mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-22 22:17:31 +03:00
Allow complete removal of My Server tab for a specific domain.
This commit is contained in:
parent
9b1ba8d253
commit
ac772f6f4b
@ -176,7 +176,7 @@
|
||||
"description": "https url when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like NGINX is used in front of MeshCentral."
|
||||
},
|
||||
"myServer": {
|
||||
"type": "object",
|
||||
"type": [ "object", "boolean" ],
|
||||
"additionalProperties": false,
|
||||
"properties": {
|
||||
"Backup": { "type": "boolean", "default": true, "description": "Allows administrators to backup the server from the My Server tab." },
|
||||
|
19
meshctrl.js
19
meshctrl.js
@ -338,6 +338,7 @@ if (args['_'].length == 0) {
|
||||
console.log(" --group [groupname] - Filter by group name (or --id).");
|
||||
console.log(" --count - Only return the device count.");
|
||||
console.log(" --json - Show result as JSON.");
|
||||
console.log(" --csv - Show result as comma seperated values.");
|
||||
break;
|
||||
}
|
||||
case 'listusersofdevicegroup': {
|
||||
@ -1442,7 +1443,19 @@ function serverConnect() {
|
||||
if ((data.result != null) && (data.result != 'ok')) {
|
||||
console.log(data.result);
|
||||
} else {
|
||||
if (args.count) {
|
||||
if (args.csv) {
|
||||
// Return a flat list
|
||||
var nodecount = 0;
|
||||
for (var i in data.nodes) {
|
||||
var devicesInMesh = data.nodes[i];
|
||||
for (var j in devicesInMesh) {
|
||||
var n = devicesInMesh[j];
|
||||
nodecount++;
|
||||
console.log('\"' + settings.xmeshes[i]._id.split('/')[2] + '\",\"' + settings.xmeshes[i].name.split('\"').join('') + '\",\"' + n._id.split('/')[2] + '\",\"' + n.name.split('\"').join('') + '\",' + (n.icon ? n.icon : 0) + ',' + (n.conn ? n.conn : 0) + ',' + (n.pwr ? n.pwr : 0));
|
||||
}
|
||||
}
|
||||
if (nodecount == 0) { console.log('None'); }
|
||||
} else if (args.count) {
|
||||
// Return how many devices are in this group
|
||||
var nodes = [];
|
||||
for (var i in data.nodes) { var devicesInMesh = data.nodes[i]; for (var j in devicesInMesh) { nodes.push(devicesInMesh[j]); } }
|
||||
@ -1457,12 +1470,12 @@ function serverConnect() {
|
||||
var nodecount = 0;
|
||||
for (var i in data.nodes) {
|
||||
var devicesInMesh = data.nodes[i];
|
||||
if (settings.xmeshes) { console.log('\r\nDevice group: \"' + settings.xmeshes[i].name + '\"'); }
|
||||
if (settings.xmeshes) { console.log('\r\nDevice group: \"' + settings.xmeshes[i].name.split('\"').join('') + '\"'); }
|
||||
console.log('id, name, icon, conn, pwr, ip\r\n-----------------------------');
|
||||
for (var j in devicesInMesh) {
|
||||
var n = devicesInMesh[j];
|
||||
nodecount++;
|
||||
console.log(n._id.split('/')[2] + ', \"' + n.name + '\", ' + (n.icon ? n.icon : 0) + ', ' + (n.conn ? n.conn : 0) + ', ' + (n.pwr ? n.pwr : 0));
|
||||
console.log('\"' + n._id.split('/')[2] + '\", \"' + n.name.split('\"', '') + '\", ' + (n.icon ? n.icon : 0) + ', ' + (n.conn ? n.conn : 0) + ', ' + (n.pwr ? n.pwr : 0));
|
||||
}
|
||||
}
|
||||
if (nodecount == 0) { console.log('None'); }
|
||||
|
22
meshuser.js
22
meshuser.js
@ -472,7 +472,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
|
||||
if (user.siteadmin === SITERIGHT_ADMIN) {
|
||||
// Check if tracing is allowed for this domain
|
||||
if ((domain.myserver == null) || (domain.myserver.trace === true)) {
|
||||
if ((domain.myserver !== false) && ((domain.myserver == null) || (domain.myserver.trace === true))) {
|
||||
// Send server tracing information
|
||||
try { ws.send(JSON.stringify({ action: 'traceinfo', traceSources: parent.parent.debugRemoteSources })); } catch (ex) { }
|
||||
}
|
||||
@ -550,6 +550,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
case 'servertimelinestats':
|
||||
{
|
||||
// Only accept if the "My Server" tab is allowed for this domain
|
||||
if (domain.myserver === false) break;
|
||||
|
||||
if ((user.siteadmin & 21) == 0) return; // Only site administrators with "site backup" or "site restore" or "site update" permissions can use this.
|
||||
if (common.validateInt(command.hours, 0, 24 * 30) == false) return;
|
||||
db.GetServerStats(command.hours, function (err, docs) {
|
||||
@ -561,6 +564,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
case 'serverstats':
|
||||
{
|
||||
// Only accept if the "My Server" tab is allowed for this domain
|
||||
if (domain.myserver === false) break;
|
||||
|
||||
if ((user.siteadmin & 21) == 0) return; // Only site administrators with "site backup" or "site restore" or "site update" permissions can use this.
|
||||
if (common.validateInt(command.interval, 1000, 1000000) == false) {
|
||||
// Clear the timer
|
||||
@ -839,8 +845,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
// This is a server console message, only process this if full administrator
|
||||
if (user.siteadmin != SITERIGHT_ADMIN) break;
|
||||
|
||||
// Only accept is the console is allowed for this domain
|
||||
if ((domain.myserver != null) && (domain.myserver.console !== true)) break;
|
||||
// Only accept if the console is allowed for this domain
|
||||
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.console !== true))) break;
|
||||
|
||||
var r = '';
|
||||
var cmdargs = splitArgs(command.value);
|
||||
@ -2639,7 +2645,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
{
|
||||
// Check the server version
|
||||
if ((user.siteadmin & 16) == 0) break;
|
||||
if ((domain.myserver != null) && (domain.myserver.upgrade !== true)) break;
|
||||
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.upgrade !== true))) break;
|
||||
//parent.parent.getLatestServerVersion(function (currentVersion, latestVersion) { try { ws.send(JSON.stringify({ action: 'serverversion', current: currentVersion, latest: latestVersion })); } catch (ex) { } });
|
||||
parent.parent.getServerTags(function (tags, err) { try { ws.send(JSON.stringify({ action: 'serverversion', tags: tags })); } catch (ex) { } });
|
||||
break;
|
||||
@ -2648,7 +2654,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
{
|
||||
// Perform server update
|
||||
if ((user.siteadmin & 16) == 0) break;
|
||||
if ((domain.myserver != null) && (domain.myserver.upgrade !== true)) break;
|
||||
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.upgrade !== true))) break;
|
||||
if ((command.version != null) && (typeof command.version != 'string')) break;
|
||||
parent.parent.performServerUpdate(command.version);
|
||||
break;
|
||||
@ -2657,7 +2663,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
{
|
||||
// Load the server error log
|
||||
if ((user.siteadmin & 16) == 0) break;
|
||||
if ((domain.myserver != null) && (domain.myserver.errorlog !== true)) break;
|
||||
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.errorlog !== true))) break;
|
||||
fs.readFile(parent.parent.getConfigFilePath('mesherrors.txt'), 'utf8', function (err, data) { try { ws.send(JSON.stringify({ action: 'servererrors', data: data })); } catch (ex) { } });
|
||||
break;
|
||||
}
|
||||
@ -4555,8 +4561,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
break;
|
||||
}
|
||||
case 'traceinfo': {
|
||||
// Only accept is the tracing is allowed for this domain
|
||||
if ((domain.myserver != null) && (domain.myserver.trace !== true)) break;
|
||||
// Only accept if the tracing tab is allowed for this domain
|
||||
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.trace !== true))) break;
|
||||
|
||||
if ((user.siteadmin === SITERIGHT_ADMIN) && (typeof command.traceSources == 'object')) {
|
||||
parent.parent.debugRemoteSources = command.traceSources;
|
||||
|
@ -1833,7 +1833,7 @@
|
||||
//QV('p2AccountImage', ((features & 4) == 0) && (serverinfo.domainauth == false)); // If account actions are not visible, also remove the image on that panel
|
||||
QV('p2AccountImage', !accountSettingsLocked)
|
||||
QV('p2ServerActions', (siteRights & 21) && ((serverFeatures & 15) != 0));
|
||||
QV('LeftMenuMyServer', siteRights & 21); // 16 + 4 + 1
|
||||
QV('LeftMenuMyServer', (siteRights & 21) && ((serverFeatures & 64) != 0)); // 16 + 4 + 1
|
||||
QV('MainMenuMyServer', siteRights & 21);
|
||||
QV('p2ServerActionsBackup', (siteRights & 1) && ((serverFeatures & 1) != 0));
|
||||
QV('p2ServerActionsRestore', (siteRights & 4) && ((serverFeatures & 2) != 0));
|
||||
|
13
webserver.js
13
webserver.js
@ -2371,8 +2371,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
if (domain.customui != null) { customui = encodeURIComponent(JSON.stringify(domain.customui)); }
|
||||
|
||||
// Server features
|
||||
var serverFeatures = 63;
|
||||
if (domain.myserver) {
|
||||
var serverFeatures = 127;
|
||||
if (domain.myserver === false) { serverFeatures = 0; } // 64 = Show "My Server" tab
|
||||
else if (typeof domain.myserver == 'object') {
|
||||
if (domain.myserver.backup !== true) { serverFeatures -= 1; } // Disallow simple server backups
|
||||
if (domain.myserver.restore !== true) { serverFeatures -= 2; } // Disallow simple server restore
|
||||
if (domain.myserver.upgrade !== true) { serverFeatures -= 4; } // Disallow server upgrade
|
||||
@ -4063,7 +4064,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
if (domain == null) { return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
if ((!req.session) || (req.session == null) || (!req.session.userid)) { res.sendStatus(401); return; }
|
||||
if ((domain.myserver != null) && (domain.myserver.backup !== true)) { res.sendStatus(401); return; }
|
||||
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.backup !== true))) { res.sendStatus(401); return; }
|
||||
|
||||
var user = obj.users[req.session.userid];
|
||||
if ((user == null) || ((user.siteadmin & 1) == 0)) { res.sendStatus(401); return; } // Check if we have server backup rights
|
||||
@ -4092,7 +4093,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
const domain = checkUserIpAddress(req, res);
|
||||
if (domain == null) { return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
if ((domain.myserver != null) && (domain.myserver.restore !== true)) { res.sendStatus(401); return; }
|
||||
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.restore !== true))) { res.sendStatus(401); return; }
|
||||
|
||||
var authUserid = null;
|
||||
if ((req.session != null) && (typeof req.session.userid == 'string')) { authUserid = req.session.userid; }
|
||||
@ -4818,8 +4819,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
obj.app.get(url, handleRootRequest);
|
||||
obj.app.post(url, handleRootPostRequest);
|
||||
obj.app.get(url + 'refresh.ashx', function (req, res) { res.sendStatus(200); });
|
||||
if ((domain.myserver == null) || (domain.myserver.backup === true)) { obj.app.get(url + 'backup.zip', handleBackupRequest); }
|
||||
if ((domain.myserver == null) || (domain.myserver.restore === true)) { obj.app.post(url + 'restoreserver.ashx', handleRestoreRequest); }
|
||||
if ((domain.myserver !== false) && ((domain.myserver == null) || (domain.myserver.backup === true))) { obj.app.get(url + 'backup.zip', handleBackupRequest); }
|
||||
if ((domain.myserver !== false) && ((domain.myserver == null) || (domain.myserver.restore === true))) { obj.app.post(url + 'restoreserver.ashx', handleRestoreRequest); }
|
||||
obj.app.get(url + 'terms', handleTermsRequest);
|
||||
obj.app.get(url + 'xterm', handleXTermRequest);
|
||||
obj.app.post(url + 'login', handleLoginRequest);
|
||||
|
Loading…
Reference in New Issue
Block a user