MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-11-07 04:42:54 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add permission checks to user dropdown menu (#7381)

Browse Source 
Menu items are now conditionally rendered based on user rights and server features.
This commit is contained in:
TheDevRyan
2025-10-25 11:59:55 +01:00
committed by GitHub
parent f9bb7315cc
commit d31a7e54dc
1 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
views/default3.handlebars
View File

@@ -2127,6 +2127,13 @@
userImageSrc = 'userimage.ashx?rnd=' + userinfo.accountImageRnd;
}
// Check permissions
var siteRights = userinfo ? userinfo.siteadmin : 0;
var serverFeatures = parseInt('{{{serverfeatures}}}');
var canViewUsers = ((users != null) && ((features & 4) == 0)) || (((userinfo && userinfo.siteadmin & 512) != 0) && ((features & 0x08000000) != 0));
var canViewFiles = (siteRights & 8) != 0;
var canViewServer = (siteRights & 21) && ((serverFeatures & 64) != 0);
logoutControl = '<div id="userDropdown">' +
'<div id="userDropdownButton">' +
'<img id="userDropdownImage" src="' + userImageSrc + '" />' +
@@ -2146,20 +2153,20 @@
'<span>' + "My Events" + '</span>' +
'</div>' +
'<div class="userDropdownMenuItem userDropdownMobileOnly" onclick="goForward(\'users\'); QV(\'userDropdownMenu\', false); QV(\'uiSubmenu\', false); resetChevronArrow(); document.removeEventListener(\'click\', closeUISubmenu);">' +
(canViewUsers ? '<div class="userDropdownMenuItem userDropdownMobileOnly" onclick="goForward(\'users\'); QV(\'userDropdownMenu\', false); QV(\'uiSubmenu\', false); resetChevronArrow(); document.removeEventListener(\'click\', closeUISubmenu);">' +
'<i class="fa fa-users userDropdownMenuIcon"></i>' +
'<span>' + "My Users" + '</span>' +
'</div>' +
'</div>' : '') +
'<div class="userDropdownMenuItem userDropdownMobileOnly" onclick="goForward(\'files\'); QV(\'userDropdownMenu\', false); QV(\'uiSubmenu\', false); resetChevronArrow(); document.removeEventListener(\'click\', closeUISubmenu);">' +
(canViewFiles ? '<div class="userDropdownMenuItem userDropdownMobileOnly" onclick="goForward(\'files\'); QV(\'userDropdownMenu\', false); QV(\'uiSubmenu\', false); resetChevronArrow(); document.removeEventListener(\'click\', closeUISubmenu);">' +
'<i class="fa fa-folder userDropdownMenuIcon"></i>' +
'<span>' + "My Files" + '</span>' +
'</div>' +
'</div>' : '') +
'<div class="userDropdownMenuItem userDropdownMobileOnly" onclick="goForward(\'server\'); QV(\'userDropdownMenu\', false); QV(\'uiSubmenu\', false); resetChevronArrow(); document.removeEventListener(\'click\', closeUISubmenu);">' +
(canViewServer ? '<div class="userDropdownMenuItem userDropdownMobileOnly" onclick="goForward(\'server\'); QV(\'userDropdownMenu\', false); QV(\'uiSubmenu\', false); resetChevronArrow(); document.removeEventListener(\'click\', closeUISubmenu);">' +
'<i class="fa fa-server userDropdownMenuIcon"></i>' +
'<span>' + "My Server" + '</span>' +
'</div>' +
'</div>' : '') +
'<div id="userDropdownMenuDivider" class="userDropdownMobileOnly"></div>' +