Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-11-23 06:34:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

Many access control fixes.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2020-04-17 15:02:53 -07:00
parent ebc845d46f
commit 19a65630fc
4 changed files with 635 additions and 609 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
meshuser.js
View File

@ -291,8 +291,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// If we have the rights to see users in a group, send the group as is. // If we have the rights to see users in a group, send the group as is.
ws.send(JSON.stringify({ action: 'event', event: event })); ws.send(JSON.stringify({ action: 'event', event: event }));
} else { } else {
// We don't have the rights to see user groups, remove the links. // We don't have the rights to see otehr users in the user group, remove the links that are not for ourselves.
ws.send(JSON.stringify({ action: 'event', event: { ugrpid: event.ugrpid, domain: event.domain, time: event.time, name: event.name, action: event.action, username: event.username, h: event.h } })); var links = {};
if (event.links) { for (var i in event.links) { if ((i == user._id) || i.startsWith('mesh/') || i.startsWith('node/')) { links[i] = event.links[i]; } } }
ws.send(JSON.stringify({ action: 'event', event: { ugrpid: event.ugrpid, domain: event.domain, time: event.time, name: event.name, action: event.action, username: event.username, links: links, h: event.h } }));
} }
} else { } else {
// This is not a device group event, we can get this event. // This is not a device group event, we can get this event.
@ -2455,7 +2457,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
command.userids = []; command.userids = [];
for (var i in command.usernames) { command.userids.push('user/' + domain.id + '/' + command.usernames[i].toLowerCase()); } for (var i in command.usernames) { command.userids.push('user/' + domain.id + '/' + command.usernames[i].toLowerCase()); }
} }
var unknownUsers = [], successCount = 0, failCount = 0, msgs = []; var unknownUsers = [], successCount = 0, failCount = 0, msgs = [];
for (var i in command.userids) { for (var i in command.userids) {
// Check if the user exists // Check if the user exists
@ -2471,11 +2472,20 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if (newuser != null) { if (newuser != null) {
// Can't add or modify self // Can't add or modify self
if (newuserid == obj.user._id) { errors.push("Can't add self."); continue; } if (newuserid == obj.user._id) { errors.push("Can't change self."); continue; }
// Add mesh to user or user group if (command.remove === true) {
if (newuser.links == null) { newuser.links = {}; } // Remove mesh from user or user group
if (newuser.links[command.meshid]) { newuser.links[command.meshid].rights = command.meshadmin; } else { newuser.links[command.meshid] = { rights: command.meshadmin }; } var selfMeshRights = parent.GetMeshRights(user, mesh);
var delmeshrights = 0;
if (newuser.links[command.meshid]) { delmeshrights = newuser.links[command.meshid].rights; }
if ((delmeshrights == 0xFFFFFFFF) && (selfMeshRights != 0xFFFFFFFF)) { console.log('ttt', delmeshrights, selfMeshRights); errors.push("Can't remove device group administrator."); continue; } // A non-admin can't kick out an admin
delete newuser.links[command.meshid];
} else {
// Add mesh to user or user group
if (newuser.links == null) { newuser.links = {}; }
if (newuser.links[command.meshid]) { newuser.links[command.meshid].rights = command.meshadmin; } else { newuser.links[command.meshid] = { rights: command.meshadmin }; }
}
if (newuserid.startsWith('user/')) { db.SetUser(newuser); } if (newuserid.startsWith('user/')) { db.SetUser(newuser); }
else if (newuserid.startsWith('ugrp/')) { db.Set(newuser); } else if (newuserid.startsWith('ugrp/')) { db.Set(newuser); }
parent.parent.DispatchEvent([newuser._id], obj, 'resubscribe'); parent.parent.DispatchEvent([newuser._id], obj, 'resubscribe');
@ -2494,15 +2504,23 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
parent.parent.DispatchEvent(targets, obj, event); parent.parent.DispatchEvent(targets, obj, event);
} }
// Add userid to the mesh var event;
mesh.links[newuserid] = { name: newuser.name, rights: command.meshadmin }; if (command.remove === true) {
db.Set(mesh); // Remove userid from the mesh
delete mesh.links[newuserid];
db.Set(mesh);
event = { etype: 'mesh', username: newuser.name, userid: user._id, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: 'Removed user ' + newuser.name + ' from mesh ' + mesh.name, domain: domain.id, invite: mesh.invite };
} else {
// Add userid to the mesh
mesh.links[newuserid] = { name: newuser.name, rights: command.meshadmin };
db.Set(mesh);
event = { etype: 'mesh', username: newuser.name, userid: user._id, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: 'Added user ' + newuser.name + ' to mesh ' + mesh.name, domain: domain.id, invite: mesh.invite };
}
// Notify mesh change // Notify mesh change
var event = { etype: 'mesh', username: newuser.name, userid: user._id, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: 'Added user ' + newuser.name + ' to mesh ' + mesh.name, domain: domain.id, invite: mesh.invite };
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come. if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(mesh, [user._id, newuserid]), obj, event); parent.parent.DispatchEvent(parent.CreateMeshDispatchTargets(mesh, [user._id, newuserid]), obj, event);
msgs.push("Added user " + newuserid.split('/')[2]); if (command.remove === true) { msgs.push("Removed user " + newuserid.split('/')[2]); } else { msgs.push("Added user " + newuserid.split('/')[2]); }
successCount++; successCount++;
} else { } else {
msgs.push("Unknown user " + newuserid.split('/')[2]); msgs.push("Unknown user " + newuserid.split('/')[2]);
@ -2580,7 +2598,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Add this user to the dispatch target list // Add this user to the dispatch target list
dispatchTargets.push(newuser._id); dispatchTargets.push(newuser._id);
if (command.rights == 0) { if (command.remove === true) {
// Remove link to this user // Remove link to this user
if (newuser.links != null) { if (newuser.links != null) {
delete newuser.links[command.nodeid]; delete newuser.links[command.nodeid];
@ -2692,7 +2710,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Remove mesh from user // Remove mesh from user
if (deluser.links != null && deluser.links[command.meshid] != null) { if (deluser.links != null && deluser.links[command.meshid] != null) {
var delmeshrights = deluser.links[command.meshid].rights; var delmeshrights = deluser.links[command.meshid].rights;
if ((delmeshrights == 0xFFFFFFFF) && (mesh.links[deluserid].rights != 0xFFFFFFFF)) return; // A non-admin can't kick out an admin if ((delmeshrights == 0xFFFFFFFF) && (parent.GetMeshRights(user, mesh) != 0xFFFFFFFF)) return; // A non-admin can't kick out an admin
delete deluser.links[command.meshid]; delete deluser.links[command.meshid];
if (deluserid.startsWith('user/')) { db.SetUser(deluser); } if (deluserid.startsWith('user/')) { db.SetUser(deluser); }
else if (deluserid.startsWith('ugrp/')) { db.Set(deluser); } else if (deluserid.startsWith('ugrp/')) { db.Set(deluser); }

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "0.5.3", "version": "0.5.4",
"keywords": [ "keywords": [
"Remote Management", "Remote Management",
"Intel AMT", "Intel AMT",

953
translate/translate.json
View File

File diff suppressed because it is too large Load Diff

243
views/default.handlebars
View File

@ -301,37 +301,39 @@
</div> </div>
<div id=p2 style="display:none"> <div id=p2 style="display:none">
<div id="p2title"><h1>My Account</h1></div> <div id="p2title"><h1>My Account</h1></div>
<img id="p2AccountImage" alt="" src="images/clipboard-128.png" /> <div id="p2info" style="overflow-y:auto">
<div id="p2AccountSecurity" style="display:none"> <img id="p2AccountImage" alt="" src="images/clipboard-128.png" />
<p><strong>Account security</strong></p> <div id="p2AccountSecurity" style="display:none">
<div style="margin-left:25px"> <p><strong>Account security</strong></p>
<div id="manageEmail2FA"><div class="p2AccountActions"><span id="authEmailSetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageAuthEmail()">Manage email authentication</a><br /></span></div> <div style="margin-left:25px">
<div id="manageAuthApp"><div class="p2AccountActions"><span id="authAppSetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageAuthApp()">Manage authenticator app</a><br /></span></div> <div id="manageEmail2FA"><div class="p2AccountActions"><span id="authEmailSetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageAuthEmail()">Manage email authentication</a><br /></span></div>
<div id="manageHardwareOtp"><div class="p2AccountActions"><span id="authKeySetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageHardwareOtp(0)">Manage security keys</a><br /></span></div> <div id="manageAuthApp"><div class="p2AccountActions"><span id="authAppSetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageAuthApp()">Manage authenticator app</a><br /></span></div>
<div id="manageOtp"><div class="p2AccountActions"><span id="authCodesSetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageOtp(0)">Manage backup codes</a><br /></span></div> <div id="manageHardwareOtp"><div class="p2AccountActions"><span id="authKeySetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageHardwareOtp(0)">Manage security keys</a><br /></span></div>
<div id="manageOtp"><div class="p2AccountActions"><span id="authCodesSetupCheck"><strong>&#x2713;</strong></span></div><span><a href=# onclick="return account_manageOtp(0)">Manage backup codes</a><br /></span></div>
</div>
</div> </div>
</div> <div id="p2AccountActions">
<div id="p2AccountActions"> <p><strong>Account actions</strong></p>
<p><strong>Account actions</strong></p> <p class="mL">
<p class="mL"> <span id="verifyEmailId" style="display:none"><a href=# onclick="return account_showVerifyEmail()">Verify email</a><br /></span>
<span id="verifyEmailId" style="display:none"><a href=# onclick="return account_showVerifyEmail()">Verify email</a><br /></span> <span id="accountEnableNotificationsSpan" style="display:none"><a href=# onclick="return account_enableNotifications()">Enable web notifications</a><br /></span>
<span id="accountEnableNotificationsSpan" style="display:none"><a href=# onclick="return account_enableNotifications()">Enable web notifications</a><br /></span> <a href=# onclick="return account_showLocalizationSettings()">Localization Settings</a><br />
<a href=# onclick="return account_showLocalizationSettings()">Localization Settings</a><br /> <a href=# onclick="return account_showAccountNotifySettings()">Notification Settings</a><br />
<a href=# onclick="return account_showAccountNotifySettings()">Notification Settings</a><br /> <span id="p2AccountPassActions">
<span id="p2AccountPassActions"> <span id="accountChangeEmailAddressSpan" style="display:none"><a href=# onclick="return account_showChangeEmail()">Change email address</a><br /></span>
<span id="accountChangeEmailAddressSpan" style="display:none"><a href=# onclick="return account_showChangeEmail()">Change email address</a><br /></span> <a href=# onclick="return account_showChangePassword()">Change password</a><span id="p2nextPasswordUpdateTime"></span><br />
<a href=# onclick="return account_showChangePassword()">Change password</a><span id="p2nextPasswordUpdateTime"></span><br /> <a href=# onclick="return account_showDeleteAccount()">Delete account</a><br />
<a href=# onclick="return account_showDeleteAccount()">Delete account</a><br /> </span>
</span> </p>
</p> <br style=clear:both />
</div>
<strong>Device Groups</strong>
<span id="p2createMeshLink1">( <a href=# onclick="return account_createMesh()" class="newMeshBtn"> New</a> )</span>
<br /><br />
<div id=p2meshes></div>
<div id=p2noMeshFound style="display:none">No device groups.<span id="p2createMeshLink2"> <a href=# onclick="return account_createMesh()"><strong>Get started here!</strong></a></span></div>
<br style=clear:both /> <br style=clear:both />
</div> </div>
<strong>Device Groups</strong>
<span id="p2createMeshLink1">( <a href=# onclick="return account_createMesh()" class="newMeshBtn"> New</a> )</span>
<br /><br />
<div id=p2meshes></div>
<div id=p2noMeshFound style="display:none">No device groups.<span id="p2createMeshLink2"> <a href=# onclick="return account_createMesh()"><strong>Get started here!</strong></a></span></div>
<br style=clear:both />
</div> </div>
<div id=p3 style="display:none"> <div id=p3 style="display:none">
<div id="p3title"><h1>My Events</h1></div> <div id="p3title"><h1>My Events</h1></div>
@ -1400,6 +1402,8 @@
// 1 = Top bar, 2 = Tool Bar, 4 = Bottom Bar, 8 = Tab Title // 1 = Top bar, 2 = Tool Bar, 4 = Bottom Bar, 8 = Tab Title
var xh = (((hide & 1) ? 0 : 66) + ((hide & 2) ? 0 : 24) + ((hide & 4) ? 0 : 45) + ((hide & 8) ? 0 : 60)); // 0 to 195 var xh = (((hide & 1) ? 0 : 66) + ((hide & 2) ? 0 : 24) + ((hide & 4) ? 0 : 45) + ((hide & 8) ? 0 : 60)); // 0 to 195
var xh2 = (uiMode > 1)?24:0; var xh2 = (uiMode > 1)?24:0;
QS('p2info')['height'] = 'calc(100vh - ' + (20 + xh + xh2) + 'px)';
QS('p2info')['max-height'] = 'calc(100vh - ' + (20 + xh + xh2) + 'px)';
QS('p3users')['max-height'] = 'calc(100vh - ' + (50 + xh) + 'px)'; // 124 QS('p3users')['max-height'] = 'calc(100vh - ' + (50 + xh) + 'px)'; // 124
QS('p3events')['height'] = 'calc(100vh - ' + (50 + xh) + 'px)'; // 124 QS('p3events')['height'] = 'calc(100vh - ' + (50 + xh) + 'px)'; // 124
QS('p5filetable')['height'] = 'calc(100vh - ' + (99 + xh) + 'px)'; // 160 QS('p5filetable')['height'] = 'calc(100vh - ' + (99 + xh) + 'px)'; // 160
@ -1843,7 +1847,7 @@
if ((currentNode != null) && (IsNodeViewable(currentNode) == false)) { currentNode = null; go(1); } if ((currentNode != null) && (IsNodeViewable(currentNode) == false)) { currentNode = null; go(1); }
// Change the reference to the current node // Change the reference to the current node
if (currentNode != null) { currentNode = getNodeFromId(currentNode._id); } if (currentNode != null) { currentNode = getNodeFromId(currentNode._id); gotoDevice(currentNode._id, xxcurrentView, true); }
masterUpdate(1 | 2 | 4 | 64); masterUpdate(1 | 2 | 4 | 64);
break; break;
@ -5179,7 +5183,7 @@
if (rights & 8192) str.push("Limit Events"); if (rights & 8192) str.push("Limit Events");
if (rights & 16384) str.push("Chat"); if (rights & 16384) str.push("Chat");
if (rights & 32768) str.push("Uninstall"); if (rights & 32768) str.push("Uninstall");
if (str.length == 0) return "No Added Rights"; if (str.length == 0) return "No Rights";
return str.join(', '); return str.join(', ');
} }
@ -8617,7 +8621,7 @@
var y = ''; var y = '';
if (selected) { selected = decodeURIComponent(selected); } if (selected) { selected = decodeURIComponent(selected); }
var omeshs = getOrderedList(meshes, 'name'); var omeshs = getOrderedList(meshes, 'name');
for (var i in omeshs) { if ((selected != null) || (currentUserGroup.links == null) || (currentUserGroup.links[i] == null)) { y += '<option value=' + encodeURIComponent(omeshs[i]._id) + ((selected == omeshs[i]._id)?' selected':' ') + '>' + EscapeHtml(omeshs[i].name) + '</option>'; } } for (var i in omeshs) { if ((selected != null) || (currentUserGroup.links == null) || (currentUserGroup.links[omeshs[i]._id] == null)) { y += '<option value=' + encodeURIComponent(omeshs[i]._id) + ((selected == omeshs[i]._id)?' selected':' ') + '>' + EscapeHtml(omeshs[i].name) + '</option>'; } }
x += addHtmlValue("Device Group", '<div style=width:230px;margin:0;padding:0><select onchange=p20validateAddMeshUserDialog(' + userid + ') id=dp2groupid style=width:100%>' + y + '</select></div>'); x += addHtmlValue("Device Group", '<div style=width:230px;margin:0;padding:0><select onchange=p20validateAddMeshUserDialog(' + userid + ') id=dp2groupid style=width:100%>' + y + '</select></div>');
} else if ((userid == 4) || (userid == 7)) { } else if ((userid == 4) || (userid == 7)) {
var y = '', selectedMeshId = null, selectedNode = null; var y = '', selectedMeshId = null, selectedNode = null;
@ -8675,27 +8679,27 @@
setDialogMode(2, "Add Users to Device Group", 3, p20showAddMeshUserDialogEx, x); setDialogMode(2, "Add Users to Device Group", 3, p20showAddMeshUserDialogEx, x);
Q('dp20username').focus(); Q('dp20username').focus();
} else if (userid === 1) { } else if (userid === 1) {
setDialogMode(2, (selected == null)?"Add Device Group Permissions":"Edit Device Group Permissions", 3, p20showAddMeshUserDialogEx, x, userid); setDialogMode(2, (selected == null)?"Add Device Group Permissions":"Edit Device Group Permissions", selected?7:3, p20showAddMeshUserDialogEx, x, userid);
if (selected != null) { urights = meshes[decodeURIComponent(selected)].links[currentUser._id].rights; } if (selected != null) { urights = meshes[decodeURIComponent(selected)].links[currentUser._id].rights; }
if (urights == 0xFFFFFFFF) { Q('p20fulladmin').checked = true; urights = -1; } if (urights == 0xFFFFFFFF) { Q('p20fulladmin').checked = true; urights = -1; }
} else if (userid === 2) { } else if (userid === 2) {
setDialogMode(2, "Add User Group", 3, p20showAddMeshUserDialogEx, x, userid); setDialogMode(2, "Add User Group", 3, p20showAddMeshUserDialogEx, x, userid);
} else if (userid === 3) { } else if (userid === 3) {
setDialogMode(2, "Add Device Group", 3, p20showAddMeshUserDialogEx, x, userid); setDialogMode(2, (selected == null)?"Add Device Group":"Edit Device Group", selected?7:3, p20showAddMeshUserDialogEx, x, userid);
QE('dp2groupid', selected == null); QE('dp2groupid', selected == null);
if (selected != null) { urights = currentUserGroup.links[decodeURIComponent(selected)].rights; } if (selected != null) { urights = currentUserGroup.links[decodeURIComponent(selected)].rights; }
if (urights == 0xFFFFFFFF) { Q('p20fulladmin').checked = true; urights = -1; } if (urights == 0xFFFFFFFF) { Q('p20fulladmin').checked = true; urights = -1; }
} else if (userid === 4) { } else if (userid === 4) {
setDialogMode(2, (selected == null)?"Add Device Permissions":"Edit Device Permissions", 3, p20showAddMeshUserDialogEx, x, userid); setDialogMode(2, (selected == null)?"Add Device Permissions":"Edit Device Permissions", selected?7:3, p20showAddMeshUserDialogEx, x, userid);
QE('dp2meshid', selected == null); QE('dp2meshid', selected == null);
QE('dp2nodeid', selected == null); QE('dp2nodeid', selected == null);
} else if (userid === 7) { } else if (userid === 7) {
setDialogMode(2, (selected == null)?"Add Device Permissions":"Edit Device Permissions", 3, p20showAddMeshUserDialogEx, x, userid); setDialogMode(2, (selected == null)?"Add Device Permissions":"Edit Device Permissions", selected?7:3, p20showAddMeshUserDialogEx, x, userid);
QE('dp2meshid', selected == null); QE('dp2meshid', selected == null);
QE('dp2nodeid', selected == null); QE('dp2nodeid', selected == null);
if (selected != null) { urights = currentUserGroup.links[decodeURIComponent(selected)].rights; QE('dp20username', false); } if (selected != null) { urights = currentUserGroup.links[decodeURIComponent(selected)].rights; QE('dp20username', false); }
} else if (userid === 5) { } else if (userid === 5) {
setDialogMode(2, selected?"Edit User Device Permissions":"Add User Device Permissions", 3, p20showAddMeshUserDialogEx, x, userid); setDialogMode(2, selected?"Edit User Device Permissions":"Add User Device Permissions", selected?7:3, p20showAddMeshUserDialogEx, x, userid);
if (selected != null) { if (selected != null) {
selected = decodeURIComponent(selected); selected = decodeURIComponent(selected);
if ((users != null) && (users[selected] != null)) { Q('dp20username').value = users[selected].name; } else { Q('dp20username').value = selected.split('/')[2]; } if ((users != null) && (users[selected] != null)) { Q('dp20username').value = users[selected].name; } else { Q('dp20username').value = selected.split('/')[2]; }
@ -8704,7 +8708,7 @@
} }
Q('dp20username').focus(); Q('dp20username').focus();
} else if (userid === 6) { } else if (userid === 6) {
setDialogMode(2, selected?"Edit User Device Permissions":"Add User Device Permissions", 3, p20showAddMeshUserDialogEx, x, userid); setDialogMode(2, selected?"Edit User Group Device Permissions":"Add User Group Device Permissions", selected?7:3, p20showAddMeshUserDialogEx, x, userid);
if (selected != null) { urights = currentNode.links[decodeURIComponent(selected)].rights; } if (selected != null) { urights = currentNode.links[decodeURIComponent(selected)].rights; }
} else { } else {
if (userid.startsWith('ugrp/')) { if (userid.startsWith('ugrp/')) {
@ -8767,7 +8771,6 @@
if (updateId === 4) { if (updateId === 4) {
// Update user device rights // Update user device rights
var devrights = 0, nodeid = decodeURIComponent(Q('dp2nodeid').value); var devrights = 0, nodeid = decodeURIComponent(Q('dp2nodeid').value);
console.log('nodeid', nodeid);
if ((nodeid != '') && (currentUser.links != null) && (currentUser.links[nodeid] != null)) { devrights = currentUser.links[nodeid].rights; } if ((nodeid != '') && (currentUser.links != null) && (currentUser.links[nodeid] != null)) { devrights = currentUser.links[nodeid].rights; }
Q('p20remotecontrol').checked = ((devrights & 8) != 0); Q('p20remotecontrol').checked = ((devrights & 8) != 0);
Q('p20meshagentconsole').checked = ((devrights & 16) != 0); Q('p20meshagentconsole').checked = ((devrights & 16) != 0);
@ -8853,83 +8856,79 @@
} }
function p20showAddMeshUserDialogEx(b, t) { function p20showAddMeshUserDialogEx(b, t) {
if (b == 2) { // Get the currently selected rights
p20viewuserEx(b, t); var meshadmin = 0;
if ((Q('p20fulladmin') != null) && (Q('p20fulladmin').checked == true)) { meshadmin = 0xFFFFFFFF; } else {
if (Q('p20fulladmin') != null) {
if (Q('p20editmesh').checked == true) meshadmin += 1;
if (Q('p20manageusers').checked == true) meshadmin += 2;
if (Q('p20managecomputers').checked == true) meshadmin += 4;
}
if (Q('p20remotecontrol').checked == true) meshadmin += 8;
if (Q('p20meshagentconsole').checked == true) meshadmin += 16;
if (Q('p20meshserverfiles').checked == true) meshadmin += 32;
if (Q('p20wakedevices').checked == true) meshadmin += 64;
if (Q('p20editnotes').checked == true) meshadmin += 128;
if (Q('p20remoteview').checked == true) meshadmin += 256;
if (Q('p20nodesktop').checked == true) meshadmin += 65536;
if (Q('p20noterminal').checked == true) meshadmin += 512;
if (Q('p20nofiles').checked == true) meshadmin += 1024;
if (Q('p20noamt').checked == true) meshadmin += 2048;
if (Q('p20remotelimitedinput').checked == true) meshadmin += 4096;
if (Q('p20limitevents').checked == true) meshadmin += 8192;
if (Q('p20chatnotify').checked == true) meshadmin += 16384;
if (Q('p20uninstall').checked == true) meshadmin += 32768;
}
// Clean up incorrect rights. If Remote Control is not selected, remove flags that don't make sense.
if ((meshadmin & 8) == 0) {
// Remove 256, 512, 1024, 2048, 4096, 65536
if (meshadmin & 256) { meshadmin -= 256; }
if (meshadmin & 512) { meshadmin -= 512; }
if (meshadmin & 1024) { meshadmin -= 1024; }
if (meshadmin & 2048) { meshadmin -= 2048; }
if (meshadmin & 4096) { meshadmin -= 4096; }
if (meshadmin & 65536) { meshadmin -= 65536; }
}
// Send the action to the server
if (t === 1) {
// Add current user to device group
var meshid = decodeURIComponent(Q('dp2groupid').value), mesh = meshes[meshid];
if (mesh != null) { meshserver.send({ action: 'addmeshuser', meshid: meshid, meshname: mesh.name, userids: [ currentUser._id ], meshadmin: meshadmin, remove: (b == 2) }); }
} else if (t === 2) {
// Add user group to device group
var ugrpid = decodeURIComponent(Q('dp2groupid').value), mesh = meshes[currentMesh._id];
if (mesh != null) { meshserver.send({ action: 'addmeshuser', meshid: currentMesh._id, meshname: currentMesh.name, userid: ugrpid, meshadmin: meshadmin, remove: (b == 2) }); }
} else if (t === 3) {
// Add device group to current user group
var meshid = decodeURIComponent(Q('dp2groupid').value), mesh = meshes[meshid];
if (mesh != null) { meshserver.send({ action: 'addmeshuser', meshid: meshid, meshname: mesh.name, userids: [ currentUserGroup._id ], meshadmin: meshadmin, remove: (b == 2) }); }
} else if (t === 4) {
// Add current user to device
var nodeid = decodeURIComponent(Q('dp2nodeid').value), node = getNodeFromId(nodeid);
if (node != null) { meshserver.send({ action: 'adddeviceuser', nodeid: nodeid, nodename: node.name, userids: [ currentUser._id ], rights: meshadmin, remove: (b == 2) }); }
} else if (t === 5) {
// Add users to device
var users = Q('dp20username').value.split(','), users2 = [];
for (var i in users) { users2.push(users[i].trim()); }
meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, usernames: users2, rights: meshadmin, remove: (b == 2) });
} else if (t === 6) {
// Add user group to device
var ugrpid = decodeURIComponent(Q('dp2groupid').value);
if (currentNode != null) { meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, userids: [ ugrpid ], rights: meshadmin, remove: (b == 2) }); }
} else if (t === 7) {
// Add current user group to device
var nodeid = decodeURIComponent(Q('dp2nodeid').value), node = getNodeFromId(nodeid);
if (node != null) { meshserver.send({ action: 'adddeviceuser', nodeid: nodeid, nodename: node.name, userids: [ currentUserGroup._id ], rights: meshadmin, remove: (b == 2) }); }
} else { } else {
// Get the currently selected rights // Add user to device group
var meshadmin = 0; if (t == null) {
if ((Q('p20fulladmin') != null) && (Q('p20fulladmin').checked == true)) { meshadmin = 0xFFFFFFFF; } else {
if (Q('p20fulladmin') != null) {
if (Q('p20editmesh').checked == true) meshadmin += 1;
if (Q('p20manageusers').checked == true) meshadmin += 2;
if (Q('p20managecomputers').checked == true) meshadmin += 4;
}
if (Q('p20remotecontrol').checked == true) meshadmin += 8;
if (Q('p20meshagentconsole').checked == true) meshadmin += 16;
if (Q('p20meshserverfiles').checked == true) meshadmin += 32;
if (Q('p20wakedevices').checked == true) meshadmin += 64;
if (Q('p20editnotes').checked == true) meshadmin += 128;
if (Q('p20remoteview').checked == true) meshadmin += 256;
if (Q('p20nodesktop').checked == true) meshadmin += 65536;
if (Q('p20noterminal').checked == true) meshadmin += 512;
if (Q('p20nofiles').checked == true) meshadmin += 1024;
if (Q('p20noamt').checked == true) meshadmin += 2048;
if (Q('p20remotelimitedinput').checked == true) meshadmin += 4096;
if (Q('p20limitevents').checked == true) meshadmin += 8192;
if (Q('p20chatnotify').checked == true) meshadmin += 16384;
if (Q('p20uninstall').checked == true) meshadmin += 32768;
}
// Clean up incorrect rights. If Remote Control is not selected, remove flags that don't make sense.
if ((meshadmin & 8) == 0) {
// Remove 256, 512, 1024, 2048, 4096, 65536
if (meshadmin & 256) { meshadmin -= 256; }
if (meshadmin & 512) { meshadmin -= 512; }
if (meshadmin & 1024) { meshadmin -= 1024; }
if (meshadmin & 2048) { meshadmin -= 2048; }
if (meshadmin & 4096) { meshadmin -= 4096; }
if (meshadmin & 65536) { meshadmin -= 65536; }
}
// Send the action to the server
if (t === 1) {
// Add current user to device group
var meshid = decodeURIComponent(Q('dp2groupid').value), mesh = meshes[meshid];
if (mesh != null) { meshserver.send({ action: 'addmeshuser', meshid: meshid, meshname: mesh.name, userids: [ currentUser._id ], meshadmin: meshadmin }); }
} else if (t === 2) {
// Add user group to device group
var ugrpid = decodeURIComponent(Q('dp2groupid').value), mesh = meshes[currentMesh._id];
if (mesh != null) { meshserver.send({ action: 'addmeshuser', meshid: currentMesh._id, meshname: currentMesh.name, userid: ugrpid, meshadmin: meshadmin }); }
} else if (t === 3) {
// Add device group to current user group
var meshid = decodeURIComponent(Q('dp2groupid').value), mesh = meshes[meshid];
if (mesh != null) { meshserver.send({ action: 'addmeshuser', meshid: meshid, meshname: mesh.name, userids: [ currentUserGroup._id ], meshadmin: meshadmin }); }
} else if (t === 4) {
// Add current user to device
var nodeid = decodeURIComponent(Q('dp2nodeid').value), node = getNodeFromId(nodeid);
if (node != null) { meshserver.send({ action: 'adddeviceuser', nodeid: nodeid, nodename: node.name, userids: [ currentUser._id ], rights: meshadmin }); }
} else if (t === 5) {
// Add users to device
var users = Q('dp20username').value.split(','), users2 = []; var users = Q('dp20username').value.split(','), users2 = [];
for (var i in users) { users2.push(users[i].trim()); } for (var i in users) { users2.push(users[i].trim()); }
meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, usernames: users2, rights: meshadmin }); meshserver.send({ action: 'addmeshuser', meshid: currentMesh._id, meshname: currentMesh.name, usernames: users2, meshadmin: meshadmin, remove: (b == 2) });
} else if (t === 6) {
// Add user group to device
var ugrpid = decodeURIComponent(Q('dp2groupid').value);
if (currentNode != null) { meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, userids: [ ugrpid ], rights: meshadmin }); }
} else if (t === 7) {
// Add current user group to device
var nodeid = decodeURIComponent(Q('dp2nodeid').value), node = getNodeFromId(nodeid);
if (node != null) { meshserver.send({ action: 'adddeviceuser', nodeid: nodeid, nodename: node.name, userids: [ currentUserGroup._id ], rights: meshadmin }); }
} else { } else {
// Add user to device group meshserver.send({ action: 'addmeshuser', meshid: currentMesh._id, meshname: currentMesh.name, userids: [ t ], meshadmin: meshadmin, remove: (b == 2) });
if (t == null) {
var users = Q('dp20username').value.split(','), users2 = [];
for (var i in users) { users2.push(users[i].trim()); }
meshserver.send({ action: 'addmeshuser', meshid: currentMesh._id, meshname: currentMesh.name, usernames: users2, meshadmin: meshadmin });
} else {
meshserver.send({ action: 'addmeshuser', meshid: currentMesh._id, meshname: currentMesh.name, userids: [ t ], meshadmin: meshadmin });
}
} }
} }
} }
@ -10306,7 +10305,7 @@
omeshes = getOrderedList(omeshes, 'name'); omeshes = getOrderedList(omeshes, 'name');
for (var i in omeshes) { for (var i in omeshes) {
var cr = 0, mesh = omeshes[i], r = currentUserGroup.links[mesh._id].rights, trash = '', rights = makeDeviceGroupRightsString(r); var cr = 0, mesh = omeshes[i], r = currentUserGroup.links[mesh._id].rights, trash = '', rights = makeDeviceGroupRightsString(r);
if ((userinfo.links) && (userinfo.links[i] != null) && (userinfo.links[i].rights != null)) { cr = userinfo.links[i].rights; } if ((userinfo.links) && (userinfo.links[mesh._id] != null) && (userinfo.links[mesh._id].rights != null)) { cr = userinfo.links[mesh._id].rights; }
var meshname = '<i>' + "Unknown Device Group" + '</i>'; var meshname = '<i>' + "Unknown Device Group" + '</i>';
if (mesh) { meshname = '<a href=# onclick=\'gotoMesh("' + mesh._id + '");haltEvent(event);\'>' + mesh.name + '</a>'; } else {} if (mesh) { meshname = '<a href=# onclick=\'gotoMesh("' + mesh._id + '");haltEvent(event);\'>' + mesh.name + '</a>'; } else {}
if ((cr & 2) != 0) { if ((cr & 2) != 0) {
@ -10365,7 +10364,7 @@
} }
function p51removeDeviceFromUserGroupEx(b, nodeid) { function p51removeDeviceFromUserGroupEx(b, nodeid) {
meshserver.send({ action: 'adddeviceuser', nodeid: nodeid, userids: [ currentUserGroup._id ], rights: 0 }); meshserver.send({ action: 'adddeviceuser', nodeid: nodeid, userids: [ currentUserGroup._id ], rights: 0, remove: true });
} }
function p51removeMeshFromUserGroup(e, meshid) { function p51removeMeshFromUserGroup(e, meshid) {
@ -10720,10 +10719,10 @@
for (var i in omeshes) { for (var i in omeshes) {
var cr = 0, mesh = omeshes[i], r = currentUser.links[mesh._id].rights, trash = '', rights = makeDeviceGroupRightsString(r); var cr = 0, mesh = omeshes[i], r = currentUser.links[mesh._id].rights, trash = '', rights = makeDeviceGroupRightsString(r);
if (mesh == null) { continue; } if (mesh == null) { continue; }
if ((userinfo.links) && (userinfo.links[i] != null) && (userinfo.links[i].rights != null)) { cr = userinfo.links[i].rights; } if ((userinfo.links) && (userinfo.links[mesh._id] != null) && (userinfo.links[mesh._id].rights != null)) { cr = userinfo.links[mesh._id].rights; }
var meshname = '<i>' + "Unknown Device Group" + '</i>'; var meshname = '<i>' + "Unknown Device Group" + '</i>';
if (mesh) { meshname = '<a href=# onclick=\'gotoMesh("' + mesh._id + '");haltEvent(event);\'>' + EscapeHtml(mesh.name) + '</a>'; } else {} if (mesh) { meshname = '<a href=# onclick=\'gotoMesh("' + mesh._id + '");haltEvent(event);\'>' + EscapeHtml(mesh.name) + '</a>'; }
if ((currentUser._id != userinfo._id) && ((cr & 2) != 0)) { if ((currentUser._id != userinfo._id) && ((cr & 2) != 0)) { // 2 = MESHRIGHT_MANAGEUSERS
trash = '<a href=# onclick=\'return p30removeMeshFromUser(event,"' + encodeURIComponent(mesh._id) + '")\' title=\"' + "Remove user rights to this device group" + '\" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>'; trash = '<a href=# onclick=\'return p30removeMeshFromUser(event,"' + encodeURIComponent(mesh._id) + '")\' title=\"' + "Remove user rights to this device group" + '\" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>';
rights = '<span style=cursor:pointer onclick=p20showAddMeshUserDialog(1,\"' + encodeURIComponent(mesh._id) + '\")>' + rights + ' <img class=hoverButton style=cursor:pointer src=images/link5.png></span>'; rights = '<span style=cursor:pointer onclick=p20showAddMeshUserDialog(1,\"' + encodeURIComponent(mesh._id) + '\")>' + rights + ' <img class=hoverButton style=cursor:pointer src=images/link5.png></span>';
} }
@ -10748,13 +10747,13 @@
for (var i in currentUser.links) { if (i.startsWith('ugrp/')) { if (usergroups[i] != null) { ougroups.push(usergroups[i]); } } } for (var i in currentUser.links) { if (i.startsWith('ugrp/')) { if (usergroups[i] != null) { ougroups.push(usergroups[i]); } } }
ougroups = getOrderedList(ougroups, 'name'); ougroups = getOrderedList(ougroups, 'name');
for (var i in ougroups) { for (var i in ougroups) {
var group = usergroups[i], r = currentUser.links[ougroups[i]._id].rights, trash = ''; var group = ougroups[i], r = currentUser.links[ougroups[i]._id].rights, trash = '';
var groupname = '<i>' + "Unknown User Group" + '</i>'; var groupname = '<i>' + "Unknown User Group" + '</i>';
if (group != null) { if (group != null) {
groupname = EscapeHtml(group.name); groupname = EscapeHtml(group.name);
if (usergroups != null) { groupname = '<a href=# onclick=\'gotoUserGroup("' + encodeURIComponent(i) + '");haltEvent(event);\'>' + groupname + '</a>'; } if (usergroups != null) { groupname = '<a href=# onclick=\'gotoUserGroup("' + encodeURIComponent(ougroups[i]._id) + '");haltEvent(event);\'>' + groupname + '</a>'; }
} }
if ((userinfo.siteadmin & 256) != 0) { trash = '<a href=# onclick=\'return p30RemoveUserGroup(event,"' + encodeURIComponent(i) + '")\' title=\"' + "Remove user group membership" + '\" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>'; } if ((userinfo.siteadmin & 256) != 0) { trash = '<a href=# onclick=\'return p30RemoveUserGroup(event,"' + encodeURIComponent(ougroups[i]._id) + '")\' title=\"' + "Remove user group membership" + '\" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>'; }
x += '<tr ' + (((++count % 2) == 0) ? 'style=background-color:#DDD' : '') + '><td><div title=\"' + "User Group" + '\" class=m4></div><div>&nbsp;' + groupname + '<div></div></div></td><td><div style=float:right>' + trash + '</div></td></tr>'; x += '<tr ' + (((++count % 2) == 0) ? 'style=background-color:#DDD' : '') + '><td><div title=\"' + "User Group" + '\" class=m4></div><div>&nbsp;' + groupname + '<div></div></div></td><td><div style=float:right>' + trash + '</div></td></tr>';
} }
} }
@ -10792,17 +10791,17 @@
function p30removeNodeFromUser(event, nodeid) { function p30removeNodeFromUser(event, nodeid) {
if (xxdialogMode) return; if (xxdialogMode) return;
var node = getNodeFromId(decodeURIComponent(nodeid)); var node = getNodeFromId(decodeURIComponent(nodeid));
setDialogMode(2, "Remove Device Permissions", 3, function(b, node) { meshserver.send({ action: 'adddeviceuser', nodeid: node._id, nodename: node.name, userids: [ currentUser._id ], rights: 0 }); }, format("Confirm removal of access rights for device \"{0}\"?", node.name), node); setDialogMode(2, "Remove Device Permissions", 3, function(b, node) { meshserver.send({ action: 'adddeviceuser', nodeid: node._id, nodename: node.name, userids: [ currentUser._id ], rights: 0, remove: true }); }, format("Confirm removal of access rights for device \"{0}\"?", node.name), node);
} }
function p30removeUserFromNode(event, userid) { function p30removeUserFromNode(event, userid) {
if (xxdialogMode) return; if (xxdialogMode) return;
var user = users[decodeURIComponent(userid)]; var user = users[decodeURIComponent(userid)];
if (user != null) { if (user != null) {
setDialogMode(2, "Remove User Permissions", 3, function(b, user) { meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, userids: [ user._id ], rights: 0 }); }, format("Confirm removal of access rights for user \"{0}\"?", user.name), user); setDialogMode(2, "Remove User Permissions", 3, function(b, user) { meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, userids: [ user._id ], rights: 0, remove: true }); }, format("Confirm removal of access rights for user \"{0}\"?", user.name), user);
} else if (usergroups != null) { } else if (usergroups != null) {
user = usergroups[decodeURIComponent(userid)]; user = usergroups[decodeURIComponent(userid)];
if (user != null) { setDialogMode(2, "Remove User Group Permissions", 3, function(b, user) { meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, userids: [ user._id ], rights: 0 }); }, format("Confirm removal of access rights for user group \"{0}\"?", user.name), user); } if (user != null) { setDialogMode(2, "Remove User Group Permissions", 3, function(b, user) { meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, userids: [ user._id ], rights: 0, remove: true }); }, format("Confirm removal of access rights for user group \"{0}\"?", user.name), user); }
} }
} }