Improved uicustomevent security and events, #3823
This commit is contained in:
parent
3e0b76d423
commit
5a81c84d67
18
meshuser.js
18
meshuser.js
|
@ -4244,6 +4244,23 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
break;
|
||||
}
|
||||
case 'uicustomevent': {
|
||||
if ((command.src != null) && (Array.isArray(command.src.selectedDevices))) {
|
||||
// Contains a list of nodeid's, check that we have permissions for them.
|
||||
parent.GetNodesWithRights(domain, user, command.src.selectedDevices, function (nodes) {
|
||||
var nodeids = [];
|
||||
for (var i in nodes) { nodeids.push(i); }
|
||||
if (nodeids.length == 0) return;
|
||||
|
||||
// Event the custom UI action
|
||||
var message = { etype: 'user', userid: user._id, username: user.name, action: 'uicustomevent', domain: domain.id, uisection: command.section, element: command.element };
|
||||
if (nodeids.length == 1) { message.nodeid = nodeids[0]; }
|
||||
if (command.selectedDevices != null) { message.selectedDevices = command.selectedDevices; }
|
||||
if (command.src != null) { message.src = command.src; }
|
||||
if (command.values != null) { message.values = command.values; }
|
||||
if (typeof command.logmsg == 'string') { message.msg = command.logmsg; } else { message.nolog = 1; }
|
||||
parent.parent.DispatchEvent(['*', user._id], obj, message);
|
||||
});
|
||||
} else {
|
||||
// Event the custom UI action
|
||||
var message = { etype: 'user', userid: user._id, username: user.name, action: 'uicustomevent', domain: domain.id, uisection: command.section, element: command.element };
|
||||
if (command.selectedDevices != null) { message.selectedDevices = command.selectedDevices; }
|
||||
|
@ -4251,6 +4268,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
if (command.values != null) { message.values = command.values; }
|
||||
if (typeof command.logmsg == 'string') { message.msg = command.logmsg; } else { message.nolog = 1; }
|
||||
parent.parent.DispatchEvent(['*', user._id], obj, message);
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'serverBackup': {
|
||||
|
|
|
@ -10597,9 +10597,13 @@
|
|||
if (xevent) {
|
||||
var x = '<div style=overflow-y:auto;max-height:300px>';
|
||||
for (var i in xevent) {
|
||||
if ((i == 'h') || (i == '_id') || (i == 'ids') || (i == 'domain') || (xevent[i] == null) || (typeof xevent[i] == 'object')) continue;
|
||||
if ((i == 'h') || (i == '_id') || (i == 'ids') || (i == 'domain') || (xevent[i] == null)) continue;
|
||||
if (typeof xevent[i] == 'object') {
|
||||
x += addHtmlValue3(EscapeHtml(i), EscapeHtml(JSON.stringify(xevent[i])));
|
||||
} else {
|
||||
x += addHtmlValue3(EscapeHtml(i), EscapeHtml(xevent[i]));
|
||||
}
|
||||
}
|
||||
x += '</div>';
|
||||
setDialogMode(2, "Event Details", 9, null, x);
|
||||
}
|
||||
|
|
12
webserver.js
12
webserver.js
|
@ -7158,6 +7158,18 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||
return rights;
|
||||
}
|
||||
|
||||
|
||||
// Return the node and rights for a array of nodeids
|
||||
obj.GetNodesWithRights = function (domain, user, nodeids, func) {
|
||||
var rc = nodeids.length, r = {};
|
||||
for (var i in nodeids) {
|
||||
obj.GetNodeWithRights(domain, user, nodeids[i], function (node, rights, visible) {
|
||||
if ((node != null) && (visible == true)) { r[node._id] = { node: node, rights: rights }; if (--rc == 0) { func(r); } }
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Return the node and rights for a given nodeid
|
||||
obj.GetNodeWithRights = function (domain, user, nodeid, func) {
|
||||
// Perform user pre-validation
|
||||
|
|
Loading…
Reference in New Issue