Added user group consent policy and fixed user access rights.
This commit is contained in:
Ylian Saint-Hilaire
parent
57fdf7ab9f
commit
61dfa7e988
29
meshuser.js
29
meshuser.js
|
|
@ -213,6 +213,18 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
if (typeof mesh.consent == 'number') { command.consent |= mesh.consent; } // Add device group user consent
|
||||
if (typeof node.consent == 'number') { command.consent |= node.consent; } // Add node user consent
|
||||
if (typeof user.consent == 'number') { command.consent |= user.consent; } // Add user consent
|
||||
|
||||
// Check if we need to add consent flags because of a user group link
|
||||
if ((user.links != null) && (user.links[mesh._id] == null) && (user.links[node._id] == null)) {
|
||||
// This user does not have a direct link to the device group or device. Find all user groups the would cause the link.
|
||||
for (var i in user.links) {
|
||||
var ugrp = parent.userGroups[i];
|
||||
if ((ugrp != null) && (ugrp.consent != null) && (ugrp.links != null) && ((ugrp.links[mesh._id] != null) || (ugrp.links[node._id] != null))) {
|
||||
command.consent |= ugrp.consent; // Add user group consent flags
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
command.username = user.name; // Add user name
|
||||
command.realname = user.realname; // Add real name
|
||||
command.userid = user._id; // Add user id
|
||||
|
|
@ -240,6 +252,18 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
if (typeof mesh.consent == 'number') { command.consent |= mesh.consent; } // Add device group user consent
|
||||
if (typeof node.consent == 'number') { command.consent |= node.consent; } // Add node user consent
|
||||
if (typeof user.consent == 'number') { command.consent |= user.consent; } // Add user consent
|
||||
|
||||
// Check if we need to add consent flags because of a user group link
|
||||
if ((user.links != null) && (user.links[mesh._id] == null) && (user.links[node._id] == null)) {
|
||||
// This user does not have a direct link to the device group or device. Find all user groups the would cause the link.
|
||||
for (var i in user.links) {
|
||||
var ugrp = parent.userGroups[i];
|
||||
if ((ugrp != null) && (ugrp.consent != null) && (ugrp.links != null) && ((ugrp.links[mesh._id] != null) || (ugrp.links[node._id] != null))) {
|
||||
command.consent |= ugrp.consent; // Add user group consent flags
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
command.username = user.name; // Add user name
|
||||
command.realname = user.realname; // Add real name
|
||||
command.userid = user._id; // Add user id
|
||||
|
|
@ -605,6 +629,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
// Request a list of all nodes
|
||||
db.GetAllTypeNoTypeFieldMeshFiltered(links, extraids, domain.id, 'node', command.id, function (err, docs) {
|
||||
if (docs == null) { docs = []; }
|
||||
parent.common.unEscapeAllLinksFieldName(docs);
|
||||
|
||||
var r = {};
|
||||
for (i in docs) {
|
||||
// Check device links, if a link points to an unknown user, remove it.
|
||||
|
|
@ -2224,9 +2250,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
if (group != null) {
|
||||
if ((common.validateString(command.name, 1, 64) == true) && (command.name != group.name)) { change = 'User group name changed from "' + group.name + '" to "' + command.name + '"'; group.name = command.name; }
|
||||
if ((common.validateString(command.desc, 0, 1024) == true) && (command.desc != group.desc)) { if (change != '') change += ' and description changed'; else change += 'User group "' + group.name + '" description changed'; group.desc = command.desc; }
|
||||
if ((typeof command.consent == 'number') && (command.consent != group.consent)) { if (change != '') change += ' and consent changed'; else change += 'User group "' + group.name + '" consent changed'; group.consent = command.consent; }
|
||||
if (change != '') {
|
||||
db.Set(group);
|
||||
var event = { etype: 'ugrp', userid: user._id, username: user.name, ugrpid: group._id, name: group.name, desc: group.desc, action: 'usergroupchange', links: group.links, msg: change, domain: domain.id };
|
||||
var event = { etype: 'ugrp', userid: user._id, username: user.name, ugrpid: group._id, name: group.name, desc: group.desc, consent: group.consent, action: 'usergroupchange', links: group.links, msg: change, domain: domain.id };
|
||||
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
|
||||
parent.parent.DispatchEvent(['*', group._id, user._id], obj, event);
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -2594,6 +2594,7 @@
|
|||
ugroup.name = message.event.name;
|
||||
if (message.event.desc) { ugroup.desc = message.event.desc; } else { delete ugroup.desc; }
|
||||
if (message.event.links) { ugroup.links = message.event.links; } else { delete ugroup.links; }
|
||||
if (message.event.consent) { ugroup.consent = message.event.consent; } else { delete ugroup.consent; }
|
||||
}
|
||||
mainUpdate(4096 + 8192 + 16384);
|
||||
|
||||
|
|
@ -9573,6 +9574,7 @@
|
|||
if (editType == 1) { consent = (currentMesh.consent) ? currentMesh.consent : 0; title = "Edit Device Group User Consent"; }
|
||||
if (editType == 2) { consent = (currentUser.consent) ? currentUser.consent : 0; title = "Edit User Consent"; }
|
||||
if (editType == 3) { consent = (currentNode.consent) ? currentNode.consent : 0; title = "Edit Device User Consent"; }
|
||||
if (editType == 4) { consent = (currentUserGroup.consent) ? currentUserGroup.consent : 0; title = "Edit User Group User Consent"; }
|
||||
x += '<div style="width:100%;border-bottom:1px solid gray;margin-bottom:5px"><b>' + "Desktop" + '</b></div>';
|
||||
x += '<div><label><input type=checkbox id=d20flag1 ' + ((consent & 0x0001) ? 'checked' : '') + '>' + "Notify user" + '</label></div>';
|
||||
x += '<div><label><input type=checkbox id=d20flag2 ' + ((consent & 0x0008) ? 'checked' : '') + '>' + "Prompt for user consent" + '</label></div>';
|
||||
|
|
@ -9614,6 +9616,7 @@
|
|||
if (editType == 1) { meshserver.send({ action: 'editmesh', meshid: currentMesh._id, consent: consent }); }
|
||||
if (editType == 2) { meshserver.send({ action: 'edituser', id: currentUser._id, consent: consent }); }
|
||||
if (editType == 3) { meshserver.send({ action: 'changedevice', nodeid: currentNode._id, consent: consent }); }
|
||||
if (editType == 4) { meshserver.send({ action: 'editusergroup', ugrpid: currentUserGroup._id, consent: consent }); }
|
||||
}
|
||||
|
||||
function p20editmeshfeatures() {
|
||||
|
|
@ -11586,6 +11589,23 @@
|
|||
} else {
|
||||
x += addDeviceAttribute("Description", desc);
|
||||
}
|
||||
|
||||
// Display user consent flags for this user group
|
||||
{
|
||||
var consentOptionsStr = [], consent = 0;
|
||||
if (group.consent) { consent = group.consent; }
|
||||
if (serverinfo.consent) { consent |= serverinfo.consent; }
|
||||
if ((consent & 0x0040) && (consent & 0x0008)) { consentOptionsStr.push("Desktop Prompt+Toolbar"); } else if (consent & 0x0040) { consentOptionsStr.push("Desktop Toolbar"); } else if (consent & 0x0008) { consentOptionsStr.push("Desktop Prompt"); } else { if (consent & 0x0001) { consentOptionsStr.push("Desktop Notify"); } }
|
||||
if (consent & 0x0010) { consentOptionsStr.push("Terminal Prompt"); } else { if (consent & 0x0002) { consentOptionsStr.push("Terminal Notify"); } }
|
||||
if (consent & 0x0020) { consentOptionsStr.push("Files Prompt"); } else { if (consent & 0x0004) { consentOptionsStr.push("Files Notify"); } }
|
||||
if (consent == 7) { consentOptionsStr = ["Always Notify"]; }
|
||||
if ((consent & 56) == 56) { consentOptionsStr = ["Always Prompt"]; }
|
||||
|
||||
consentOptionsStr = consentOptionsStr.join(', ');
|
||||
if (consentOptionsStr == '') { consentOptionsStr = '<i>' + "None" + '</i>'; }
|
||||
x += addDeviceAttribute("User Consent", addLinkConditional(consentOptionsStr, 'p20editmeshconsent(4)', true));
|
||||
}
|
||||
|
||||
x += addDeviceAttribute("Users", usercount);
|
||||
x += addDeviceAttribute("Device Groups", meshcount);
|
||||
x += addDeviceAttribute("Devices", devicecount);
|
||||
|
|
|
|||
16
webserver.js
16
webserver.js
|
|
@ -2373,12 +2373,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
// Server features
|
||||
var serverFeatures = 63;
|
||||
if (domain.myserver) {
|
||||
if (domain.myserver.backup !== true) { serverFeatures -= 1; } // Allow server backups
|
||||
if (domain.myserver.restore !== true) { serverFeatures -= 2; } // Allow server restore
|
||||
if (domain.myserver.upgrade !== true) { serverFeatures -= 4; } // Allow server upgrade
|
||||
if (domain.myserver.errorlog !== true) { serverFeatures -= 8; } // Allow show server crash log
|
||||
if (domain.myserver.console !== true) { serverFeatures -= 16; } // Allow server console
|
||||
if (domain.myserver.trace !== true) { serverFeatures -= 32; } // Allow server tracing
|
||||
if (domain.myserver.backup !== true) { serverFeatures -= 1; } // Disallow simple server backups
|
||||
if (domain.myserver.restore !== true) { serverFeatures -= 2; } // Disallow simple server restore
|
||||
if (domain.myserver.upgrade !== true) { serverFeatures -= 4; } // Disallow server upgrade
|
||||
if (domain.myserver.errorlog !== true) { serverFeatures -= 8; } // Disallow show server crash log
|
||||
if (domain.myserver.console !== true) { serverFeatures -= 16; } // Disallow server console
|
||||
if (domain.myserver.trace !== true) { serverFeatures -= 32; } // Disallow server tracing
|
||||
}
|
||||
if (obj.db.databaseType != 1) { // If not using NeDB, we can't backup using the simple system.
|
||||
if ((serverFeatures & 1) != 0) { serverFeatures -= 1; } // Disallow server backups
|
||||
if ((serverFeatures & 2) != 0) { serverFeatures -= 2; } // Disallow simple server restore
|
||||
}
|
||||
|
||||
// Refresh the session
|
||||
|
|
|
|||
Loading…
Reference in New Issue