Fixed server file permissions for device groups, #3294

2021-11-25 09:26:25 -08:00 · 2021-11-25 09:26:25 -08:00 · b0726e9a13
parent 48f6d1e251
commit b0726e9a13
2 changed files with 17 additions and 26 deletions
--- a/meshuser.js
+++ b/meshuser.js
@ -6799,22 +6799,19 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
            try { files.filetree.f[user._id].f = readFilesRec(parent.path.join(parent.filespath, domainx + '/user-' + usersplit[2])); } catch (e) { }
        }
-        // Add files for each mesh // TODO: Get all meshes including groups!!
+        // Add files for each mesh
-        for (var i in user.links) {
+        const meshes = parent.GetAllMeshWithRights(user, MESHRIGHT_SERVERFILES);
-            if ((user.links[i].rights & 32) != 0) { // Check that we have file permissions
+        for (var i in meshes) {
-                var mesh = parent.meshes[i];
+            const mesh = meshes[i];
-                if (mesh) {
+            var meshsplit = mesh._id.split('/');
-                    var meshsplit = mesh._id.split('/');
+            files.filetree.f[mesh._id] = { t: 4, n: mesh.name, f: {} };
-                    files.filetree.f[mesh._id] = { t: 4, n: mesh.name, f: {} };
+            files.filetree.f[mesh._id].maxbytes = parent.getQuota(mesh._id, domain);
                    files.filetree.f[mesh._id].maxbytes = parent.getQuota(mesh._id, domain);
-                    // Read all files recursively
+            // Read all files recursively
-                    try {
+            try {
-                        files.filetree.f[mesh._id].f = readFilesRec(parent.path.join(parent.filespath, domainx + '/mesh-' + meshsplit[2]));
+                files.filetree.f[mesh._id].f = readFilesRec(parent.path.join(parent.filespath, domainx + '/mesh-' + meshsplit[2]));
-                    } catch (e) {
+            } catch (e) {
-                        files.filetree.f[mesh._id].f = {}; // Got an error, return empty folder. We will create the folder only when needed.
+                files.filetree.f[mesh._id].f = {}; // Got an error, return empty folder. We will create the folder only when needed.
                    }
                }
            }
        }
--- a/webserver.js
+++ b/webserver.js
@ -7050,20 +7050,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
            if (i.startsWith('mesh/')) {
                // Grant access to a device group thru a direct link
                const m = obj.meshes[i];
-                if ((m) && (m.deleted == null) && ((rights == null) || ((user.links[i].rights & rights) != 0))) {
+                if ((m) && (r.indexOf(m) == -1) && (m.deleted == null) && ((rights == null) || ((user.links[i].rights & rights) != 0))) { r.push(m); }
                    if (r.indexOf(m) == -1) { r.push(m); }
                }
            } else if (i.startsWith('ugrp/')) {
                // Grant access to a device group thru a user group
                const g = obj.userGroups[i];
-                if (g && (g.links != null) && ((rights == null) || ((user.links[i].rights & rights) != 0))) {
+                for (var j in g.links) {
-                    for (var j in g.links) {
+                    if (j.startsWith('mesh/') && ((rights == null) || ((g.links[j].rights != null) && (g.links[j].rights & rights) != 0))) {
-                        if (j.startsWith('mesh/')) {
+                        const m = obj.meshes[j];
-                            const m = obj.meshes[j];
+                        if ((m) && (m.deleted == null) && (r.indexOf(m) == -1)) { r.push(m); }
                            if ((m) && (m.deleted == null)) {
                                if (r.indexOf(m) == -1) { r.push(m); }
                            }
                        }
                    }
                }
            }