From 68dfafa739714b0a1a82f43290f2df6b8a752892 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Tue, 14 Sep 2021 17:27:39 -0700
Subject: [PATCH] Started work on user group permission removal, #3129

---
 meshuser.js                     |  9 +++-
 views/default-mobile.handlebars |  1 +
 views/default.handlebars        | 77 ++++++++++++++++++++++++++++++---
 3 files changed, 79 insertions(+), 8 deletions(-)

diff --git a/meshuser.js b/meshuser.js
index 7015150c..3df8a457 100644
--- a/meshuser.js
+++ b/meshuser.js
@@ -1948,12 +1948,17 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                         if ((command.flags != null) && (typeof command.flags == 'number')) {
                             // Flags: 2 = Session Recording
                             if ((command.flags == 0) && (group.flags != null)) { delete group.flags; } else { if (command.flags !== group.flags) { group.flags = command.flags; } }
-                            if (change == '') { change = 'User group flags changed.'; }
+                            if (change == '') { change = 'User group features changed.'; }
+                        }
+
+                        if ((command.removeRights != null) && (typeof command.removeRights == 'number')) {
+                            if ((command.removeRights == 0) && (group.removeRights != null)) { delete group.removeRights; } else { if (command.removeRights !== group.removeRights) { group.removeRights = command.removeRights; } }
+                            if (change == '') { change = 'User group features changed.'; }
                         }
 
                         if (change != '') {
                             db.Set(group);
-                            var event = { etype: 'ugrp', userid: user._id, username: user.name, ugrpid: group._id, name: group.name, desc: group.desc, consent: ((group.consent == null) ? 0 : group.consent), action: 'usergroupchange', links: group.links, flags: group.flags, msg: change, domain: domain.id };
+                            var event = { etype: 'ugrp', userid: user._id, username: user.name, ugrpid: group._id, name: group.name, desc: group.desc, consent: ((group.consent == null) ? 0 : group.consent), action: 'usergroupchange', links: group.links, flags: group.flags, removeRights: group.removeRights, msg: change, domain: domain.id };
                             if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
                             parent.parent.DispatchEvent(['*', group._id, user._id], obj, event);
                         }
diff --git a/views/default-mobile.handlebars b/views/default-mobile.handlebars
index 8c77713b..591699ee 100644
--- a/views/default-mobile.handlebars
+++ b/views/default-mobile.handlebars
@@ -1744,6 +1744,7 @@
                                 ugroup.desc = message.event.desc;
                                 ugroup.links = message.event.links;
                                 ugroup.flags = message.event.flags;
+                                ugroup.removeRights = message.event.removeRights;
                             }
                             //mainUpdate(8192 + 16384);
 
diff --git a/views/default.handlebars b/views/default.handlebars
index 8647eb11..2825a5a9 100644
--- a/views/default.handlebars
+++ b/views/default.handlebars
@@ -2936,6 +2936,7 @@
                                 if (message.event.desc) { ugroup.desc = message.event.desc; } else { delete ugroup.desc; }
                                 if (message.event.links) { ugroup.links = message.event.links; } else { delete ugroup.links; }
                                 if (message.event.flags) { ugroup.flags = message.event.flags; } else { delete ugroup.flags; }
+                                if (message.event.removeRights) { ugroup.removeRights = message.event.removeRights; } else { delete ugroup.removeRights; }
                                 if (typeof message.event.consent == 'number') { ugroup.consent = message.event.consent; }
                             }
                             mainUpdate(4096 + 8192 + 16384);
@@ -13830,13 +13831,24 @@
             }
 
             // Display features
-            if (serverinfo.userGroupsSessionRecording == 1) {
-                var userGroupFeatures = [];
-                if ((group.flags) && (group.flags & 2)) { userGroupFeatures.push("Record Sessions"); }
-                userGroupFeatures = userGroupFeatures.join(', ');
-                if (userGroupFeatures == '') { userGroupFeatures = '<i>' + "None" + '</i>'; }
-                x += addDeviceAttribute("Features", addLink(userGroupFeatures, 'p51edituserGroupFeatures()'));
+            var userGroupFeatures = [];
+            if ((serverinfo.userGroupsSessionRecording == 1) && (group.flags) && (group.flags & 2)) { userGroupFeatures.push("Record Sessions"); }
+            if (group.removeRights) {
+                if ((group.removeRights & 0x00000008) != 0) { userGroupFeatures.push("No Remote Control"); } else {
+                    if ((group.removeRights & 0x00010000) != 0) { userGroupFeatures.push("No Desktop"); }
+                    else if ((group.removeRights & 0x00000100) != 0) { userGroupFeatures.push("Desktop View Only"); }
+                    if ((group.removeRights & 0x00000200) != 0) { userGroupFeatures.push("No Terminal"); }
+                    if ((group.removeRights & 0x00000400) != 0) { userGroupFeatures.push("No Files"); }
+                }
+                if ((group.removeRights & 0x00000010) != 0) { userGroupFeatures.push("No Console"); }
+                if ((group.removeRights & 0x00008000) != 0) { userGroupFeatures.push("No Uninstall"); }
+                if ((group.removeRights & 0x00020000) != 0) { userGroupFeatures.push("No Remote Command"); }
+                if ((group.removeRights & 0x00000040) != 0) { userGroupFeatures.push("No Wake"); }
+                if ((group.removeRights & 0x00040000) != 0) { userGroupFeatures.push("No Reset/Off"); }
             }
+            userGroupFeatures = userGroupFeatures.join(', ');
+            if (userGroupFeatures == '') { userGroupFeatures = '<i>' + "None" + '</i>'; }
+            x += addDeviceAttribute("Features", addLink(userGroupFeatures, 'p51edituserGroupFeatures()'));
 
             // Display user consent flags for this user group
             {
@@ -13961,6 +13973,58 @@
             }
         }
 
+        function p51edituserGroupFeatures() {
+            if (xxdialogMode) return;
+            var flags = (currentUserGroup.flags)?currentUserGroup.flags:0, x = ''; // Flags: 1 = Account Image, 2 = Session Recording
+            var removeRights = (currentUserGroup.removeRights)?currentUserGroup.removeRights:0, x = ''; // Remove Device Group Rights
+            if (serverinfo.userGroupsSessionRecording == 1) {
+                x += '<div><label><input type=checkbox id=d51flag1 onchange=p51edituserGroupFeaturesValidate() ' + ((flags & 2) ? 'checked' : '') + '>' + "Record sessions" + '</label><br></div>';
+            }
+            x += '<div><label><input type=checkbox id=d51flag7 onchange=p51edituserGroupFeaturesValidate() ' + ((removeRights & 0x00000008) ? 'checked' : '') + '>' + "No Remote Control" + '</label><br></div>';
+            x += '<div style=margin-left:8px><label><input type=checkbox id=d51flag2 onchange=p51edituserGroupFeaturesValidate() ' + ((removeRights & 0x00010000) ? 'checked' : '') + '>' + "No Desktop Access" + '</label><br></div>';
+            x += '<div style=margin-left:16px><label><input type=checkbox id=d51flag3 onchange=p51edituserGroupFeaturesValidate() ' + ((removeRights & 0x00000100) ? 'checked' : '') + '>' + "Remote View Only" + '</label><br></div>';
+            x += '<div style=margin-left:8px><label><input type=checkbox id=d51flag4 onchange=p51edituserGroupFeaturesValidate() ' + ((removeRights & 0x00000200) ? 'checked' : '') + '>' + "No Terminal Access" + '</label><br></div>';
+            x += '<div style=margin-left:8px><label><input type=checkbox id=d51flag5 onchange=p51edituserGroupFeaturesValidate() ' + ((removeRights & 0x00000400) ? 'checked' : '') + '>' + "No File Access" + '</label><br></div>';
+            x += '<div><label><input type=checkbox id=d51flag6 onchange=p51edituserGroupFeaturesValidate() ' + ((removeRights & 0x00000010) ? 'checked' : '') + '>' + "No Agent Console" + '</label><br></div>';
+            x += '<div><label><input type=checkbox id=d51flag8 onchange=p51edituserGroupFeaturesValidate() ' + ((removeRights & 0x00008000) ? 'checked' : '') + '>' + "No Uninstall" + '</label><br></div>';
+            x += '<div><label><input type=checkbox id=d51flag9 onchange=p51edituserGroupFeaturesValidate() ' + ((removeRights & 0x00020000) ? 'checked' : '') + '>' + "No Remote Command" + '</label><br></div>';
+            x += '<div><label><input type=checkbox id=d51flag10 onchange=p51edituserGroupFeaturesValidate() ' + ((removeRights & 0x00000040) ? 'checked' : '') + '>' + "No Wake" + '</label><br></div>';
+            x += '<div><label><input type=checkbox id=d51flag11 onchange=p51edituserGroupFeaturesValidate() ' + ((removeRights & 0x00040000) ? 'checked' : '') + '>' + "No Reset/Off" + '</label><br></div>';
+            setDialogMode(2, "Edit User Features", 3, p51edituserGroupFeaturesEx, x);
+            p51edituserGroupFeaturesValidate();
+        }
+
+        function p51edituserGroupFeaturesValidate() {
+            QE('d51flag2', !Q('d51flag7').checked);
+            QE('d51flag3', !Q('d51flag7').checked && !Q('d51flag2').checked);
+            QE('d51flag4', !Q('d51flag7').checked);
+            QE('d51flag5', !Q('d51flag7').checked);
+        }
+
+        // Send to the server the new user's real name
+        function p51edituserGroupFeaturesEx() {
+            // Setup user flags
+            var flags = (currentUserGroup.flags)?currentUserGroup.flags:0; // Flags: 1 = Account Image, 2 = Session Recording
+            var f = flags & 1;
+            if ((serverinfo.userGroupsSessionRecording == 1) && Q('d51flag1').checked) { f += 2; }
+
+            // Setup user permission removal
+            var r = 0;
+            if (Q('d51flag7').checked) { r += 0x00000008; } else {
+                if (Q('d51flag2').checked) { r += 0x00010000; }
+                else if (Q('d51flag3').checked) { r += 0x00000100; }
+                if (Q('d51flag4').checked) { r += 0x00000200; }
+                if (Q('d51flag5').checked) { r += 0x00000400; }
+            }
+            if (Q('d51flag6').checked) { r += 0x00000010; }
+            if (Q('d51flag8').checked) { r += 0x00008000; }
+            if (Q('d51flag9').checked) { r += 0x00020000; }
+            if (Q('d51flag10').checked) { r += 0x00000040; }
+            if (Q('d51flag11').checked) { r += 0x00040000; }
+            meshserver.send({ action: 'editusergroup', ugrpid: currentUserGroup._id, flags: f, removeRights: r });
+        }
+
+        /*
         function p51edituserGroupFeatures() {
             if (xxdialogMode) return;
             var flags = (currentUserGroup.flags)?currentUserGroup.flags:0, x = ''; // Flags: 2 = Session Recording
@@ -13977,6 +14041,7 @@
             if ((serverinfo.userGroupsSessionRecording == 1) && Q('d51flag1').checked) { f += 2; }
             meshserver.send({ action: 'editusergroup', ugrpid: currentUserGroup._id, flags: f });
         }
+        */
 
         function p51removeDeviceFromUserGroup(e, nodeid) {
             if (xxdialogMode) return;