mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-11-24 11:37:40 -05:00
manageAllDeviceGroups - Added group support (members of) (#7310)
This commit is contained in:
stephannn
GitHub
@@ -686,7 +686,7 @@
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
"description": "Users in this list are allowed to see and manage all device groups within their domain. For example ['user//billybob','user//fred'] would allow billybob and fred to manage all device groups from all users in their domain."
|
||||
"description": "Users or groups that users are a member of in this list are allowed to see and manage all device groups within their domain. For example ['user//billybob','user//fred','ugrp//RA...'] would allow billybob, fred and members of ugrp//RA to manage all device groups from all users in their domain."
|
||||
},
|
||||
"manageCrossDomain": {
|
||||
"type": "array",
|
||||
|
||||
@@ -613,7 +613,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
serverinfo.logoutonidlesessiontimeout = true;
|
||||
}
|
||||
if (user.siteadmin === SITERIGHT_ADMIN) {
|
||||
if (parent.parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) { serverinfo.manageAllDeviceGroups = true; }
|
||||
if (parent.parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0 || (Object.keys(user.links).some(key => parent.parent.config.settings.managealldevicegroups.indexOf(key) >= 0))) { serverinfo.manageAllDeviceGroups = true; }
|
||||
if (obj.crossDomain === true) { serverinfo.crossDomain = []; for (var i in parent.parent.config.domains) { serverinfo.crossDomain.push(i); } }
|
||||
if (typeof parent.webCertificateExpire[domain.id] == 'number') { serverinfo.certExpire = parent.webCertificateExpire[domain.id]; }
|
||||
}
|
||||
@@ -6749,7 +6749,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
if (common.validateInt(command.type, 1, 4) == false) return; // Validate type
|
||||
if (common.validateInt(command.groupBy, 1, 3) == false) return; // Validate groupBy: 1 = User, 2 = Device, 3 = Day
|
||||
if ((typeof command.start != 'number') || (typeof command.end != 'number') || (command.start >= command.end)) return; // Validate start and end time
|
||||
const manageAllDeviceGroups = ((user.siteadmin == 0xFFFFFFFF) && (parent.parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0));
|
||||
const manageAllDeviceGroups = ((user.siteadmin == 0xFFFFFFFF) && (parent.parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0 || (Object.keys(user.links).some(key => parent.parent.config.settings.managealldevicegroups.indexOf(key) >= 0))));
|
||||
if ((command.devGroup != null) && (manageAllDeviceGroups == false) && ((user.links == null) || (user.links[command.devGroup] == null))) return; // Asking for a device group that is not allowed
|
||||
|
||||
const msgIdFilter = [5, 10, 11, 12, 122, 123, 124, 125, 126, 144];
|
||||
|
||||
27
webserver.js
27
webserver.js
@@ -288,6 +288,23 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
obj.userGroups[docs[i]._id] = docs[i]; // Get all user groups
|
||||
}
|
||||
|
||||
// Mapping between users and groups
|
||||
for (var ugrpId in obj.userGroups) {
|
||||
const ugrp = obj.userGroups[ugrpId];
|
||||
if (ugrp.links != null) {
|
||||
for (var userId in ugrp.links) {
|
||||
if (userId.startsWith('user/') && (obj.users[userId] != null)) {
|
||||
const user = obj.users[userId];
|
||||
if (user.links == null) { user.links = {}; }
|
||||
if (user.links[ugrpId] == null) {
|
||||
// Adding group link to user
|
||||
user.links[ugrpId] = { rights: ugrp.links[userId].rights || 1 };
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Perform device group link cleanup
|
||||
for (var i in obj.meshes) {
|
||||
const mesh = obj.meshes[i];
|
||||
@@ -8962,7 +8979,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
if ((nodes == null) || (nodes.length != 1)) { func(null, 0, false); return; } // No such nodeid
|
||||
|
||||
// This is a super user that can see all device groups for a given domain
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) && (nodes[0].domain == user.domain)) {
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && ((parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) || (Object.keys(user.links).some(key => parent.config.settings.managealldevicegroups.indexOf(key) >= 0))) && (nodes[0].domain == user.domain)) {
|
||||
func(nodes[0], removeUserRights(0xFFFFFFFF, user), true); return;
|
||||
}
|
||||
|
||||
@@ -9020,7 +9037,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
if (user == null) { return []; }
|
||||
|
||||
var r = [];
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) {
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && ((parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) || (Object.keys(user.links).some(key => parent.config.settings.managealldevicegroups.indexOf(key) >= 0))) ) {
|
||||
// This is a super user that can see all device groups for a given domain
|
||||
var meshStartStr = 'mesh/' + user.domain + '/';
|
||||
for (var i in obj.meshes) { if ((obj.meshes[i]._id.startsWith(meshStartStr)) && (obj.meshes[i].deleted == null)) { r.push(obj.meshes[i]); } }
|
||||
@@ -9051,7 +9068,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
if (typeof user == 'string') { user = obj.users[user]; }
|
||||
if (user == null) { return []; }
|
||||
var r = [];
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0)) {
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && ((parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) || (Object.keys(user.links).some(key => parent.config.settings.managealldevicegroups.indexOf(key) >= 0)))) {
|
||||
// This is a super user that can see all device groups for a given domain
|
||||
var meshStartStr = 'mesh/' + user.domain + '/';
|
||||
for (var i in obj.meshes) { if ((obj.meshes[i]._id.startsWith(meshStartStr)) && (obj.meshes[i].deleted == null)) { r.push(obj.meshes[i]._id); } }
|
||||
@@ -9096,7 +9113,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
} else return 0;
|
||||
|
||||
// Check if this is a super user that can see all device groups for a given domain
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return removeUserRights(0xFFFFFFFF, user); }
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && ((parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) || (Object.keys(user.links).some(key => parent.config.settings.managealldevicegroups.indexOf(key) >= 0))) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return removeUserRights(0xFFFFFFFF, user); }
|
||||
|
||||
// Check direct user to device group permissions
|
||||
if (user.links == null) return 0;
|
||||
@@ -9141,7 +9158,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||
} else return false;
|
||||
|
||||
// Check if this is a super user that can see all device groups for a given domain
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && (parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return true; }
|
||||
if ((user.siteadmin == 0xFFFFFFFF) && ((parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) || (Object.keys(user.links).some(key => parent.config.settings.managealldevicegroups.indexOf(key) >= 0))) && (meshid.startsWith('mesh/' + user.domain + '/'))) { return true; }
|
||||
|
||||
// Check direct user to device group permissions
|
||||
if (user.links == null) { return false; }
|
||||
|
||||
Reference in New Issue
Block a user