MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed cross-domain + all device group admins.

This commit is contained in:
Ylian Saint-Hilaire 2020-06-26 15:38:48 -07:00
parent 7294f3b99c
commit 677cbfe016
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
meshuser.js
View File

@ -19,6 +19,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
const path = require('path');
const common = parent.common;
// Cross domain messages, for cross-domain administrators only.
const allowedCrossDomainMessages = ['accountcreate', 'accountremove', 'accountchange', 'createusergroup', 'deleteusergroup', 'usergroupchange'];
// User Consent Flags
const USERCONSENT_DesktopNotifyUser = 1;
const USERCONSENT_TerminalNotifyUser = 2;
@ -284,7 +287,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Handle events
ws.HandleEvent = function (source, event, ids, id) {
if ((event.domain == null) || (event.domain == domain.id) || (obj.crossDomain === true)) {
// Normally, only allow this user to receive messages from it's own domain.
// If the user is a cross domain administrator, allow some select messages from different domains.
if ((event.domain == null) || (event.domain == domain.id) || ((obj.crossDomain === true) && (allowedCrossDomainMessages.indexOf(event.action) >= 0))) {
try {
if (event == 'close') { try { delete req.session; } catch (ex) { } obj.close(); }
else if (event == 'resubscribe') { user.subscriptions = parent.subscribe(user._id, ws); }