MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow complete removal of My Server tab for a specific domain.

This commit is contained in:
Ylian Saint-Hilaire 2020-10-05 16:47:30 -07:00
parent 288c7865fc
commit 4f8aca1048
5 changed files with 39 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meshcentral-config-schema.json
View File

@ -176,7 +176,7 @@
"description": "https url when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like NGINX is used in front of MeshCentral."
},
"myServer": {
"type": "object",
"type": [ "object", "boolean" ],
"additionalProperties": false,
"properties": {
"Backup": { "type": "boolean", "default": true, "description": "Allows administrators to backup the server from the My Server tab." },

19
meshctrl.js
View File

@ -338,6 +338,7 @@ if (args['_'].length == 0) {
console.log(" --group [groupname] - Filter by group name (or --id).");
console.log(" --count - Only return the device count.");
console.log(" --json - Show result as JSON.");
console.log(" --csv - Show result as comma seperated values.");
break;
}
case 'listusersofdevicegroup': {
@ -1442,7 +1443,19 @@ function serverConnect() {
if ((data.result != null) && (data.result != 'ok')) {
console.log(data.result);
} else {
if (args.count) {
if (args.csv) {
// Return a flat list
var nodecount = 0;
for (var i in data.nodes) {
var devicesInMesh = data.nodes[i];
for (var j in devicesInMesh) {
var n = devicesInMesh[j];
nodecount++;
console.log('\"' + settings.xmeshes[i]._id.split('/')[2] + '\",\"' + settings.xmeshes[i].name.split('\"').join('') + '\",\"' + n._id.split('/')[2] + '\",\"' + n.name.split('\"').join('') + '\",' + (n.icon ? n.icon : 0) + ',' + (n.conn ? n.conn : 0) + ',' + (n.pwr ? n.pwr : 0));
}
}
if (nodecount == 0) { console.log('None'); }
} else if (args.count) {
// Return how many devices are in this group
var nodes = [];
for (var i in data.nodes) { var devicesInMesh = data.nodes[i]; for (var j in devicesInMesh) { nodes.push(devicesInMesh[j]); } }
@ -1457,12 +1470,12 @@ function serverConnect() {
var nodecount = 0;
for (var i in data.nodes) {
var devicesInMesh = data.nodes[i];
if (settings.xmeshes) { console.log('\r\nDevice group: \"' + settings.xmeshes[i].name + '\"'); }
if (settings.xmeshes) { console.log('\r\nDevice group: \"' + settings.xmeshes[i].name.split('\"').join('') + '\"'); }
console.log('id, name, icon, conn, pwr, ip\r\n-----------------------------');
for (var j in devicesInMesh) {
var n = devicesInMesh[j];
nodecount++;
console.log(n._id.split('/')[2] + ', \"' + n.name + '\", ' + (n.icon ? n.icon : 0) + ', ' + (n.conn ? n.conn : 0) + ', ' + (n.pwr ? n.pwr : 0));
console.log('\"' + n._id.split('/')[2] + '\", \"' + n.name.split('\"', '') + '\", ' + (n.icon ? n.icon : 0) + ', ' + (n.conn ? n.conn : 0) + ', ' + (n.pwr ? n.pwr : 0));
}
}
if (nodecount == 0) { console.log('None'); }

22
meshuser.js
View File

@ -472,7 +472,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if (user.siteadmin === SITERIGHT_ADMIN) {
// Check if tracing is allowed for this domain
if ((domain.myserver == null) || (domain.myserver.trace === true)) {
if ((domain.myserver !== false) && ((domain.myserver == null) || (domain.myserver.trace === true))) {
// Send server tracing information
try { ws.send(JSON.stringify({ action: 'traceinfo', traceSources: parent.parent.debugRemoteSources })); } catch (ex) { }
}
@ -550,6 +550,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
}
case 'servertimelinestats':
{
// Only accept if the "My Server" tab is allowed for this domain
if (domain.myserver === false) break;
if ((user.siteadmin & 21) == 0) return; // Only site administrators with "site backup" or "site restore" or "site update" permissions can use this.
if (common.validateInt(command.hours, 0, 24 * 30) == false) return;
db.GetServerStats(command.hours, function (err, docs) {
@ -561,6 +564,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
}
case 'serverstats':
{
// Only accept if the "My Server" tab is allowed for this domain
if (domain.myserver === false) break;
if ((user.siteadmin & 21) == 0) return; // Only site administrators with "site backup" or "site restore" or "site update" permissions can use this.
if (common.validateInt(command.interval, 1000, 1000000) == false) {
// Clear the timer
@ -839,8 +845,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// This is a server console message, only process this if full administrator
if (user.siteadmin != SITERIGHT_ADMIN) break;
// Only accept is the console is allowed for this domain
if ((domain.myserver != null) && (domain.myserver.console !== true)) break;
// Only accept if the console is allowed for this domain
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.console !== true))) break;
var r = '';
var cmdargs = splitArgs(command.value);
@ -2639,7 +2645,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
{
// Check the server version
if ((user.siteadmin & 16) == 0) break;
if ((domain.myserver != null) && (domain.myserver.upgrade !== true)) break;
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.upgrade !== true))) break;
//parent.parent.getLatestServerVersion(function (currentVersion, latestVersion) { try { ws.send(JSON.stringify({ action: 'serverversion', current: currentVersion, latest: latestVersion })); } catch (ex) { } });
parent.parent.getServerTags(function (tags, err) { try { ws.send(JSON.stringify({ action: 'serverversion', tags: tags })); } catch (ex) { } });
break;
@ -2648,7 +2654,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
{
// Perform server update
if ((user.siteadmin & 16) == 0) break;
if ((domain.myserver != null) && (domain.myserver.upgrade !== true)) break;
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.upgrade !== true))) break;
if ((command.version != null) && (typeof command.version != 'string')) break;
parent.parent.performServerUpdate(command.version);
break;
@ -2657,7 +2663,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
{
// Load the server error log
if ((user.siteadmin & 16) == 0) break;
if ((domain.myserver != null) && (domain.myserver.errorlog !== true)) break;
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.errorlog !== true))) break;
fs.readFile(parent.parent.getConfigFilePath('mesherrors.txt'), 'utf8', function (err, data) { try { ws.send(JSON.stringify({ action: 'servererrors', data: data })); } catch (ex) { } });
break;
}
@ -4555,8 +4561,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
break;
}
case 'traceinfo': {
// Only accept is the tracing is allowed for this domain
if ((domain.myserver != null) && (domain.myserver.trace !== true)) break;
// Only accept if the tracing tab is allowed for this domain
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.trace !== true))) break;
if ((user.siteadmin === SITERIGHT_ADMIN) && (typeof command.traceSources == 'object')) {
parent.parent.debugRemoteSources = command.traceSources;

2
views/default.handlebars
View File

@ -1833,7 +1833,7 @@
//QV('p2AccountImage', ((features & 4) == 0) && (serverinfo.domainauth == false)); // If account actions are not visible, also remove the image on that panel
QV('p2AccountImage', !accountSettingsLocked)
QV('p2ServerActions', (siteRights & 21) && ((serverFeatures & 15) != 0));
QV('LeftMenuMyServer', siteRights & 21); // 16 + 4 + 1
QV('LeftMenuMyServer', (siteRights & 21) && ((serverFeatures & 64) != 0)); // 16 + 4 + 1
QV('MainMenuMyServer', siteRights & 21);
QV('p2ServerActionsBackup', (siteRights & 1) && ((serverFeatures & 1) != 0));
QV('p2ServerActionsRestore', (siteRights & 4) && ((serverFeatures & 2) != 0));

13
webserver.js
View File

@ -2371,8 +2371,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (domain.customui != null) { customui = encodeURIComponent(JSON.stringify(domain.customui)); }
// Server features
var serverFeatures = 63;
if (domain.myserver) {
var serverFeatures = 127;
if (domain.myserver === false) { serverFeatures = 0; } // 64 = Show "My Server" tab
else if (typeof domain.myserver == 'object') {
if (domain.myserver.backup !== true) { serverFeatures -= 1; } // Disallow simple server backups
if (domain.myserver.restore !== true) { serverFeatures -= 2; } // Disallow simple server restore
if (domain.myserver.upgrade !== true) { serverFeatures -= 4; } // Disallow server upgrade
@ -4063,7 +4064,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (domain == null) { return; }
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
if ((!req.session) || (req.session == null) || (!req.session.userid)) { res.sendStatus(401); return; }
if ((domain.myserver != null) && (domain.myserver.backup !== true)) { res.sendStatus(401); return; }
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.backup !== true))) { res.sendStatus(401); return; }
var user = obj.users[req.session.userid];
if ((user == null) || ((user.siteadmin & 1) == 0)) { res.sendStatus(401); return; } // Check if we have server backup rights
@ -4092,7 +4093,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
const domain = checkUserIpAddress(req, res);
if (domain == null) { return; }
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
if ((domain.myserver != null) && (domain.myserver.restore !== true)) { res.sendStatus(401); return; }
if ((domain.myserver === false) || ((domain.myserver != null) && (domain.myserver.restore !== true))) { res.sendStatus(401); return; }
var authUserid = null;
if ((req.session != null) && (typeof req.session.userid == 'string')) { authUserid = req.session.userid; }
@ -4818,8 +4819,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
obj.app.get(url, handleRootRequest);
obj.app.post(url, handleRootPostRequest);
obj.app.get(url + 'refresh.ashx', function (req, res) { res.sendStatus(200); });
if ((domain.myserver == null) || (domain.myserver.backup === true)) { obj.app.get(url + 'backup.zip', handleBackupRequest); }
if ((domain.myserver == null) || (domain.myserver.restore === true)) { obj.app.post(url + 'restoreserver.ashx', handleRestoreRequest); }
if ((domain.myserver !== false) && ((domain.myserver == null) || (domain.myserver.backup === true))) { obj.app.get(url + 'backup.zip', handleBackupRequest); }
if ((domain.myserver !== false) && ((domain.myserver == null) || (domain.myserver.restore === true))) { obj.app.post(url + 'restoreserver.ashx', handleRestoreRequest); }
obj.app.get(url + 'terms', handleTermsRequest);
obj.app.get(url + 'xterm', handleXTermRequest);
obj.app.post(url + 'login', handleLoginRequest);