From d17a95c6ae839544698a9c853ad3b775367ca99d Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Fri, 12 Jun 2020 13:04:23 -0700
Subject: [PATCH] Meshctrl.js now shows access denies if you can't access users
 list.

---
 meshctrl.js | 11 ++++++-----
 meshuser.js |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/meshctrl.js b/meshctrl.js
index 0820e06a..ffa92bd5 100644
--- a/meshctrl.js
+++ b/meshctrl.js
@@ -611,11 +611,11 @@ function serverConnect() {
         switch (settings.cmd) {
             case 'serverinfo': { break; }
             case 'userinfo': { break; }
-            case 'listusers': { ws.send(JSON.stringify({ action: 'users' })); break; }
-            case 'listusersessions': { ws.send(JSON.stringify({ action: 'wssessioncount' })); }
-            case 'listusergroups': { ws.send(JSON.stringify({ action: 'usergroups' })); }
-            case 'listdevicegroups': { ws.send(JSON.stringify({ action: 'meshes' })); break; }
-            case 'listusersofdevicegroup': { ws.send(JSON.stringify({ action: 'meshes' })); break; }
+            case 'listusers': { ws.send(JSON.stringify({ action: 'users', responseid: 'meshctrl' })); break; }
+            case 'listusersessions': { ws.send(JSON.stringify({ action: 'wssessioncount', responseid: 'meshctrl' })); }
+            case 'listusergroups': { ws.send(JSON.stringify({ action: 'usergroups', responseid: 'meshctrl' })); }
+            case 'listdevicegroups': { ws.send(JSON.stringify({ action: 'meshes', responseid: 'meshctrl' })); break; }
+            case 'listusersofdevicegroup': { ws.send(JSON.stringify({ action: 'meshes', responseid: 'meshctrl' })); break; }
             case 'listdevices': {
                 if (args.group) {
                     ws.send(JSON.stringify({ action: 'nodes', meshname: args.group, responseid: 'meshctrl' }));
@@ -885,6 +885,7 @@ function serverConnect() {
                 break;
             }
             case 'users': { // LISTUSERS
+                if (data.result) { console.log(data.result); process.exit(); return; }
                 if (args.filter) {
                     // Filter the list of users
                     var filters = args.filter.toLowerCase().split(',');
diff --git a/meshuser.js b/meshuser.js
index 88c9e83a..9846bb9a 100644
--- a/meshuser.js
+++ b/meshuser.js
@@ -1291,7 +1291,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
             case 'users':
                 {
                     // Request a list of all users
-                    if ((user.siteadmin & 2) == 0) break;
+                    if ((user.siteadmin & 2) == 0) { if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'users', responseid: command.responseid, result: 'Access denied' })); } catch (ex) { } } break; }
                     var docs = [];
                     for (i in parent.users) {
                         if (((obj.crossDomain === true) || (parent.users[i].domain == domain.id)) && (parent.users[i].name != '~')) {