Added support for accounts that manage all device group
This commit is contained in:
parent
2cb3df77c5
commit
916e20fa9f
|
@ -214,7 +214,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
|
|||
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0)); // Command 10, ask mesh agent to clear the core
|
||||
} else {
|
||||
// Update new core
|
||||
if (parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].amt == true) {
|
||||
if ((parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId] != null) && (parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].amt == true)) {
|
||||
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + parent.parent.defaultMeshCoreHash + parent.parent.defaultMeshCore); // Command 10, ask mesh agent to set the core (with MEI support)
|
||||
} else {
|
||||
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + parent.parent.defaultMeshCoreNoMeiHash + parent.parent.defaultMeshCoreNoMei); // Command 10, ask mesh agent to set the core (No MEI)
|
||||
|
|
|
@ -1280,6 +1280,10 @@ function CreateMeshCentralServer(config, args) {
|
|||
if (obj.config.settings.autobackup && (typeof obj.config.settings.autobackup.backupintervalhours == 'number')) {
|
||||
setInterval(obj.db.performBackup, obj.config.settings.autobackup.backupintervalhours * 60 * 60 * 1000);
|
||||
}
|
||||
|
||||
// Setup users that can see all device groups
|
||||
obj.config.settings.managealldevicegroups = [];
|
||||
for (i in obj.config.domains) { if (Array.isArray(obj.config.domains[i].managealldevicegroups)) { for (var j in obj.config.domains[i].managealldevicegroups) { if (typeof obj.config.domains[i].managealldevicegroups[j] == 'string') { obj.config.settings.managealldevicegroups.push('user/' + i + '/' + obj.config.domains[i].managealldevicegroups[j]); } } } }
|
||||
});
|
||||
});
|
||||
};
|
||||
|
|
|
@ -370,7 +370,11 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
try { ws.send(JSON.stringify({ action: 'serverinfo', serverinfo: serverinfo })); } catch (ex) { }
|
||||
|
||||
// Send user information to web socket, this is the first thing we send
|
||||
try { ws.send(JSON.stringify({ action: 'userinfo', userinfo: parent.CloneSafeUser(parent.users[user._id]) })); } catch (ex) { }
|
||||
try {
|
||||
var xuserinfo = parent.CloneSafeUser(parent.users[user._id]);
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && (parent.parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) { xuserinfo.manageAllDeviceGroups = true; }
|
||||
ws.send(JSON.stringify({ action: 'userinfo', userinfo: xuserinfo }));
|
||||
} catch (ex) { }
|
||||
|
||||
if (user.siteadmin == 0xFFFFFFFF) {
|
||||
// Send server tracing information
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.4.9-f",
|
||||
"version": "0.4.9-h",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
|
|
@ -81,6 +81,7 @@
|
|||
"_UserNameIsEmail": true,
|
||||
"_NewAccountEmailDomains": [ "sample.com" ],
|
||||
"_NewAccountsRights": [ "nonewgroups", "notools" ],
|
||||
"_ManageAllDeviceGroups": [ "admin" ],
|
||||
"Footer": "<a href='https://twitter.com/mytwitter'>Twitter</a>",
|
||||
"_CertUrl": "https://192.168.2.106:443/",
|
||||
"_PasswordRequirements": { "min": 8, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1, "reset": 90, "force2factor": true, "skip2factor": "127.0.0.1,192.168.2.0/24" },
|
||||
|
|
|
@ -936,7 +936,7 @@
|
|||
}
|
||||
case 'createmesh': {
|
||||
// A new mesh was created
|
||||
if (message.event.links[userinfo._id] != null) { // Check if this is a mesh create for a mesh we own. If site administrator, we get all messages so need to ignore some.
|
||||
if ((meshes[message.event.meshid] == null) && ((userinfo.manageAllDeviceGroups) || (message.event.links[userinfo._id] != null))) { // Check if this is a mesh create for a mesh we own. If site administrator, we get all messages so need to ignore some.
|
||||
meshes[message.event.meshid] = { _id: message.event.meshid, name: message.event.name, mtype: message.event.mtype, desc: message.event.desc, links: message.event.links };
|
||||
updateMeshes();
|
||||
updateDevices();
|
||||
|
@ -3445,6 +3445,9 @@
|
|||
if (typeof mesh == 'string') { mesh = meshes[mesh] }
|
||||
if ((mesh == null) || (mesh.links == null)) { return 0; }
|
||||
|
||||
// Check if user user
|
||||
if (userinfo.manageAllDeviceGroups) return 0xFFFFFFFF;
|
||||
|
||||
// Check direct link permission
|
||||
var rights = 0, r = mesh.links[userid];
|
||||
if (r != null) {
|
||||
|
@ -3478,6 +3481,9 @@
|
|||
if ((mesh == null) || (mesh.links == null)) { return false; }
|
||||
if (mesh.links[userid] != null) { return true; } // User has visilibity thru a direct link
|
||||
|
||||
// Check if user user
|
||||
if (userinfo.manageAllDeviceGroups) return true;
|
||||
|
||||
// Check permissions thru user groups
|
||||
var user = null;
|
||||
if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } }
|
||||
|
|
|
@ -2326,7 +2326,7 @@
|
|||
}
|
||||
case 'createmesh': {
|
||||
// A new mesh was created
|
||||
if ((meshes[message.event.meshid] == null) && (message.event.links[userinfo._id] != null)) { // Check if this is a mesh create for a mesh we own. If site administrator, we get all messages so need to ignore some.
|
||||
if ((meshes[message.event.meshid] == null) && ((userinfo.manageAllDeviceGroups) || (message.event.links[userinfo._id] != null))) { // Check if this is a mesh create for a mesh we own. If site administrator, we get all messages so need to ignore some.
|
||||
meshes[message.event.meshid] = { _id: message.event.meshid, name: message.event.name, mtype: message.event.mtype, desc: message.event.desc, links: message.event.links };
|
||||
masterUpdate(4 + 128 + 8192 + 16384);
|
||||
meshserver.send({ action: 'files' });
|
||||
|
@ -2399,8 +2399,6 @@
|
|||
if (xxcurrentView >= 20 && xxcurrentView < 30 && currentMesh._id == message.event.meshid) { setDialogMode(0); go(2); }
|
||||
// If we are looking at a node in the deleted mesh, move back to "My Devices"
|
||||
if (xxcurrentView >= 10 && xxcurrentView < 20 && currentNode && currentNode.meshid == message.event.meshid) { setDialogMode(0); go(1); }
|
||||
|
||||
console.log('deletemesh', meshes);
|
||||
break;
|
||||
}
|
||||
case 'addnode': {
|
||||
|
@ -10958,6 +10956,9 @@
|
|||
if (typeof mesh == 'string') { mesh = meshes[mesh] }
|
||||
if ((mesh == null) || (mesh.links == null)) { return 0; }
|
||||
|
||||
// Check if user user
|
||||
if (userinfo.manageAllDeviceGroups) return 0xFFFFFFFF;
|
||||
|
||||
// Check direct link permission
|
||||
var rights = 0, r = mesh.links[userid];
|
||||
if (r != null) {
|
||||
|
@ -10991,6 +10992,9 @@
|
|||
if ((mesh == null) || (mesh.links == null)) { return false; }
|
||||
if (mesh.links[userid] != null) { return true; } // User has visilibity thru a direct link
|
||||
|
||||
// Check if user user
|
||||
if (userinfo.manageAllDeviceGroups) return true;
|
||||
|
||||
// Check permissions thru user groups
|
||||
var user = null;
|
||||
if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } }
|
||||
|
|
19
webserver.js
19
webserver.js
|
@ -4031,7 +4031,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
obj.GetAllMeshWithRights = function (user, rights) {
|
||||
if (typeof user == 'string') { user = obj.users[user]; }
|
||||
if ((user == null) || (user.links == null)) { return []; }
|
||||
|
||||
var r = [];
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) {
|
||||
// This is a super user that can see all device groups for a given domain
|
||||
var meshStartStr = 'mesh/' + user.domain + '/';
|
||||
for (var i in obj.meshes) { if ((obj.meshes[i]._id.startsWith(meshStartStr)) && (obj.meshes[i].deleted == null)) { r.push(obj.meshes[i]); } }
|
||||
return r;
|
||||
}
|
||||
for (var i in user.links) {
|
||||
if (i.startsWith('mesh/')) {
|
||||
// Grant access to a device group thru a direct link
|
||||
|
@ -4062,6 +4069,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
if (typeof user == 'string') { user = obj.users[user]; }
|
||||
if ((user == null) || (user.links == null)) { return []; }
|
||||
var r = [];
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) {
|
||||
// This is a super user that can see all device groups for a given domain
|
||||
var meshStartStr = 'mesh/' + user.domain + '/';
|
||||
for (var i in obj.meshes) { if ((obj.meshes[i]._id.startsWith(meshStartStr)) && (obj.meshes[i].deleted == null)) { r.push(obj.meshes[i]._id); } }
|
||||
return r;
|
||||
}
|
||||
for (var i in user.links) {
|
||||
if (i.startsWith('mesh/')) {
|
||||
// Grant access to a device group thru a direct link
|
||||
|
@ -4099,6 +4112,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
meshid = mesh._id;
|
||||
} else return 0;
|
||||
|
||||
// Check if this is a super user that can see all device groups for a given domain
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return 0xFFFFFFFF; }
|
||||
|
||||
// Check direct user to device group permissions
|
||||
var rights = 0;
|
||||
r = user.links[meshid];
|
||||
|
@ -4140,6 +4156,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
meshid = mesh._id;
|
||||
} else return false;
|
||||
|
||||
// Check if this is a super user that can see all device groups for a given domain
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return true; }
|
||||
|
||||
// Check direct user to device group permissions
|
||||
if (user.links[meshid] != null) { return true; } // If the user has a direct link, stop here.
|
||||
|
||||
|
|
Loading…
Reference in New Issue