Merge pull request #2 from Ylianst/master

Latest Code
This commit is contained in:
MordyT 2020-03-17 16:54:32 -05:00 committed by GitHub
commit 5ae2857a25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 540 additions and 478 deletions

View File

@ -1983,7 +1983,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
case 'changeuserpass': case 'changeuserpass':
{ {
// Change a user's password // Change a user's password
if (user.siteadmin != 0xFFFFFFFF) break; if ((user.siteadmin & 2) == 0) break;
if (common.validateString(command.userid, 1, 256) == false) break; if (common.validateString(command.userid, 1, 256) == false) break;
if (common.validateString(command.pass, 0, 256) == false) break; if (common.validateString(command.pass, 0, 256) == false) break;
if ((command.hint != null) && (common.validateString(command.hint, 0, 256) == false)) break; if ((command.hint != null) && (common.validateString(command.hint, 0, 256) == false)) break;
@ -1992,6 +1992,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
var chguser = parent.users[command.userid]; var chguser = parent.users[command.userid];
if (chguser) { if (chguser) {
// If we are not full administrator, we can't change anything on a different full administrator
if ((user.siteadmin != 0xFFFFFFFF) & (chguser.siteadmin == 0xFFFFFFFF)) break;
// Can only perform this operation on other users of our group. // Can only perform this operation on other users of our group.
if ((user.groups != null) && (user.groups.length > 0) && ((chguser.groups == null) || (findOne(chguser.groups, user.groups) == false))) break; if ((user.groups != null) && (user.groups.length > 0) && ((chguser.groups == null) || (findOne(chguser.groups, user.groups) == false))) break;
@ -2273,6 +2276,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if ((common.validateInt(command.flags) == true) && (command.flags != mesh.flags)) { if (change != '') change += ' and flags changed'; else change += 'Group "' + mesh.name + '" flags changed'; mesh.flags = command.flags; } if ((common.validateInt(command.flags) == true) && (command.flags != mesh.flags)) { if (change != '') change += ' and flags changed'; else change += 'Group "' + mesh.name + '" flags changed'; mesh.flags = command.flags; }
if ((common.validateInt(command.consent) == true) && (command.consent != mesh.consent)) { if (change != '') change += ' and consent changed'; else change += 'Group "' + mesh.name + '" consent changed'; mesh.consent = command.consent; } if ((common.validateInt(command.consent) == true) && (command.consent != mesh.consent)) { if (change != '') change += ' and consent changed'; else change += 'Group "' + mesh.name + '" consent changed'; mesh.consent = command.consent; }
// See if we need to change device group invitation codes
if (mesh.mtype == 2) {
if (command.invite === '*') { if (command.invite === '*') {
// Clear invite codes // Clear invite codes
if (mesh.invite != null) { delete mesh.invite; } if (mesh.invite != null) { delete mesh.invite; }
@ -2280,10 +2285,23 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} else if (typeof command.invite === 'object') { } else if (typeof command.invite === 'object') {
// Set invite codes // Set invite codes
if ((mesh.invite == null) || (mesh.invite.codes != command.invite.codes) || (mesh.invite.flags != command.invite.flags)) { if ((mesh.invite == null) || (mesh.invite.codes != command.invite.codes) || (mesh.invite.flags != command.invite.flags)) {
// Check if an invite code is not already in use.
var dup = null;
for (var i in command.invite.codes) {
for (var j in parent.meshes) {
if ((j != command.meshid) && (parent.meshes[j].invite != null) && (parent.meshes[j].invite.codes.indexOf(command.invite.codes[i]) >= 0)) { dup = command.invite.codes[i]; break; }
}
}
if (dup != null) {
// A duplicate was found, don't allow this change.
displayNotificationMessage('Error, invite code \"' + dup + '\" already in use.', 'Invite Codes');
return;
}
mesh.invite = { codes: command.invite.codes, flags: command.invite.flags }; mesh.invite = { codes: command.invite.codes, flags: command.invite.flags };
if (change != '') { change += ' and invite code changed'; } else { change += 'Group "' + mesh.name + '" invite code changed'; } if (change != '') { change += ' and invite code changed'; } else { change += 'Group "' + mesh.name + '" invite code changed'; }
} }
} }
}
if (change != '') { if (change != '') {
db.Set(common.escapeLinksFieldName(mesh)); db.Set(common.escapeLinksFieldName(mesh));

View File

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "0.5.0-h", "version": "0.5.0-i",
"keywords": [ "keywords": [
"Remote Management", "Remote Management",
"Intel AMT", "Intel AMT",

View File

@ -47,8 +47,8 @@
"name": "Local server name", "name": "Local server name",
"info": "Information about this server" "info": "Information about this server"
}, },
"_TlsOffload": true, "_TlsOffload": "127.0.0.1",
"_trustedproxy": true, "_TrustedProxy": "127.0.0.1",
"_MpsPort": 44330, "_MpsPort": 44330,
"_MpsAliasPort": 4433, "_MpsAliasPort": 4433,
"_MpsAliasHost": "mps.mydomain.com", "_MpsAliasHost": "mps.mydomain.com",

File diff suppressed because it is too large Load Diff

View File

@ -8147,10 +8147,9 @@
x += addHtmlValue("Notifications", addLink(meshNotifyStr.join(', '), 'p20editMeshNotify()')); x += addHtmlValue("Notifications", addLink(meshNotifyStr.join(', '), 'p20editMeshNotify()'));
// Display invitation codes // Display invitation codes
if (features & 0x01000000) { if ((features & 0x01000000) && (currentMesh.mtype == 2)) {
var inviteCodeStr = '<i>' + "None" + '</i>', icodes = false; var inviteCodeStr = '<i>' + "None" + '</i>', icodes = false;
if (currentMesh.invite != null) { icodes = true; inviteCodeStr = currentMesh.invite.codes.join(', '); /* + ', ' + currentMesh.invite.flags;*/ } if (currentMesh.invite != null) { icodes = true; inviteCodeStr = currentMesh.invite.codes.join(', '); /* + ', ' + currentMesh.invite.flags;*/ }
//x += addHtmlValue("Invite Codes", addLink(inviteCodeStr, 'p20editmeshInviteCode()'));
x += addHtmlValue("Invite Codes", addLinkConditional(inviteCodeStr, 'p20editmeshInviteCode()', (meshrights & 1) || (icodes))); x += addHtmlValue("Invite Codes", addLinkConditional(inviteCodeStr, 'p20editmeshInviteCode()', (meshrights & 1) || (icodes)));
} }
@ -10065,7 +10064,7 @@
x = '<div style=float:right;font-size:x-small>'; x = '<div style=float:right;font-size:x-small>';
if (deletePossible) x += '<a href=# style=cursor:pointer onclick=\'return p30showDeleteUserDialog()\' title="Remove this user">' + "Delete User" + '</a>'; if (deletePossible) x += '<a href=# style=cursor:pointer onclick=\'return p30showDeleteUserDialog()\' title="Remove this user">' + "Delete User" + '</a>';
x += '</div><div style=font-size:x-small>'; x += '</div><div style=font-size:x-small>';
if (userinfo.siteadmin == 0xFFFFFFFF) x += '<a href=# style=cursor:pointer onclick=\'return p30showUserChangePassDialog(' + multiFactor + ')\' title="' + "Change the password for this user" + '">' + "Change Password" + '</a>'; if (((userinfo.siteadmin & 2) && (user.siteadmin != 0xFFFFFFFF)) || (userinfo.siteadmin == 0xFFFFFFFF)) x += '<a href=# style=cursor:pointer onclick=\'return p30showUserChangePassDialog(' + multiFactor + ')\' title="' + "Change the password for this user" + '">' + "Change Password" + '</a>';
x += '</div><br>' x += '</div><br>'
QH('p30html3', x); QH('p30html3', x);