Started work on per-user rights removal.

2024-12-25 14:45:52 -05:00 · 2021-08-27 09:14:11 -07:00 · 2021-08-27 09:14:11 -07:00 · 96f7c048f7
commit 96f7c048f7
parent 024a5d4cbe
2 changed files with 42 additions and 14 deletions
--- a/meshuser.js
+++ b/meshuser.js
@ -1584,7 +1584,13 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                        if (command.resetNextLogin === true) { chguser.passchange = -1; }
                        if ((command.consent != null) && (typeof command.consent == 'number')) { if (command.consent == 0) { delete chguser.consent; } else { chguser.consent = command.consent; } change = 1; }
                        if ((command.phone != null) && (typeof command.phone == 'string') && ((command.phone == '') || isPhoneNumber(command.phone))) { if (command.phone == '') { delete chguser.phone; } else { chguser.phone = command.phone; } change = 1; }
-                        if ((command.flags != null) && (typeof command.flags == 'number')) { if (command.flags == 0) { delete chguser.flags; } else { chguser.flags = command.flags; } change = 1; } // Flags: 1 = Account Image, 2 = Session Recording
+                        if ((command.flags != null) && (typeof command.flags == 'number')) {
+                            // Flags: 1 = Account Image, 2 = Session Recording
+                            if ((command.flags == 0) && (chguser.flags != null)) { delete chguser.flags; change = 1; } else { if (command.flags !== chguser.flags) { chguser.flags = command.flags; change = 1; } }
+                        }
+                        if ((command.removeRights != null) && (typeof command.removeRights == 'number')) {
+                            if ((command.removeRights == 0) && (chguser.removeRights != null)) { delete chguser.removeRights; change = 1; } else { if (command.removeRights !== chguser.removeRights) { chguser.removeRights = command.removeRights; change = 1; } } 
+                        }

                        // Site admins can change any server rights, user managers can only change AccountLock, NoMeshCmd and NoNewGroups
                        if (common.validateInt(command.siteadmin) && (chguser._id !== user._id) && (chguser.siteadmin != command.siteadmin)) { // We can't change our own siteadmin permissions.
--- a/views/default.handlebars
+++ b/views/default.handlebars
@ -14052,15 +14052,18 @@
            }

            // Display features
-            if (serverinfo.usersSessionRecording == 1) {
            var userFeatures = [];
-                if (user.flags) {
-                    if ((serverinfo.usersSessionRecording == 1) && (user.flags & 2)) { userFeatures.push("Record Sessions"); }
+            if ((serverinfo.usersSessionRecording == 1) && (user.flags) && (user.flags & 2)) { userFeatures.push("Record Sessions"); }
+            if (user.removeRights) {
+                if ((user.removeRights & 0x00010000) != 0) { userFeatures.push("No Desktop"); }
+                else if ((user.removeRights & 0x00000100) != 0) { userFeatures.push("Desktop View Only"); }
+                if ((user.removeRights & 0x00000200) != 0) { userFeatures.push("No Terminal"); }
+                if ((user.removeRights & 0x00000400) != 0) { userFeatures.push("No Files"); }
+                if ((user.removeRights & 0x00000010) != 0) { userFeatures.push("No Console"); }
            }
            userFeatures = userFeatures.join(', ');
            if (userFeatures == '') { userFeatures = '<i>' + "None" + '</i>'; }
            x += addDeviceAttribute("Features", addLink(userFeatures, 'p20edituserfeatures()'));
-            }

            x += addDeviceAttribute("Server Rights", premsg + msg.join(', ') + ' <img style=cursor:pointer class=hoverButton onclick=\'return showUserAdminDialog(event,"' + encodeURIComponentEx(user._id) + '")\' src="images/link5.png" />');
            if (user.quota) x += addDeviceAttribute("Server Quota", EscapeHtml(parseInt(user.quota) / 1024) + ' k');
@ -14179,19 +14182,38 @@
        function p20edituserfeatures() {
            if (xxdialogMode) return;
            var flags = (currentUser.flags)?currentUser.flags:0, x = ''; // Flags: 1 = Account Image, 2 = Session Recording
+            var removeRights = (currentUser.removeRights)?currentUser.removeRights:0, x = ''; // Remove Device Group Rights
            if (serverinfo.usersSessionRecording == 1) {
-                x += '<div><label><input type=checkbox id=d20flag2 onchange=p20edituserfeaturesValidate() ' + ((flags & 2) ? 'checked' : '') + '>' + "Record sessions" + '</label><br></div>';
+                x += '<div><label><input type=checkbox id=d20flag1 onchange=p20edituserfeaturesValidate() ' + ((flags & 2) ? 'checked' : '') + '>' + "Record sessions" + '</label><br></div>';
            }
+            x += '<div><label><input type=checkbox id=d20flag2 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00010000) ? 'checked' : '') + '>' + "No Desktop Access" + '</label><br></div>';
+            x += '<div style=margin-left:8px><label><input type=checkbox id=d20flag3 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000100) ? 'checked' : '') + '>' + "Remote View Only" + '</label><br></div>';
+            x += '<div><label><input type=checkbox id=d20flag4 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000200) ? 'checked' : '') + '>' + "No Terminal Access" + '</label><br></div>';
+            x += '<div><label><input type=checkbox id=d20flag5 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000400) ? 'checked' : '') + '>' + "No File Access" + '</label><br></div>';
+            x += '<div><label><input type=checkbox id=d20flag6 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00000010) ? 'checked' : '') + '>' + "No Agent Console" + '</label><br></div>';
            setDialogMode(2, "Edit User Features", 3, p20edituserfeaturesEx, x);
+            p20edituserfeaturesValidate();
        }

-        function p20edituserfeaturesValidate() { }
+        function p20edituserfeaturesValidate() {
+            QE('d20flag3', !Q('d20flag2').checked);
+        }

        // Send to the server the new user's real name
        function p20edituserfeaturesEx() {
-            var f = currentUser.flags & 1; // Flags: 1 = Account Image, 2 = Session Recording
-            if (Q('d20flag2').checked) { f += 2; }
-            meshserver.send({ action: 'edituser', id: currentUser._id, flags: f });
+            // Setup user flags
+            var flags = (currentUser.flags)?currentUser.flags:0; // Flags: 1 = Account Image, 2 = Session Recording
+            var f = flags & 1;
+            if ((serverinfo.usersSessionRecording == 1) && Q('d20flag1').checked) { f += 2; }
+
+            // Setup user permission removal
+            var r = 0;
+            if (Q('d20flag2').checked) { r += 0x00010000; }
+            else if (Q('d20flag3').checked) { r += 0x00000100; }
+            if (Q('d20flag4').checked) { r += 0x00000200; }
+            if (Q('d20flag5').checked) { r += 0x00000400; }
+            if (Q('d20flag6').checked) { r += 0x00000010; }
+            meshserver.send({ action: 'edituser', id: currentUser._id, flags: f, removeRights: r });
        }

        function p30editPhoneValidate(x) {