + if ((i.startsWith('ugrp/')) && (mesh.links[i] != null)) { return true; } // User has visilibity thru a user group + } + } + + return rights; } // Return the user rights for a given node - function GetNodeRights(node, user) { + function GetNodeRights(node, userid) { if (node == null) { return 0; } - if (user == null) { user = userinfo._id; } + if (userid == null) { userid = userinfo._id; } if (typeof node == 'string') { node = getNodeFromId(node); if (node == null) { return 0; } } - var mesh = meshes[node.meshid]; - if ((mesh == null) || (mesh.links == null)) { return 0; } - var meshlinks = mesh.links[user]; - if (meshlinks == null) { return 0; } - return meshlinks.rights; + return GetMeshRights(node.meshid, userid); } // diff --git a/views/default.handlebars b/views/default.handlebars index 9774ba7a..b58299bc 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -10539,37 +10539,63 @@ // // Get the right of a user on a given device group - function GetMeshRights(mesh, user) { + function GetMeshRights(mesh, userid) { if (mesh == null) { return 0; } - if (user == null) { user = userinfo._id; } + if (userid == null) { userid = userinfo._id; } if (typeof mesh == 'string') { mesh = meshes[mesh] } if ((mesh == null) || (mesh.links == null)) { return 0; } - var rights = mesh.links[user]; - if (rights == null) { return 0; } - return rights.rights; + + // Check direct link permission + var rights = 0, r = mesh.links[userid]; + if (r != null) { + rights = r.rights; + if (rights == 0xFFFFFFFF) { return rights; } // User has full rights thru a direct link, stop here. + } + + // Check permissions thru user groups + var user = null; + if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } } + if (user != null) { + for (var i in user.links) { + if (i.startsWith('ugrp/')) { + r = mesh.links[i]; + if (r != null) { + if (r.rights == 0xFFFFFFFF) { return r.rights; } // User has full rights thru a user group, stop here. + rights |= r.rights; // TODO: Deal with reverse permissions + } + } + } + } + + return rights; } // Returns true if the user can view the given device group - function IsMeshViewable(mesh, user) { - if (mesh == null) { return 0; } - if (user == null) { user = userinfo._id; } + function IsMeshViewable(mesh, userid) { + if (mesh == null) { return false; } + if (userid == null) { userid = userinfo._id; } if (typeof mesh == 'string') { mesh = meshes[mesh] } if ((mesh == null) || (mesh.links == null)) { return false; } - var rights = mesh.links[user]; - if (rights == null) { return false; } - return true; + if (mesh.links[userid] != null) { return true; } // User has visilibity thru a direct link + + // Check permissions thru user groups + var user = null; + if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } } + if (user != null) { + for (var i in user.links) { + if ((i.startsWith('ugrp/')) && (mesh.links[i] != null)) { return true; } // User has visilibity thru a user group + } + } + + return rights; } // Return the user rights for a given node - function GetNodeRights(node, user) { + function GetNodeRights(node, userid) { if (node == null) { return 0; } - if (user == null) { user = userinfo._id; } + if (userid == null) { userid = userinfo._id; } if (typeof node == 'string') { node = getNodeFromId(node); if (node == null) { return 0; } } - var mesh = meshes[node.meshid]; - if ((mesh == null) || (mesh.links == null)) { return 0; } - var meshlinks = mesh.links[user]; - if (meshlinks == null) { return 0; } - return meshlinks.rights; + return GetMeshRights(node.meshid, userid); } // diff --git a/webserver.js b/webserver.js index a839b720..6a4a4e5e 100644 --- a/webserver.js +++ b/webserver.js @@ -4025,14 +4025,17 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { } else return 0; // Check direct user to device group permissions + var rights = 0; r = user.links[meshid]; - if ((r != null) && (r.rights == 0xFFFFFFFF)) { return r.rights; } // If the user has full access thru direct link, stop here. - var rights = r.rights; + if (r != null) { + var rights = r.rights; + if (rights == 0xFFFFFFFF) { return rights; } // If the user has full access thru direct link, stop here. + } // Check if we are part of any user groups that would give this user more access. for (var i in user.links) { if (i.startsWith('ugrp')) { - const g = obj.usersGroups[i]; + const g = obj.userGroups[i]; if (g) { r = g.links[meshid]; if (r != null) { @@ -4068,7 +4071,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Check if we are part of any user groups that would give this user visibility to this device group. for (var i in user.links) { if (i.startsWith('ugrp')) { - const g = obj.usersGroups[i]; + const g = obj.userGroups[i]; if (g && (g.links[meshid] != null)) { return true; } // If the user has a user group link, stop here. } }