MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed users that manage all device groups.

This commit is contained in:
Ylian Saint-Hilaire 2020-09-09 16:17:00 -07:00
parent a369604b91
commit 33ac5bc783
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
webserver.js
View File

@ -5606,7 +5606,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Perform user pre-validation // Perform user pre-validation
if ((user == null) || (nodeid == null)) { func(null, 0, false); return; } // Invalid user if ((user == null) || (nodeid == null)) { func(null, 0, false); return; } // Invalid user
if (typeof user == 'string') { user = obj.users[user]; } if (typeof user == 'string') { user = obj.users[user]; }
if ((user == null) || (user.links == null)) { func(null, 0, false); return; } // No rights if (user == null) { func(null, 0, false); return; } // No rights
// Perform node pre-validation // Perform node pre-validation
if (obj.common.validateString(nodeid, 0, 128) == false) { func(null, 0, false); return; } // Invalid nodeid if (obj.common.validateString(nodeid, 0, 128) == false) { func(null, 0, false); return; } // Invalid nodeid
@ -5623,6 +5623,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
func(nodes[0], 0xFFFFFFFF, true); return; func(nodes[0], 0xFFFFFFFF, true); return;
} }
// If no links, stop here.
if (user.links == null) { func(null, 0, false); return; }
// Check device link // Check device link
var rights = 0, visible = false, r = user.links[nodeid]; var rights = 0, visible = false, r = user.links[nodeid];
if (r != null) { if (r != null) {
@ -5668,7 +5671,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Returns a list of all meshes that this user has some rights too // Returns a list of all meshes that this user has some rights too
obj.GetAllMeshWithRights = function (user, rights) { obj.GetAllMeshWithRights = function (user, rights) {
if (typeof user == 'string') { user = obj.users[user]; } if (typeof user == 'string') { user = obj.users[user]; }
if ((user == null) || (user.links == null)) { return []; } if (user == null) { return []; }
var r = []; var r = [];
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) { if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) {
@ -5677,6 +5680,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
for (var i in obj.meshes) { if ((obj.meshes[i]._id.startsWith(meshStartStr)) && (obj.meshes[i].deleted == null)) { r.push(obj.meshes[i]); } } for (var i in obj.meshes) { if ((obj.meshes[i]._id.startsWith(meshStartStr)) && (obj.meshes[i].deleted == null)) { r.push(obj.meshes[i]); } }
return r; return r;
} }
if (user.links == null) { return []; }
for (var i in user.links) { for (var i in user.links) {
if (i.startsWith('mesh/')) { if (i.startsWith('mesh/')) {
// Grant access to a device group thru a direct link // Grant access to a device group thru a direct link
@ -5705,7 +5709,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Returns a list of all mesh id's that this user has some rights too // Returns a list of all mesh id's that this user has some rights too
obj.GetAllMeshIdWithRights = function (user, rights) { obj.GetAllMeshIdWithRights = function (user, rights) {
if (typeof user == 'string') { user = obj.users[user]; } if (typeof user == 'string') { user = obj.users[user]; }
if ((user == null) || (user.links == null)) { return []; } if (user == null) { return []; }
var r = []; var r = [];
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) { if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) {
// This is a super user that can see all device groups for a given domain // This is a super user that can see all device groups for a given domain
@ -5713,6 +5717,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
for (var i in obj.meshes) { if ((obj.meshes[i]._id.startsWith(meshStartStr)) && (obj.meshes[i].deleted == null)) { r.push(obj.meshes[i]._id); } } for (var i in obj.meshes) { if ((obj.meshes[i]._id.startsWith(meshStartStr)) && (obj.meshes[i].deleted == null)) { r.push(obj.meshes[i]._id); } }
return r; return r;
} }
if (user.links == null) { return []; }
for (var i in user.links) { for (var i in user.links) {
if (i.startsWith('mesh/')) { if (i.startsWith('mesh/')) {
// Grant access to a device group thru a direct link // Grant access to a device group thru a direct link
@ -5742,7 +5747,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
obj.GetMeshRights = function (user, mesh) { obj.GetMeshRights = function (user, mesh) {
if ((user == null) || (mesh == null)) { return 0; } if ((user == null) || (mesh == null)) { return 0; }
if (typeof user == 'string') { user = obj.users[user]; } if (typeof user == 'string') { user = obj.users[user]; }
if ((user == null) || (user.links == null)) { return 0; } if (user == null) { return 0; }
var r, meshid; var r, meshid;
if (typeof mesh == 'string') { if (typeof mesh == 'string') {
meshid = mesh; meshid = mesh;
@ -5754,6 +5759,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return 0xFFFFFFFF; } if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return 0xFFFFFFFF; }
// Check direct user to device group permissions // Check direct user to device group permissions
if (user.links == null) return 0;
var rights = 0; var rights = 0;
r = user.links[meshid]; r = user.links[meshid];
if (r != null) { if (r != null) {
@ -5786,7 +5792,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
obj.IsMeshViewable = function (user, mesh) { obj.IsMeshViewable = function (user, mesh) {
if ((user == null) || (mesh == null)) { return false; } if ((user == null) || (mesh == null)) { return false; }
if (typeof user == 'string') { user = obj.users[user]; } if (typeof user == 'string') { user = obj.users[user]; }
if ((user == null) || (user.links == null)) { return false; } if (user == null) { return false; }
var meshid; var meshid;
if (typeof mesh == 'string') { if (typeof mesh == 'string') {
meshid = mesh; meshid = mesh;
@ -5798,6 +5804,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return true; } if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return true; }
// Check direct user to device group permissions // Check direct user to device group permissions
if (user.links == null) { return false; }
if (user.links[meshid] != null) { return true; } // If the user has a direct link, stop here. if (user.links[meshid] != null) { return true; } // If the user has a direct link, stop here.
// Check if we are part of any user groups that would give this user visibility to this device group. // Check if we are part of any user groups that would give this user visibility to this device group.