Meshctrl.js now shows access denies if you can't access users list.

2025-01-12 15:33:20 -05:00 · 2020-06-12 13:04:23 -07:00 · 2020-06-12 13:04:23 -07:00 · d17a95c6ae
commit d17a95c6ae
parent 55aa66cebf
2 changed files with 7 additions and 6 deletions
--- a/meshctrl.js
+++ b/meshctrl.js
@ -611,11 +611,11 @@ function serverConnect() {
        switch (settings.cmd) {
            case 'serverinfo': { break; }
            case 'userinfo': { break; }
-            case 'listusers': { ws.send(JSON.stringify({ action: 'users' })); break; }
-            case 'listusersessions': { ws.send(JSON.stringify({ action: 'wssessioncount' })); }
-            case 'listusergroups': { ws.send(JSON.stringify({ action: 'usergroups' })); }
-            case 'listdevicegroups': { ws.send(JSON.stringify({ action: 'meshes' })); break; }
-            case 'listusersofdevicegroup': { ws.send(JSON.stringify({ action: 'meshes' })); break; }
+            case 'listusers': { ws.send(JSON.stringify({ action: 'users', responseid: 'meshctrl' })); break; }
+            case 'listusersessions': { ws.send(JSON.stringify({ action: 'wssessioncount', responseid: 'meshctrl' })); }
+            case 'listusergroups': { ws.send(JSON.stringify({ action: 'usergroups', responseid: 'meshctrl' })); }
+            case 'listdevicegroups': { ws.send(JSON.stringify({ action: 'meshes', responseid: 'meshctrl' })); break; }
+            case 'listusersofdevicegroup': { ws.send(JSON.stringify({ action: 'meshes', responseid: 'meshctrl' })); break; }
            case 'listdevices': {
                if (args.group) {
                    ws.send(JSON.stringify({ action: 'nodes', meshname: args.group, responseid: 'meshctrl' }));
@ -885,6 +885,7 @@ function serverConnect() {
                break;
            }
            case 'users': { // LISTUSERS
+                if (data.result) { console.log(data.result); process.exit(); return; }
                if (args.filter) {
                    // Filter the list of users
                    var filters = args.filter.toLowerCase().split(',');
--- a/meshuser.js
+++ b/meshuser.js
@ -1291,7 +1291,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
            case 'users':
                {
                    // Request a list of all users
-                    if ((user.siteadmin & 2) == 0) break;
+                    if ((user.siteadmin & 2) == 0) { if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'users', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } } break; }
                    var docs = [];
                    for (i in parent.users) {
                        if (((obj.crossDomain === true) || (parent.users[i].domain == domain.id)) && (parent.users[i].name != '~')) {