diff --git a/meshuser.js b/meshuser.js
index 3a605672..8d817960 100644
--- a/meshuser.js
+++ b/meshuser.js
@@ -1838,6 +1838,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
for (var i in command.usernames) {
// Check if the user exists
var newuserid = 'user/' + domain.id + '/' + command.usernames[i].toLowerCase(), newuser = parent.users[newuserid];
+ if (newuserid == obj.user._id) { continue; } // Can't add or modify self
if (newuser != null) {
// Add mesh to user
if (newuser.links == null) newuser.links = {};
@@ -1872,18 +1873,19 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
{
var err = null;
try {
- if (common.validateString(command.userid, 1, 1024) == false) { err = 'Invalid userid'; } // Check userid
- if (common.validateString(command.meshid, 1, 1024) == false) { err = 'Invalid groupid'; } // Check meshid
+ if (common.validateString(command.userid, 1, 1024) == false) { err = "Invalid userid"; } // Check userid
+ if (common.validateString(command.meshid, 1, 1024) == false) { err = "Invalid groupid"; } // Check meshid
if (command.userid.indexOf('/') == -1) { command.userid = 'user/' + domain.id + '/' + command.userid; }
- if ((command.userid.split('/').length != 3) || (command.userid.split('/')[1] != domain.id)) { err = 'Invalid userid'; } // Invalid domain, operation only valid for current domain
+ if (command.userid == obj.user._id) { err = "Can't remove self"; } // Can't add of modify self
+ if ((command.userid.split('/').length != 3) || (command.userid.split('/')[1] != domain.id)) { err = "Invalid userid"; } // Invalid domain, operation only valid for current domain
else {
if (command.meshid.indexOf('/') == -1) { command.meshid = 'mesh/' + domain.id + '/' + command.meshid; }
mesh = parent.meshes[command.meshid];
- if (mesh == null) { err = 'Unknown device group'; }
- else if (mesh.links[user._id] == null || ((mesh.links[user._id].rights & 2) == 0)) { err = 'Permission denied'; }
- else if ((command.meshid.split('/').length != 3) || (command.meshid.split('/')[1] != domain.id)) { err = 'Invalid domain'; } // Invalid domain, operation only valid for current domain
+ if (mesh == null) { err = "Unknown device group"; }
+ else if (mesh.links[user._id] == null || ((mesh.links[user._id].rights & 2) == 0)) { err = "Permission denied"; }
+ else if ((command.meshid.split('/').length != 3) || (command.meshid.split('/')[1] != domain.id)) { err = "Invalid domain"; } // Invalid domain, operation only valid for current domain
}
- } catch (ex) { err = 'Validation exception: ' + ex; }
+ } catch (ex) { err = "Validation exception: " + ex; }
// Handle any errors
if (err != null) {
diff --git a/package.json b/package.json
index fce418af..47001b91 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "meshcentral",
- "version": "0.4.3-f",
+ "version": "0.4.3-g",
"keywords": [
"Remote Management",
"Intel AMT",
diff --git a/views/default-min.handlebars b/views/default-min.handlebars
index 7c7f8939..e600d086 100644
--- a/views/default-min.handlebars
+++ b/views/default-min.handlebars
@@ -2349,11 +2349,10 @@
}
function groupActionFunction() {
- var addedOptions = '';
+ var addedOptions = '', nodeids = getCheckedDevices();
// Check if any of the selected devices have a MQTT connection active
if (features & 0x00400000) {
- var nodeids = getCheckedDevices();
for (var i in nodeids) { if ((getNodeFromId(nodeids[i]).conn & 16) != 0) { addedOptions += ''; break; } }
}
diff --git a/views/default.handlebars b/views/default.handlebars
index 4b8748fe..8070a790 100644
--- a/views/default.handlebars
+++ b/views/default.handlebars
@@ -3331,11 +3331,10 @@
}
function groupActionFunction() {
- var addedOptions = '';
+ var addedOptions = '', nodeids = getCheckedDevices();
// Check if any of the selected devices have a MQTT connection active
if (features & 0x00400000) {
- var nodeids = getCheckedDevices();
for (var i in nodeids) { if ((getNodeFromId(nodeids[i]).conn & 16) != 0) { addedOptions += ''; break; } }
}
diff --git a/views/translations/default-min_fr.handlebars b/views/translations/default-min_fr.handlebars
index b3559e19..e881b2d2 100644
--- a/views/translations/default-min_fr.handlebars
+++ b/views/translations/default-min_fr.handlebars
@@ -2349,11 +2349,10 @@
}
function groupActionFunction() {
- var addedOptions = '';
+ var addedOptions = '', nodeids = getCheckedDevices();
// Check if any of the selected devices have a MQTT connection active
if (features & 0x00400000) {
- var nodeids = getCheckedDevices();
for (var i in nodeids) { if ((getNodeFromId(nodeids[i]).conn & 16) != 0) { addedOptions += ''; break; } }
}
diff --git a/views/translations/default_fr.handlebars b/views/translations/default_fr.handlebars
index 109103e1..c1876329 100644
--- a/views/translations/default_fr.handlebars
+++ b/views/translations/default_fr.handlebars
@@ -3329,11 +3329,10 @@
}
function groupActionFunction() {
- var addedOptions = '';
+ var addedOptions = '', nodeids = getCheckedDevices();
// Check if any of the selected devices have a MQTT connection active
if (features & 0x00400000) {
- var nodeids = getCheckedDevices();
for (var i in nodeids) { if ((getNodeFromId(nodeids[i]).conn & 16) != 0) { addedOptions += ''; break; } }
}