mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-25 14:45:52 -05:00
More user group UI improvements.
This commit is contained in:
parent
86fe9085a8
commit
3ff0a11f6a
@ -149,8 +149,8 @@ module.exports.unEscapeFieldName = function (name) { if (name.indexOf('%') == -1
|
||||
// Escape all links
|
||||
module.exports.escapeLinksFieldName = function (docx) { var doc = Object.assign({}, docx); if (doc.links != null) { doc.links = Object.assign({}, doc.links); for (var i in doc.links) { var ue = module.exports.escapeFieldName(i); if (ue !== i) { doc.links[ue] = doc.links[i]; delete doc.links[i]; } } } return doc; };
|
||||
module.exports.unEscapeLinksFieldName = function (doc) { if (doc.links != null) { for (var j in doc.links) { var ue = module.exports.unEscapeFieldName(j); if (ue !== j) { doc.links[ue] = doc.links[j]; delete doc.links[j]; } } } return doc; };
|
||||
//module.exports.escapeAllLinksFieldName = function (docs) { for (var i in docs) { module.exports.escapeLinksFieldName(docs[i]); } };
|
||||
module.exports.unEscapeAllLinksFieldName = function (docs) { for (var i in docs) { docs[i] = module.exports.unEscapeLinksFieldName(docs[i]); } };
|
||||
//module.exports.escapeAllLinksFieldName = function (docs) { for (var i in docs) { module.exports.escapeLinksFieldName(docs[i]); } return docs; };
|
||||
module.exports.unEscapeAllLinksFieldName = function (docs) { for (var i in docs) { docs[i] = module.exports.unEscapeLinksFieldName(docs[i]); } return docs; };
|
||||
|
||||
// Validation methods
|
||||
module.exports.validateString = function (str, minlen, maxlen) { return ((str != null) && (typeof str == 'string') && ((minlen == null) || (str.length >= minlen)) && ((maxlen == null) || (str.length <= maxlen))); };
|
||||
|
144
meshuser.js
144
meshuser.js
@ -1199,9 +1199,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
var err = null;
|
||||
try {
|
||||
// Broadcast a message to all currently connected users.
|
||||
if ((user.siteadmin & 2) == 0) { err = 'Permission denied'; }
|
||||
else if (common.validateString(command.msg, 1, 512) == false) { err = 'Message is too long'; } // Notification message is between 1 and 256 characters
|
||||
} catch (ex) { err = 'Validation exception: ' + ex; }
|
||||
if ((user.siteadmin & 2) == 0) { err = "Permission denied"; }
|
||||
else if (common.validateString(command.msg, 1, 512) == false) { err = "Message is too long"; } // Notification message is between 1 and 256 characters
|
||||
} catch (ex) { err = "Validation exception: " + ex; }
|
||||
|
||||
// Handle any errors
|
||||
if (err != null) {
|
||||
@ -1210,23 +1210,25 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
|
||||
// Create the notification message
|
||||
var notification = { action: "msg", type: "notify", domain: domain.id, "value": command.msg, "title": user.name, icon: 0, tag: "broadcast" };
|
||||
var notification = { action: 'msg', type: 'notify', domain: domain.id, value: command.msg, title: user.name, icon: 0, tag: 'broadcast' };
|
||||
|
||||
// Send the notification on all user sessions for this server
|
||||
for (var i in parent.wssessions2) {
|
||||
try {
|
||||
if (parent.wssessions2[i].domainid == domain.id) {
|
||||
var sessionUser = parent.users[parent.wssessions2[i].userid];
|
||||
if ((command.target == null) || ((sessionUser.links) != null && (sessionUser.links[command.target] != null))) {
|
||||
if ((user.groups == null) || (user.groups.length == 0)) {
|
||||
// We are part of no user groups, send to everyone.
|
||||
parent.wssessions2[i].send(JSON.stringify(notification));
|
||||
} else {
|
||||
// We are part of user groups, only send to sessions of users in our groups.
|
||||
var sessionUser = parent.users[parent.wssessions2[i].userid];
|
||||
if ((sessionUser != null) && findOne(sessionUser.groups, user.groups)) {
|
||||
parent.wssessions2[i].send(JSON.stringify(notification));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (ex) { }
|
||||
}
|
||||
|
||||
@ -1478,7 +1480,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
|
||||
// Request a list of all user groups this user as rights to
|
||||
db.GetAllTypeNoTypeField('ugrp', domain.id, function (err, docs) {
|
||||
try { ws.send(JSON.stringify({ action: 'usergroups', ugroups: docs, tag: command.tag })); } catch (ex) { }
|
||||
try { ws.send(JSON.stringify({ action: 'usergroups', ugroups: common.unEscapeAllLinksFieldName(docs), tag: command.tag })); } catch (ex) { }
|
||||
});
|
||||
break;
|
||||
}
|
||||
@ -1493,7 +1495,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
else if ((parent.parent.mailserver != null) && (domain.auth != 'sspi') && (domain.auth != 'ldap') && (user.emailVerified !== true) && (user.siteadmin != 0xFFFFFFFF)) { err = 'Email verification required'; } // User must verify it's email first.
|
||||
|
||||
// Create user group
|
||||
else if (common.validateString(command.name, 1, 64) == false) { err = 'Invalid group name'; } // User group name is between 1 and 64 characters
|
||||
else if ((common.validateString(command.name, 1, 64) == false) || (command.name.indexOf(' ') >= 0)) { err = 'Invalid group name'; } // User group name is between 1 and 64 characters
|
||||
else if ((command.desc != null) && (common.validateString(command.desc, 0, 1024) == false)) { err = 'Invalid group description'; } // User group description is between 0 and 1024 characters
|
||||
} catch (ex) { err = 'Validation exception: ' + ex; }
|
||||
|
||||
@ -1532,8 +1534,24 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
|
||||
db.Get(command.ugrpid, function (err, groups) {
|
||||
if ((err != null) || (groups.length != 1)) return;
|
||||
var group = groups[0];
|
||||
var group = common.unEscapeLinksFieldName(groups[0]);
|
||||
|
||||
// Unlink any user that has a link to this group
|
||||
if (group.links) {
|
||||
for (var i in group.links) {
|
||||
var xuser = parent.users[i];
|
||||
if ((xuser != null) && (xuser.links != null)) {
|
||||
delete xuser.links[group._id];
|
||||
db.SetUser(xuser);
|
||||
parent.parent.DispatchEvent([xuser._id], obj, 'resubscribe');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Remove the user group from the database
|
||||
db.Remove(group._id);
|
||||
|
||||
// Event the user group being removed
|
||||
var event = { etype: 'ugrp', userid: user._id, username: user.name, ugrpid: group._id, action: 'deleteusergroup', msg: change, domain: domain.id };
|
||||
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
|
||||
parent.parent.DispatchEvent(['*', group._id, user._id], obj, event);
|
||||
@ -1551,9 +1569,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
|
||||
db.Get(command.ugrpid, function (err, groups) {
|
||||
if ((err != null) || (groups.length != 1)) return;
|
||||
var group = groups[0], change = '';
|
||||
var group = common.unEscapeLinksFieldName(groups[0]), change = '';
|
||||
|
||||
if ((common.validateString(command.name, 1, 64) == true) && (command.name != group.name)) { change = 'User group name changed from "' + group.name + '" to "' + command.name + '"'; group.name = command.name; }
|
||||
if ((common.validateString(command.name, 1, 64) == true) && (command.name != group.name) && (command.name.indexOf(' ') >= 0)) { change = 'User group name changed from "' + group.name + '" to "' + command.name + '"'; group.name = command.name; }
|
||||
if ((common.validateString(command.desc, 0, 1024) == true) && (command.desc != group.desc)) { if (change != '') change += ' and description changed'; else change += 'User group "' + group.name + '" description changed'; group.desc = command.desc; }
|
||||
if (change != '') {
|
||||
db.Set(common.escapeLinksFieldName(group));
|
||||
@ -1566,20 +1584,108 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
case 'addusertousergroup':
|
||||
{
|
||||
if ((user.siteadmin & SITERIGHT_USERGROUPS) == 0) { return; }
|
||||
|
||||
// Change the name or description of a user group
|
||||
if (common.validateString(command.ugrpid, 1, 1024) == false) break; // Check the user group id
|
||||
var err = null;
|
||||
try {
|
||||
if ((user.siteadmin & SITERIGHT_USERGROUPS) == 0) { err = 'Permission denied'; }
|
||||
else if (common.validateString(command.ugrpid, 1, 1024) == false) { err = 'Invalid groupid'; } // Check the meshid
|
||||
else if (common.validateStrArray(command.usernames, 1, 64) == false) { err = 'Invalid usernames'; } // Username is between 1 and 64 characters
|
||||
else {
|
||||
var ugroupidsplit = command.ugrpid.split('/');
|
||||
if ((ugroupidsplit.length != 3) || (ugroupidsplit[0] != 'ugrp') || (ugroupidsplit[1] != domain.id)) break;
|
||||
if ((ugroupidsplit.length != 3) || (ugroupidsplit[0] != 'ugrp') || (ugroupidsplit[1] != domain.id)) { err = 'Invalid groupid'; }
|
||||
}
|
||||
} catch (ex) { err = 'Validation exception: ' + ex; }
|
||||
|
||||
// Handle any errors
|
||||
if (err != null) {
|
||||
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'addusertousergroup', responseid: command.responseid, result: err })); } catch (ex) { } }
|
||||
break;
|
||||
}
|
||||
|
||||
db.Get(command.ugrpid, function (err, groups) {
|
||||
if ((err != null) || (groups.length != 1)) return;
|
||||
var group = groups[0];
|
||||
if ((err != null) || (groups.length != 1)) { try { ws.send(JSON.stringify({ action: 'addusertousergroup', responseid: command.responseid, result: 'Invalid groupid' })); } catch (ex) { } return; }
|
||||
var group = common.unEscapeLinksFieldName(groups[0]);
|
||||
if (group.links == null) { group.links = {}; }
|
||||
|
||||
// TODO
|
||||
console.log(command);
|
||||
var unknownUsers = [], addedCount = 0, failCount = 0;
|
||||
for (var i in command.usernames) {
|
||||
// Check if the user exists
|
||||
var newuserid = 'user/' + domain.id + '/' + command.usernames[i].toLowerCase(), newuser = parent.users[newuserid];
|
||||
if (newuser != null) {
|
||||
// Add mesh to user
|
||||
if (newuser.links == null) { newuser.links = {}; }
|
||||
newuser.links[group._id] = { rights: 1 };
|
||||
db.SetUser(newuser);
|
||||
parent.parent.DispatchEvent([newuser._id], obj, 'resubscribe');
|
||||
|
||||
// Add a user to the mesh
|
||||
group.links[newuserid] = { userid: newuser.id, name: newuser.name, rights: 1 };
|
||||
db.Set(common.escapeLinksFieldName(group));
|
||||
|
||||
// Notify mesh change
|
||||
var event = { etype: 'ugrp', userid: user._id, username: user.name, ugrpid: group._id, name: group.name, desc: group.desc, action: 'usergroupchange', links: group.links, msg: 'Added user ' + newuser.name + ' to user group ' + group.name, domain: domain.id };
|
||||
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the user group. Another event will come.
|
||||
parent.parent.DispatchEvent(['*', group._id, user._id, newuserid], obj, event);
|
||||
addedCount++;
|
||||
} else {
|
||||
unknownUsers.push(command.usernames[i]);
|
||||
failCount++;
|
||||
}
|
||||
}
|
||||
|
||||
if (unknownUsers.length > 0) {
|
||||
// Send error back, user not found.
|
||||
displayNotificationMessage('User' + ((unknownUsers.length > 1) ? 's' : '') + ' ' + EscapeHtml(unknownUsers.join(', ')) + ' not found.', 'Device Group', 'ServerNotify');
|
||||
}
|
||||
|
||||
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'addusertousergroup', responseid: command.responseid, result: 'ok', added: addedCount, failed: failCount })); } catch (ex) { } }
|
||||
});
|
||||
break;
|
||||
}
|
||||
case 'removeuserfromusergroup':
|
||||
{
|
||||
var err = null;
|
||||
try {
|
||||
if ((user.siteadmin & SITERIGHT_USERGROUPS) == 0) { err = 'Permission denied'; }
|
||||
else if (common.validateString(command.ugrpid, 1, 1024) == false) { err = 'Invalid groupid'; }
|
||||
else if (common.validateString(command.userid, 1, 256) == false) { err = 'Invalid userid'; }
|
||||
else {
|
||||
var ugroupidsplit = command.ugrpid.split('/');
|
||||
if ((ugroupidsplit.length != 3) || (ugroupidsplit[0] != 'ugrp') || (ugroupidsplit[1] != domain.id)) { err = 'Invalid groupid'; }
|
||||
}
|
||||
} catch (ex) { err = 'Validation exception: ' + ex; }
|
||||
|
||||
// Handle any errors
|
||||
if (err != null) {
|
||||
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'removeuserfromusergroup', responseid: command.responseid, result: err })); } catch (ex) { } }
|
||||
break;
|
||||
}
|
||||
|
||||
db.Get(command.ugrpid, function (err, groups) {
|
||||
if ((err != null) || (groups.length != 1)) { try { ws.send(JSON.stringify({ action: 'addusertousergroup', responseid: command.responseid, result: 'Invalid groupid' })); } catch (ex) { } return; }
|
||||
var group = common.unEscapeLinksFieldName(groups[0]);
|
||||
if (group.links == null) { group.links = {}; }
|
||||
|
||||
// Check if the user exists
|
||||
newuser = parent.users[command.userid];
|
||||
if (newuser != null) {
|
||||
var change = false;
|
||||
if ((newuser.links != null) && (newuser.links[command.ugrpid] != null)) { change = true; delete newuser.links[command.ugrpid]; }
|
||||
db.SetUser(newuser);
|
||||
parent.parent.DispatchEvent([newuser._id], obj, 'resubscribe');
|
||||
|
||||
// Remove the user from the group
|
||||
if ((group.links != null) && (group.links[command.userid] != null)) { change = true; delete group.links[command.userid]; }
|
||||
db.Set(common.escapeLinksFieldName(group));
|
||||
|
||||
// Notify mesh change
|
||||
if (change) {
|
||||
var event = { etype: 'ugrp', userid: user._id, username: user.name, ugrpid: group._id, name: group.name, desc: group.desc, action: 'usergroupchange', links: group.links, msg: 'Removed user ' + newuser.name + ' from user group ' + group.name, domain: domain.id };
|
||||
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the user group. Another event will come.
|
||||
parent.parent.DispatchEvent(['*', group._id, user._id, newuserid], obj, event);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
break;
|
||||
}
|
||||
case 'changemeshnotify':
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -8851,15 +8851,15 @@
|
||||
return false;
|
||||
}
|
||||
|
||||
function showUserBroadcastDialog() {
|
||||
function showUserBroadcastDialog(targetid) {
|
||||
if (xxdialogMode) return;
|
||||
var x = "Broadcast a message to all connected users." + '<textarea id=broadcastMessage value="" maxlength="256"/></textarea>';
|
||||
setDialogMode(2, "Broadcast Message", 3, showUserBroadcastDialogEx, x);
|
||||
setDialogMode(2, "Broadcast Message", 3, showUserBroadcastDialogEx, x, targetid?decodeURIComponent(targetid):null);
|
||||
Q('broadcastMessage').focus();
|
||||
}
|
||||
|
||||
function showUserBroadcastDialogEx() {
|
||||
meshserver.send({ action: 'userbroadcast', msg: Q('broadcastMessage').value });
|
||||
function showUserBroadcastDialogEx(b, targetid) {
|
||||
meshserver.send({ action: 'userbroadcast', msg: Q('broadcastMessage').value, target: targetid });
|
||||
}
|
||||
|
||||
function showCreateNewAccountDialog() {
|
||||
@ -9104,6 +9104,10 @@
|
||||
}
|
||||
x += '</table></div><br />';
|
||||
|
||||
if ((userinfo.siteadmin & 256) != 0) {
|
||||
x += '<input type=button value=\"' + "Broadcast" + '\" title=\"' + "Send a notice to all users in this group." + '\" onclick=showUserBroadcastDialog("' + encodeURIComponent(group._id) + '") />';
|
||||
}
|
||||
|
||||
// Setup the panel
|
||||
QH('p51group', x);
|
||||
|
||||
@ -9125,7 +9129,7 @@
|
||||
// Display all users for this mesh
|
||||
for (var i in sortedusers) {
|
||||
var trash = '<a href=# onclick=\'return p51deleteUser(event,"' + encodeURIComponent(sortedusers[i].id) + '")\' title=\"' + "Remove user rights to this device group" + '\" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>';
|
||||
x += '<tr tabindex=0 onclick=p20viewuser("' + encodeURIComponent(sortedusers[i].id) + '") onkeypress="if (event.key==\'Enter\') p20viewuser(\'' + encodeURIComponent(sortedusers[i].id) + '\')" style=cursor:pointer' + (((count % 2) == 0) ? ';background-color:#DDD' : '') + '><td><div title=\"' + "User" + '\" class=m2></div><div> ' + EscapeHtml(decodeURIComponent(sortedusers[i].name)) + '<div></div></div></td><td><div style=float:right>' + trash + '</div></td></tr>';
|
||||
x += '<tr ' + (((count % 2) == 0) ? 'style=background-color:#DDD' : '') + '><td><div title=\"' + "User" + '\" class=m2></div><div> ' + EscapeHtml(decodeURIComponent(sortedusers[i].name)) + '<div></div></div></td><td><div style=float:right>' + trash + '</div></td></tr>';
|
||||
++count;
|
||||
}
|
||||
|
||||
@ -9178,11 +9182,19 @@
|
||||
}
|
||||
|
||||
function p51deleteUser(e, id) {
|
||||
console.log('p51deleteUser', id);
|
||||
haltEvent(e);
|
||||
p51viewuserEx(2, decodeURIComponent(id));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
function p51viewuserEx(button, userid) {
|
||||
if (button != 2) return;
|
||||
var uname = userid.split('/')[2];
|
||||
if (users && users[userid]) { uname = users[userid].name; }
|
||||
if (userinfo._id == userid) { uname = userinfo.name; }
|
||||
setDialogMode(2, "Remote User", 3, p51viewuserEx2, format("Confirm removal of user {0}?", EscapeHtml(decodeURIComponent(uname))), userid);
|
||||
}
|
||||
function p51viewuserEx2(button, userid) { meshserver.send({ action: 'removeuserfromusergroup', ugrpid: currentUserGroup._id, userid: userid }); }
|
||||
|
||||
function p51showAddUserDialog() {
|
||||
if (xxdialogMode) return false;
|
||||
@ -9244,9 +9256,9 @@
|
||||
if (t == null) {
|
||||
var users = Q('dp51username').value.split(','), users2 = [];
|
||||
for (var i in users) { users2.push(users[i].trim()); }
|
||||
meshserver.send({ action: 'addusertousergroup', meshid: currentUserGroup._id, usernames: users2 });
|
||||
meshserver.send({ action: 'addusertousergroup', ugrpid: currentUserGroup._id, usernames: users2 });
|
||||
} else {
|
||||
meshserver.send({ action: 'addusertousergroup', meshid: currentUserGroup._id, usernames: [ t.split('/')[2] ] });
|
||||
meshserver.send({ action: 'addusertousergroup', ugrpid: currentUserGroup._id, usernames: [ t.split('/')[2] ] });
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user