From 288e42ad2cb4af14dd24678c02e46d5be810299f Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Sat, 26 Oct 2019 10:57:40 -0700 Subject: [PATCH] Fixed self device group permission change and agent group uninstall. --- meshuser.js | 16 +++++++++------- package.json | 2 +- views/default-min.handlebars | 3 +-- views/default.handlebars | 3 +-- views/translations/default-min_fr.handlebars | 3 +-- views/translations/default_fr.handlebars | 3 +-- 6 files changed, 14 insertions(+), 16 deletions(-) diff --git a/meshuser.js b/meshuser.js index 3a605672..8d817960 100644 --- a/meshuser.js +++ b/meshuser.js @@ -1838,6 +1838,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use for (var i in command.usernames) { // Check if the user exists var newuserid = 'user/' + domain.id + '/' + command.usernames[i].toLowerCase(), newuser = parent.users[newuserid]; + if (newuserid == obj.user._id) { continue; } // Can't add or modify self if (newuser != null) { // Add mesh to user if (newuser.links == null) newuser.links = {}; @@ -1872,18 +1873,19 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use { var err = null; try { - if (common.validateString(command.userid, 1, 1024) == false) { err = 'Invalid userid'; } // Check userid - if (common.validateString(command.meshid, 1, 1024) == false) { err = 'Invalid groupid'; } // Check meshid + if (common.validateString(command.userid, 1, 1024) == false) { err = "Invalid userid"; } // Check userid + if (common.validateString(command.meshid, 1, 1024) == false) { err = "Invalid groupid"; } // Check meshid if (command.userid.indexOf('/') == -1) { command.userid = 'user/' + domain.id + '/' + command.userid; } - if ((command.userid.split('/').length != 3) || (command.userid.split('/')[1] != domain.id)) { err = 'Invalid userid'; } // Invalid domain, operation only valid for current domain + if (command.userid == obj.user._id) { err = "Can't remove self"; } // Can't add of modify self + if ((command.userid.split('/').length != 3) || (command.userid.split('/')[1] != domain.id)) { err = "Invalid userid"; } // Invalid domain, operation only valid for current domain else { if (command.meshid.indexOf('/') == -1) { command.meshid = 'mesh/' + domain.id + '/' + command.meshid; } mesh = parent.meshes[command.meshid]; - if (mesh == null) { err = 'Unknown device group'; } - else if (mesh.links[user._id] == null || ((mesh.links[user._id].rights & 2) == 0)) { err = 'Permission denied'; } - else if ((command.meshid.split('/').length != 3) || (command.meshid.split('/')[1] != domain.id)) { err = 'Invalid domain'; } // Invalid domain, operation only valid for current domain + if (mesh == null) { err = "Unknown device group"; } + else if (mesh.links[user._id] == null || ((mesh.links[user._id].rights & 2) == 0)) { err = "Permission denied"; } + else if ((command.meshid.split('/').length != 3) || (command.meshid.split('/')[1] != domain.id)) { err = "Invalid domain"; } // Invalid domain, operation only valid for current domain } - } catch (ex) { err = 'Validation exception: ' + ex; } + } catch (ex) { err = "Validation exception: " + ex; } // Handle any errors if (err != null) { diff --git a/package.json b/package.json index fce418af..47001b91 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "meshcentral", - "version": "0.4.3-f", + "version": "0.4.3-g", "keywords": [ "Remote Management", "Intel AMT", diff --git a/views/default-min.handlebars b/views/default-min.handlebars index 7c7f8939..e600d086 100644 --- a/views/default-min.handlebars +++ b/views/default-min.handlebars @@ -2349,11 +2349,10 @@ } function groupActionFunction() { - var addedOptions = ''; + var addedOptions = '', nodeids = getCheckedDevices(); // Check if any of the selected devices have a MQTT connection active if (features & 0x00400000) { - var nodeids = getCheckedDevices(); for (var i in nodeids) { if ((getNodeFromId(nodeids[i]).conn & 16) != 0) { addedOptions += ''; break; } } } diff --git a/views/default.handlebars b/views/default.handlebars index 4b8748fe..8070a790 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -3331,11 +3331,10 @@ } function groupActionFunction() { - var addedOptions = ''; + var addedOptions = '', nodeids = getCheckedDevices(); // Check if any of the selected devices have a MQTT connection active if (features & 0x00400000) { - var nodeids = getCheckedDevices(); for (var i in nodeids) { if ((getNodeFromId(nodeids[i]).conn & 16) != 0) { addedOptions += ''; break; } } } diff --git a/views/translations/default-min_fr.handlebars b/views/translations/default-min_fr.handlebars index b3559e19..e881b2d2 100644 --- a/views/translations/default-min_fr.handlebars +++ b/views/translations/default-min_fr.handlebars @@ -2349,11 +2349,10 @@ } function groupActionFunction() { - var addedOptions = ''; + var addedOptions = '', nodeids = getCheckedDevices(); // Check if any of the selected devices have a MQTT connection active if (features & 0x00400000) { - var nodeids = getCheckedDevices(); for (var i in nodeids) { if ((getNodeFromId(nodeids[i]).conn & 16) != 0) { addedOptions += ''; break; } } } diff --git a/views/translations/default_fr.handlebars b/views/translations/default_fr.handlebars index 109103e1..c1876329 100644 --- a/views/translations/default_fr.handlebars +++ b/views/translations/default_fr.handlebars @@ -3329,11 +3329,10 @@ } function groupActionFunction() { - var addedOptions = ''; + var addedOptions = '', nodeids = getCheckedDevices(); // Check if any of the selected devices have a MQTT connection active if (features & 0x00400000) { - var nodeids = getCheckedDevices(); for (var i in nodeids) { if ((getNodeFromId(nodeids[i]).conn & 16) != 0) { addedOptions += ''; break; } } }