MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added support for accounts that manage all device group

This commit is contained in:
Ylian Saint-Hilaire 2020-02-17 13:01:13 -08:00
parent 2cb3df77c5
commit 916e20fa9f
8 changed files with 45 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meshagent.js
View File

@ -214,7 +214,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0)); // Command 10, ask mesh agent to clear the core obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0)); // Command 10, ask mesh agent to clear the core
} else { } else {
// Update new core // Update new core
if (parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].amt == true) { if ((parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId] != null) && (parent.parent.meshAgentsArchitectureNumbers[obj.agentInfo.agentId].amt == true)) {
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + parent.parent.defaultMeshCoreHash + parent.parent.defaultMeshCore); // Command 10, ask mesh agent to set the core (with MEI support) obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + parent.parent.defaultMeshCoreHash + parent.parent.defaultMeshCore); // Command 10, ask mesh agent to set the core (with MEI support)
} else { } else {
obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + parent.parent.defaultMeshCoreNoMeiHash + parent.parent.defaultMeshCoreNoMei); // Command 10, ask mesh agent to set the core (No MEI) obj.sendBinary(common.ShortToStr(10) + common.ShortToStr(0) + parent.parent.defaultMeshCoreNoMeiHash + parent.parent.defaultMeshCoreNoMei); // Command 10, ask mesh agent to set the core (No MEI)

4
meshcentral.js
View File

@ -1280,6 +1280,10 @@ function CreateMeshCentralServer(config, args) {
if (obj.config.settings.autobackup && (typeof obj.config.settings.autobackup.backupintervalhours == 'number')) { if (obj.config.settings.autobackup && (typeof obj.config.settings.autobackup.backupintervalhours == 'number')) {
setInterval(obj.db.performBackup, obj.config.settings.autobackup.backupintervalhours * 60 * 60 * 1000); setInterval(obj.db.performBackup, obj.config.settings.autobackup.backupintervalhours * 60 * 60 * 1000);
} }
// Setup users that can see all device groups
obj.config.settings.managealldevicegroups = [];
for (i in obj.config.domains) { if (Array.isArray(obj.config.domains[i].managealldevicegroups)) { for (var j in obj.config.domains[i].managealldevicegroups) { if (typeof obj.config.domains[i].managealldevicegroups[j] == 'string') { obj.config.settings.managealldevicegroups.push('user/' + i + '/' + obj.config.domains[i].managealldevicegroups[j]); } } } }
}); });
}); });
}; };

6
meshuser.js
View File

@ -370,7 +370,11 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
try { ws.send(JSON.stringify({ action: 'serverinfo', serverinfo: serverinfo })); } catch (ex) { } try { ws.send(JSON.stringify({ action: 'serverinfo', serverinfo: serverinfo })); } catch (ex) { }
// Send user information to web socket, this is the first thing we send // Send user information to web socket, this is the first thing we send
try { ws.send(JSON.stringify({ action: 'userinfo', userinfo: parent.CloneSafeUser(parent.users[user._id]) })); } catch (ex) { } try {
var xuserinfo = parent.CloneSafeUser(parent.users[user._id]);
if ((user.siteadmin == 0xFFFFFFFF) && (parent.parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) { xuserinfo.manageAllDeviceGroups = true; }
ws.send(JSON.stringify({ action: 'userinfo', userinfo: xuserinfo }));
} catch (ex) { }
if (user.siteadmin == 0xFFFFFFFF) { if (user.siteadmin == 0xFFFFFFFF) {
// Send server tracing information // Send server tracing information

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "0.4.9-f", "version": "0.4.9-h",
"keywords": [ "keywords": [
"Remote Management", "Remote Management",
"Intel AMT", "Intel AMT",

1
sample-config.json
View File

@ -81,6 +81,7 @@
"_UserNameIsEmail": true, "_UserNameIsEmail": true,
"_NewAccountEmailDomains": [ "sample.com" ], "_NewAccountEmailDomains": [ "sample.com" ],
"_NewAccountsRights": [ "nonewgroups", "notools" ], "_NewAccountsRights": [ "nonewgroups", "notools" ],
"_ManageAllDeviceGroups": [ "admin" ],
"Footer": "<a href='https://twitter.com/mytwitter'>Twitter</a>", "Footer": "<a href='https://twitter.com/mytwitter'>Twitter</a>",
"_CertUrl": "https://192.168.2.106:443/", "_CertUrl": "https://192.168.2.106:443/",
"_PasswordRequirements": { "min": 8, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1, "reset": 90, "force2factor": true, "skip2factor": "127.0.0.1,192.168.2.0/24" }, "_PasswordRequirements": { "min": 8, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1, "reset": 90, "force2factor": true, "skip2factor": "127.0.0.1,192.168.2.0/24" },

8
views/default-mobile.handlebars
View File

@ -936,7 +936,7 @@
} }
case 'createmesh': { case 'createmesh': {
// A new mesh was created // A new mesh was created
if (message.event.links[userinfo._id] != null) { // Check if this is a mesh create for a mesh we own. If site administrator, we get all messages so need to ignore some. if ((meshes[message.event.meshid] == null) && ((userinfo.manageAllDeviceGroups) || (message.event.links[userinfo._id] != null))) { // Check if this is a mesh create for a mesh we own. If site administrator, we get all messages so need to ignore some.
meshes[message.event.meshid] = { _id: message.event.meshid, name: message.event.name, mtype: message.event.mtype, desc: message.event.desc, links: message.event.links }; meshes[message.event.meshid] = { _id: message.event.meshid, name: message.event.name, mtype: message.event.mtype, desc: message.event.desc, links: message.event.links };
updateMeshes(); updateMeshes();
updateDevices(); updateDevices();
@ -3445,6 +3445,9 @@
if (typeof mesh == 'string') { mesh = meshes[mesh] } if (typeof mesh == 'string') { mesh = meshes[mesh] }
if ((mesh == null) || (mesh.links == null)) { return 0; } if ((mesh == null) || (mesh.links == null)) { return 0; }
// Check if user user
if (userinfo.manageAllDeviceGroups) return 0xFFFFFFFF;
// Check direct link permission // Check direct link permission
var rights = 0, r = mesh.links[userid]; var rights = 0, r = mesh.links[userid];
if (r != null) { if (r != null) {
@ -3478,6 +3481,9 @@
if ((mesh == null) || (mesh.links == null)) { return false; } if ((mesh == null) || (mesh.links == null)) { return false; }
if (mesh.links[userid] != null) { return true; } // User has visilibity thru a direct link if (mesh.links[userid] != null) { return true; } // User has visilibity thru a direct link
// Check if user user
if (userinfo.manageAllDeviceGroups) return true;
// Check permissions thru user groups // Check permissions thru user groups
var user = null; var user = null;
if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } } if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } }

10
views/default.handlebars
View File

@ -2326,7 +2326,7 @@
} }
case 'createmesh': { case 'createmesh': {
// A new mesh was created // A new mesh was created
if ((meshes[message.event.meshid] == null) && (message.event.links[userinfo._id] != null)) { // Check if this is a mesh create for a mesh we own. If site administrator, we get all messages so need to ignore some. if ((meshes[message.event.meshid] == null) && ((userinfo.manageAllDeviceGroups) || (message.event.links[userinfo._id] != null))) { // Check if this is a mesh create for a mesh we own. If site administrator, we get all messages so need to ignore some.
meshes[message.event.meshid] = { _id: message.event.meshid, name: message.event.name, mtype: message.event.mtype, desc: message.event.desc, links: message.event.links }; meshes[message.event.meshid] = { _id: message.event.meshid, name: message.event.name, mtype: message.event.mtype, desc: message.event.desc, links: message.event.links };
masterUpdate(4 + 128 + 8192 + 16384); masterUpdate(4 + 128 + 8192 + 16384);
meshserver.send({ action: 'files' }); meshserver.send({ action: 'files' });
@ -2399,8 +2399,6 @@
if (xxcurrentView >= 20 && xxcurrentView < 30 && currentMesh._id == message.event.meshid) { setDialogMode(0); go(2); } if (xxcurrentView >= 20 && xxcurrentView < 30 && currentMesh._id == message.event.meshid) { setDialogMode(0); go(2); }
// If we are looking at a node in the deleted mesh, move back to "My Devices" // If we are looking at a node in the deleted mesh, move back to "My Devices"
if (xxcurrentView >= 10 && xxcurrentView < 20 && currentNode && currentNode.meshid == message.event.meshid) { setDialogMode(0); go(1); } if (xxcurrentView >= 10 && xxcurrentView < 20 && currentNode && currentNode.meshid == message.event.meshid) { setDialogMode(0); go(1); }
console.log('deletemesh', meshes);
break; break;
} }
case 'addnode': { case 'addnode': {
@ -10958,6 +10956,9 @@
if (typeof mesh == 'string') { mesh = meshes[mesh] } if (typeof mesh == 'string') { mesh = meshes[mesh] }
if ((mesh == null) || (mesh.links == null)) { return 0; } if ((mesh == null) || (mesh.links == null)) { return 0; }
// Check if user user
if (userinfo.manageAllDeviceGroups) return 0xFFFFFFFF;
// Check direct link permission // Check direct link permission
var rights = 0, r = mesh.links[userid]; var rights = 0, r = mesh.links[userid];
if (r != null) { if (r != null) {
@ -10991,6 +10992,9 @@
if ((mesh == null) || (mesh.links == null)) { return false; } if ((mesh == null) || (mesh.links == null)) { return false; }
if (mesh.links[userid] != null) { return true; } // User has visilibity thru a direct link if (mesh.links[userid] != null) { return true; } // User has visilibity thru a direct link
// Check if user user
if (userinfo.manageAllDeviceGroups) return true;
// Check permissions thru user groups // Check permissions thru user groups
var user = null; var user = null;
if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } } if (userid == userinfo._id) { user = userinfo; } else { if (users != null) { user = users[userid]; } }

19
webserver.js
View File

@ -4031,7 +4031,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
obj.GetAllMeshWithRights = function (user, rights) { obj.GetAllMeshWithRights = function (user, rights) {
if (typeof user == 'string') { user = obj.users[user]; } if (typeof user == 'string') { user = obj.users[user]; }
if ((user == null) || (user.links == null)) { return []; } if ((user == null) || (user.links == null)) { return []; }
var r = []; var r = [];
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) {
// This is a super user that can see all device groups for a given domain
var meshStartStr = 'mesh/' + user.domain + '/';
for (var i in obj.meshes) { if ((obj.meshes[i]._id.startsWith(meshStartStr)) && (obj.meshes[i].deleted == null)) { r.push(obj.meshes[i]); } }
return r;
}
for (var i in user.links) { for (var i in user.links) {
if (i.startsWith('mesh/')) { if (i.startsWith('mesh/')) {
// Grant access to a device group thru a direct link // Grant access to a device group thru a direct link
@ -4062,6 +4069,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (typeof user == 'string') { user = obj.users[user]; } if (typeof user == 'string') { user = obj.users[user]; }
if ((user == null) || (user.links == null)) { return []; } if ((user == null) || (user.links == null)) { return []; }
var r = []; var r = [];
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) {
// This is a super user that can see all device groups for a given domain
var meshStartStr = 'mesh/' + user.domain + '/';
for (var i in obj.meshes) { if ((obj.meshes[i]._id.startsWith(meshStartStr)) && (obj.meshes[i].deleted == null)) { r.push(obj.meshes[i]._id); } }
return r;
}
for (var i in user.links) { for (var i in user.links) {
if (i.startsWith('mesh/')) { if (i.startsWith('mesh/')) {
// Grant access to a device group thru a direct link // Grant access to a device group thru a direct link
@ -4099,6 +4112,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
meshid = mesh._id; meshid = mesh._id;
} else return 0; } else return 0;
// Check if this is a super user that can see all device groups for a given domain
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return 0xFFFFFFFF; }
// Check direct user to device group permissions // Check direct user to device group permissions
var rights = 0; var rights = 0;
r = user.links[meshid]; r = user.links[meshid];
@ -4140,6 +4156,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
meshid = mesh._id; meshid = mesh._id;
} else return false; } else return false;
// Check if this is a super user that can see all device groups for a given domain
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return true; }
// Check direct user to device group permissions // Check direct user to device group permissions
if (user.links[meshid] != null) { return true; } // If the user has a direct link, stop here. if (user.links[meshid] != null) { return true; } // If the user has a direct link, stop here.