Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-11-22 12:52:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added guest sharing account permission.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2021-01-25 15:04:52 -08:00
parent 6ee7bfa8fd
commit 66eb53e2f6
3 changed files with 1607 additions and 1553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
meshuser.js
View File

@ -50,6 +50,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
const MESHRIGHT_NODESKTOP = 0x00010000;
const MESHRIGHT_REMOTECOMMAND = 0x00020000;
const MESHRIGHT_RESETOFF = 0x00040000;
const MESHRIGHT_GUESTSHARING = 0x00080000;
const MESHRIGHT_ADMIN = 0xFFFFFFFF;
// Site rights
@ -4706,13 +4707,19 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Get the device rights
parent.GetNodeWithRights(domain, user, command.nodeid, function (node, rights, visible) {
// If node not found or we don't have remote control, reject.
if ((node == null) || ((rights & 8) == 0)) {
if (node == null) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Invalid node id' })); } catch (ex) { } }
return;
}
// If there is MESHRIGHT_DESKLIMITEDINPUT or MESHRIGHT_REMOTEVIEWONLY on this account, reject this request.
if ((rights != 0xFFFFFFFF) && ((rights & 4352) != 0)) return;
// If there is MESHRIGHT_DESKLIMITEDINPUT or we don't have MESHRIGHT_GUESTSHARING on this account, reject this request.
if (rights != MESHRIGHT_ADMIN) {
// If we don't have remote control, or have limited input, or don't have guest sharing permission, fail here.
if (((rights & MESHRIGHT_REMOTECONTROL) == 0) || ((rights & MESHRIGHT_DESKLIMITEDINPUT) != 0) || ((rights & MESHRIGHT_GUESTSHARING) == 0)) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } }
return;
}
}
parent.db.GetAllTypeNodeFiltered([command.nodeid], domain.id, 'deviceshare', null, function (err, docs) {
if (err != null) return;
@ -4759,13 +4766,19 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Get the device rights
parent.GetNodeWithRights(domain, user, command.nodeid, function (node, rights, visible) {
// If node not found or we don't have remote control, reject.
if ((node == null) || ((rights & 8) == 0)) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'removeDeviceShare', responseid: command.responseid, result: 'Invalid node id' })); } catch (ex) { } }
if (node == null) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Invalid node id' })); } catch (ex) { } }
return;
}
// If there is MESHRIGHT_DESKLIMITEDINPUT or MESHRIGHT_REMOTEVIEWONLY on this account, reject this request.
if ((rights != 0xFFFFFFFF) && ((rights & 4352) != 0)) return;
// If there is MESHRIGHT_DESKLIMITEDINPUT or we don't have MESHRIGHT_GUESTSHARING on this account, reject this request.
if (rights != MESHRIGHT_ADMIN) {
// If we don't have remote control, or have limited input, or don't have guest sharing permission, fail here.
if (((rights & MESHRIGHT_REMOTECONTROL) == 0) || ((rights & MESHRIGHT_DESKLIMITEDINPUT) != 0) || ((rights & MESHRIGHT_GUESTSHARING) == 0)) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } }
return;
}
}
parent.db.GetAllTypeNodeFiltered([command.nodeid], domain.id, 'deviceshare', null, function (err, docs) {
if (err != null) return;
@ -4835,13 +4848,28 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Get the device rights
parent.GetNodeWithRights(domain, user, command.nodeid, function (node, rights, visible) {
// If node not found or we don't have remote control, reject.
if ((node == null) || ((rights & 8) == 0)) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'createDeviceShareLink', responseid: command.responseid, result: 'Invalid node id' })); } catch (ex) { } }
if (node == null) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Invalid node id' })); } catch (ex) { } }
return;
}
// If there is MESHRIGHT_DESKLIMITEDINPUT or MESHRIGHT_REMOTEVIEWONLY on this account, reject this request.
if ((rights != 0xFFFFFFFF) && ((rights & 4352) != 0)) return;
// If there is MESHRIGHT_DESKLIMITEDINPUT or we don't have MESHRIGHT_GUESTSHARING on this account, reject this request.
if (rights != MESHRIGHT_ADMIN) {
// If we don't have remote control, or have limited input, or don't have guest sharing permission, fail here.
if (((rights & MESHRIGHT_REMOTECONTROL) == 0) || ((rights & MESHRIGHT_DESKLIMITEDINPUT) != 0) || ((rights & MESHRIGHT_GUESTSHARING) == 0)) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } }
return;
}
}
// If we are limited to no terminal, don't allow terminal sharing
if ((command.p == 1) && (rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_NOTERMINAL) != 0)) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deviceShares', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } }
return;
}
// If we have view only remote desktop rights, force view-only on the guest share.
if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_REMOTEVIEWONLY) != 0)) { command.viewOnly = true; }
// Create cookie
var publicid = getRandomPassword(), startTime, expireTime;

3089
translate/translate.json
View File

File diff suppressed because it is too large Load Diff

19
views/default.handlebars
View File

@ -5978,7 +5978,7 @@
x += '<input type=button value="' + "Log Event" + '" title="' + "Write an event for this device" + '" onclick=writeDeviceEvent("' + encodeURIComponentEx(node._id) + '") />';
if ((connectivity & 1) && (meshrights & 8) && (node.agent.id != 14)) { x += '<input type=button value="' + "Message" + '" title="' + "Display a text message on the remote device" + '" onclick=deviceMessageFunction() />'; }
//if ((connectivity & 1) && (meshrights & 8) && (node.agent.id < 5)) { x += '<input type=button value=Toast title="' + "Display a text message of the remote device" + '" onclick=deviceToastFunction() />'; }
if ((serverinfo.guestdevicesharing !== false) && (node.agent != null) && (node.agent.caps & 3) && (connectivity & 1) && (meshrights & 8) && ((meshrights == 0xFFFFFFFF) || ((meshrights & 4352) == 0))) { x += '<input type=button value="' + "Share" + '" title="' + "Create a link to share this device with a guest" + '" onclick=showShareDevice() />'; }
if ((serverinfo.guestdevicesharing !== false) && (node.agent != null) && (node.agent.caps & 3) && (connectivity & 1) && (meshrights & 0x80008) && ((meshrights == 0xFFFFFFFF) || ((meshrights & 0x1000) == 0))) { x += '<input type=button value="' + "Share" + '" title="' + "Create a link to share this device with a guest" + '" onclick=showShareDevice() />'; }
// Custom UI
if ((customui != null) && (customui.devicebuttons != null)) {
@ -6235,6 +6235,7 @@
if (rights & 2048) str1.push("No AMT");
if (rights & 4096) str1.push("Limited Input");
if (rights & 65536) str1.push("No Desktop");
if ((rights & 524288) && (serverinfo.guestdevicesharing !== false)) str1.push("Guest Share");
if (str1.length > 0) { str.push('Control (' + str1.join(', ') + ')'); } else { str.push("Control"); }
}
if (rights & 16) str.push("Console");
@ -6264,6 +6265,7 @@
if (rights & 2048) str1.push("No AMT");
if (rights & 4096) str1.push("Limited Input");
if (rights & 65536) str1.push("No Desktop");
if ((rights & 524288) && (serverinfo.guestdevicesharing !== false)) str1.push("Guest Share");
if (str1.length > 0) { str.push('Control (' + str1.join(', ') + ')'); } else { str.push("Control"); }
}
if (rights & 16) str.push("Console");
@ -6371,9 +6373,14 @@
function showShareDevice() {
if (xxdialogMode) return;
var rights = GetNodeRights(currentNode);
var y = '', x = "Creates a link that allows a guest without an account to remote control this device for a limited time." + '<br /><br />';
x += addHtmlValue("Guest Name", '<input id=d2inviteName style=width:250px maxlength=128 type=text onkeyup=showShareDeviceValidate() />');
x += addHtmlValue("Type", '<select id=d2shareType style=float:right;width:250px onchange=showShareDeviceValidate()>' + ((currentNode.agent.caps & 1)?('<option value=2>' + "Desktop" + '</option><option value=3>' + "Desktop, View only" + '</option>'):'') + ((currentNode.agent.caps & 2)?('<option value=1>' + "Terminal" + '</option>'):'') + '</select>');
var deskFull = '<option value=2>' + "Desktop" + '</option>';
if ((rights != 0xFFFFFFFF) && ((rights & 0x100) != 0)) { deskFull = ''; }
var fullTerm = '<option value=1>' + "Terminal" + '</option>';
if ((rights != 0xFFFFFFFF) && ((rights & 0x200) != 0)) { fullTerm = ''; }
x += addHtmlValue("Type", '<select id=d2shareType style=float:right;width:250px onchange=showShareDeviceValidate()>' + ((currentNode.agent.caps & 1)?(deskFull + '<option value=3>' + "Desktop, View only" + '</option>'):'') + ((currentNode.agent.caps & 2)?fullTerm:'') + '</select>');
var options = { 1 : "1 minute", 5 : "5 minutes", 10 : "10 minutes", 15 : "15 minutes", 30 : "30 minutes", 45 : "45 minutes", 60 : "60 minutes", 120 : "2 hours", 240 : "4 hours", 480 : "8 hours", 720 : "12 hours", 960 : "16 hours", 1440 : "24 hours", 2880 : "2 days", 5760 : "4 days" }
for (var i in options) { y += '<option value=' + i + '>' + options[i] + '</option>'; }
x += addHtmlValue("Validity", '<select id=d2timeRange style=float:right;width:250px onchange=showShareDeviceValidate()><option value=0>' + "Starting now" + '</option><option value=1>' + "Time range" + '</option></select>');
@ -10372,6 +10379,7 @@
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20remotecontrol>' + "Remote Control" + '</label><br>';
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20remoteview style=margin-left:12px>' + "Remote View Only" + '</label><br>';
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20remotelimitedinput style=margin-left:12px>' + "Limited Input Only" + '</label><br>';
if (serverinfo.guestdevicesharing !== false) { x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20guestshare style=margin-left:12px>' + "Guest Sharing" + '</label><br>'; }
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20nodesktop style=margin-left:12px>' + "No Desktop Access" + '</label><br>';
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20noterminal style=margin-left:12px>' + "No Terminal Access" + '</label><br>';
x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20nofiles style=margin-left:12px>' + "No File Access" + '</label><br>';
@ -10445,6 +10453,7 @@
Q('p20remotecontrol').checked = true;
if (urights & 65536) { Q('p20nodesktop').checked = true; }
if (urights & 256) { Q('p20remoteview').checked = true; }
if ((urights & 524288) && (serverinfo.guestdevicesharing !== false)) { Q('p20guestshare').checked = true; }
if (urights & 512) { Q('p20noterminal').checked = true; }
if (urights & 1024) { Q('p20nofiles').checked = true; }
if (urights & 2048) { Q('p20noamt').checked = true; }
@ -10459,6 +10468,7 @@
if (urights & 32768) { Q('p20uninstall').checked = true; }
if (urights & 131072) { Q('p20commands').checked = true; }
if (urights & 262144) { Q('p20resetoff').checked = true; }
if ((urights & 524288) && (serverinfo.guestdevicesharing !== false)) { Q('p20guestshare').checked = true; }
}
p20validateAddMeshUserDialog(userid);
@ -10505,6 +10515,7 @@
Q('p20nodesktop').checked = ((devrights & 65536) != 0);
Q('p20commands').checked = ((devrights & 131072) != 0);
Q('p20resetoff').checked = ((devrights & 262144) != 0);
if (serverinfo.guestdevicesharing !== false) { Q('p20guestshare').checked = ((devrights & 524288) != 0); }
ok = (nodeid != '');
}
@ -10575,6 +10586,7 @@
QE('p20editnotes', nc);
QE('p20limitevents', nc);
QE('p20remoteview', nc && Q('p20remotecontrol').checked);
if (serverinfo.guestdevicesharing !== false) { QE('p20guestshare', nc && Q('p20remotecontrol').checked && (Q('p20remoteview').checked || !Q('p20remotelimitedinput').checked)); }
QE('p20remotelimitedinput', nc && Q('p20remotecontrol').checked && !Q('p20remoteview').checked);
QE('p20nodesktop', nc && Q('p20remotecontrol').checked);
QE('p20noterminal', nc && Q('p20remotecontrol').checked);
@ -10605,12 +10617,13 @@
if (Q('p20noterminal').checked == true) meshadmin += 512;
if (Q('p20nofiles').checked == true) meshadmin += 1024;
if (Q('p20noamt').checked == true) meshadmin += 2048;
if (Q('p20remotelimitedinput').checked == true) meshadmin += 4096;
if ((Q('p20remotelimitedinput').checked == true) && (!Q('p20remoteview').checked)) meshadmin += 4096;
if (Q('p20limitevents').checked == true) meshadmin += 8192;
if (Q('p20chatnotify').checked == true) meshadmin += 16384;
if (Q('p20uninstall').checked == true) meshadmin += 32768;
if (Q('p20commands').checked == true) meshadmin += 131072;
if (Q('p20resetoff').checked == true) meshadmin += 262144;
if ((serverinfo.guestdevicesharing !== false) && (Q('p20guestshare').checked == true) && (Q('p20remoteview').checked || (!Q('p20remoteview').checked && !Q('p20remotelimitedinput').checked))) meshadmin += 524288;
}
// Clean up incorrect rights. If Remote Control is not selected, remove flags that don't make sense.