From dbfb1c51229053de5e6e1a4583cb20a6f4a6a857 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Sat, 18 Apr 2020 19:17:44 -0700 Subject: [PATCH] Access control fixes. --- meshuser.js | 17 ++-- translate/translate.json | 191 ++++++++++++++++++++------------------- views/default.handlebars | 31 +++++-- 3 files changed, 131 insertions(+), 108 deletions(-) diff --git a/meshuser.js b/meshuser.js index 7eac86ec..77833e31 100644 --- a/meshuser.js +++ b/meshuser.js @@ -2436,6 +2436,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use } } + var selfMeshRights = 0; try { if (common.validateString(command.meshid, 1, 1024) == false) { err = 'Invalid groupid'; } // Check the meshid else if (common.validateInt(command.meshadmin) == false) { err = 'Invalid group rights'; } // Mesh rights must be an integer @@ -2444,7 +2445,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use if (command.meshid.indexOf('/') == -1) { command.meshid = 'mesh/' + domain.id + '/' + command.meshid; } mesh = parent.meshes[command.meshid]; if (mesh == null) { err = 'Unknown group'; } - else if ((parent.GetMeshRights(user, mesh) & MESHRIGHT_MANAGEUSERS) == 0) { err = 'Permission denied'; } + else if (((selfMeshRights = parent.GetMeshRights(user, mesh)) & MESHRIGHT_MANAGEUSERS) == 0) { err = 'Permission denied'; } else if ((command.meshid.split('/').length != 3) || (command.meshid.split('/')[1] != domain.id)) { err = 'Invalid domain'; } // Invalid domain, operation only valid for current domain } } catch (ex) { err = 'Validation exception: ' + ex; } @@ -2475,16 +2476,20 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use if (newuser != null) { // Can't add or modify self - if (newuserid == obj.user._id) { errors.push("Can't change self."); continue; } + if (newuserid == obj.user._id) { msgs.push("Can't change self"); continue; } + + var targetMeshRights = 0; + if (newuser.links[command.meshid]) { targetMeshRights = newuser.links[command.meshid].rights; } + if ((targetMeshRights == 0xFFFFFFFF) && (selfMeshRights != 0xFFFFFFFF)) { msgs.push("Can't change rights of device group administrator"); continue; } // A non-admin can't kick out an admin if (command.remove === true) { // Remove mesh from user or user group - var selfMeshRights = parent.GetMeshRights(user, mesh); - var delmeshrights = 0; - if (newuser.links[command.meshid]) { delmeshrights = newuser.links[command.meshid].rights; } - if ((delmeshrights == 0xFFFFFFFF) && (selfMeshRights != 0xFFFFFFFF)) { console.log('ttt', delmeshrights, selfMeshRights); errors.push("Can't remove device group administrator."); continue; } // A non-admin can't kick out an admin delete newuser.links[command.meshid]; } else { + // Adjust rights since we can't add more rights that we have outself for MESHRIGHT_MANAGEUSERS + if ((selfMeshRights != 0xFFFFFFFF) && (command.meshadmin == 0xFFFFFFFF)) { msgs.push("Can't set device group administrator, if not administrator"); continue; } + if (((selfMeshRights & 2) == 0) && ((command.meshadmin & 2) != 0) && ((targetMeshRights & 2) == 0)) { command.meshadmin -= 2; } + // Add mesh to user or user group if (newuser.links == null) { newuser.links = {}; } if (newuser.links[command.meshid]) { newuser.links[command.meshid].rights = command.meshadmin; } else { newuser.links[command.meshid] = { rights: command.meshadmin }; } diff --git a/translate/translate.json b/translate/translate.json index 915d8c47..a28de583 100644 --- a/translate/translate.json +++ b/translate/translate.json @@ -605,7 +605,7 @@ "default-mobile.handlebars->9->244", "default-mobile.handlebars->9->70", "default.handlebars->29->1312", - "default.handlebars->29->1608", + "default.handlebars->29->1610", "default.handlebars->29->716" ] }, @@ -2375,7 +2375,7 @@ "ru": "Добавить участие", "zh-chs": "添加會員", "xloc": [ - "default.handlebars->29->1604" + "default.handlebars->29->1606" ] }, { @@ -2907,7 +2907,7 @@ "ru": "Счетчик ошибок агента", "zh-chs": "座席錯誤計數器", "xloc": [ - "default.handlebars->29->1617" + "default.handlebars->29->1619" ] }, { @@ -2976,7 +2976,7 @@ "ru": "Сессии агентов", "zh-chs": "座席會議", "xloc": [ - "default.handlebars->29->1633" + "default.handlebars->29->1635" ] }, { @@ -3099,7 +3099,7 @@ "ru": "Агенты", "zh-chs": "代理商", "xloc": [ - "default.handlebars->29->1646" + "default.handlebars->29->1648" ] }, { @@ -3909,7 +3909,7 @@ "ru": "Вы уверенны, что {0} плагин: {1}", "zh-chs": "您確定要{0}插件嗎:{1}", "xloc": [ - "default.handlebars->29->1686" + "default.handlebars->29->1688" ] }, { @@ -4322,7 +4322,7 @@ "ru": "Плохой ключ", "zh-chs": "錯誤的簽名", "xloc": [ - "default.handlebars->29->1624" + "default.handlebars->29->1626" ] }, { @@ -4339,7 +4339,7 @@ "ru": "Плохой веб-сертификат", "zh-chs": "錯誤的網絡證書", "xloc": [ - "default.handlebars->29->1623" + "default.handlebars->29->1625" ] }, { @@ -4600,7 +4600,7 @@ "ru": "CIRA Сервер", "zh-chs": "CIRA服務器", "xloc": [ - "default.handlebars->29->1674" + "default.handlebars->29->1676" ] }, { @@ -4617,7 +4617,7 @@ "ru": "CIRA Сервер команды", "zh-chs": "CIRA服務器命令", "xloc": [ - "default.handlebars->29->1675" + "default.handlebars->29->1677" ] }, { @@ -4634,7 +4634,7 @@ "ru": "Загрузка CPU", "zh-chs": "CPU負載", "xloc": [ - "default.handlebars->29->1638" + "default.handlebars->29->1640" ] }, { @@ -4651,7 +4651,7 @@ "ru": "Загрузка CPU за последние 15 минут", "zh-chs": "最近15分鐘的CPU負載", "xloc": [ - "default.handlebars->29->1641" + "default.handlebars->29->1643" ] }, { @@ -4668,7 +4668,7 @@ "ru": "Загрузка CPU за последние 5 минут", "zh-chs": "最近5分鐘的CPU負載", "xloc": [ - "default.handlebars->29->1640" + "default.handlebars->29->1642" ] }, { @@ -4685,7 +4685,7 @@ "ru": "Загрузка CPU за последнюю минуту", "zh-chs": "最後一分鐘的CPU負載", "xloc": [ - "default.handlebars->29->1639" + "default.handlebars->29->1641" ] }, { @@ -4740,7 +4740,7 @@ "ru": "Ошибка вызова", "zh-chs": "通話錯誤", "xloc": [ - "default.handlebars->29->1687" + "default.handlebars->29->1689" ] }, { @@ -5166,7 +5166,7 @@ "ru": "Проверка...", "zh-chs": "檢查...", "xloc": [ - "default.handlebars->29->1681", + "default.handlebars->29->1683", "default.handlebars->29->841" ] }, @@ -5414,7 +5414,7 @@ "zh-chs": "清除此通知", "es": "Borrar esta notificación", "xloc": [ - "default.handlebars->29->1611" + "default.handlebars->29->1613" ] }, { @@ -5790,7 +5790,7 @@ "en": "Confirm membership removal of user group \\\"{0}\\\"?", "nl": "Bevestig lidmaatschap verwijdering van gebruikergroep \\\"{0}\\\"?", "xloc": [ - "default.handlebars->29->1602" + "default.handlebars->29->1604" ] }, { @@ -5859,7 +5859,7 @@ "nl": "Bevestig verwijdering van toegangsrechten voor apparaatgroep \\\"{0}\\\"?", "xloc": [ "default.handlebars->29->1494", - "default.handlebars->29->1606" + "default.handlebars->29->1608" ] }, { @@ -5873,7 +5873,14 @@ "en": "Confirm removal of access rights for user group \\\"{0}\\\"?", "nl": "Bevestig verwijdering van toegangsrechten voor gebruikergroep \\\"{0}\\\"?", "xloc": [ - "default.handlebars->29->1599" + "default.handlebars->29->1600" + ] + }, + { + "en": "Confirm removal of access rights?", + "xloc": [ + "default.handlebars->29->1598", + "default.handlebars->29->1601" ] }, { @@ -6097,7 +6104,7 @@ "ru": "Подключено Intel® AMT", "zh-chs": "連接的英特爾®AMT", "xloc": [ - "default.handlebars->29->1629" + "default.handlebars->29->1631" ] }, { @@ -6114,7 +6121,7 @@ "ru": "Подключенные пользователи", "zh-chs": "關聯用戶", "xloc": [ - "default.handlebars->29->1634" + "default.handlebars->29->1636" ] }, { @@ -6190,7 +6197,7 @@ "ru": "Подключений ", "zh-chs": "連接數", "xloc": [ - "default.handlebars->29->1645" + "default.handlebars->29->1647" ] }, { @@ -6207,7 +6214,7 @@ "ru": "Ретранслятор подключения", "zh-chs": "連接繼電器", "xloc": [ - "default.handlebars->29->1673" + "default.handlebars->29->1675" ] }, { @@ -6332,7 +6339,7 @@ "ru": "Cookie-кодировщик", "zh-chs": "Cookie編碼器", "xloc": [ - "default.handlebars->29->1659" + "default.handlebars->29->1661" ] }, { @@ -6633,7 +6640,7 @@ "ru": "Основной сервер", "zh-chs": "核心服務器", "xloc": [ - "default.handlebars->29->1658" + "default.handlebars->29->1660" ] }, { @@ -7802,7 +7809,7 @@ "default.handlebars->29->1447", "default.handlebars->29->1469", "default.handlebars->29->1531", - "default.handlebars->29->1632", + "default.handlebars->29->1634", "default.handlebars->container->column_l->p2->p2info->7" ] }, @@ -8819,7 +8826,7 @@ "en": "Duplicate Agent", "nl": "Dubbele agent", "xloc": [ - "default.handlebars->29->1628" + "default.handlebars->29->1630" ] }, { @@ -9342,7 +9349,7 @@ "zh-chs": "电子邮件流量", "es": "Tráfico de correo electrónico", "xloc": [ - "default.handlebars->29->1667" + "default.handlebars->29->1669" ] }, { @@ -10110,7 +10117,7 @@ "ru": "Внешний", "zh-chs": "外部", "xloc": [ - "default.handlebars->29->1652" + "default.handlebars->29->1654" ] }, { @@ -10596,8 +10603,8 @@ "ru": "Свободно", "zh-chs": "自由", "xloc": [ - "default.handlebars->29->1613", - "default.handlebars->29->1615" + "default.handlebars->29->1615", + "default.handlebars->29->1617" ] }, { @@ -11486,7 +11493,7 @@ "ru": "Всего кучи", "zh-chs": "堆總數", "xloc": [ - "default.handlebars->29->1654" + "default.handlebars->29->1656" ] }, { @@ -11503,7 +11510,7 @@ "ru": "Куча используется", "zh-chs": "堆使用", "xloc": [ - "default.handlebars->29->1653" + "default.handlebars->29->1655" ] }, { @@ -12275,8 +12282,8 @@ "xloc": [ "default.handlebars->29->1301", "default.handlebars->29->1307", - "default.handlebars->29->1650", - "default.handlebars->29->1672" + "default.handlebars->29->1652", + "default.handlebars->29->1674" ] }, { @@ -12981,7 +12988,7 @@ "ru": "Некорректный тип группы устройств", "zh-chs": "無效的設備組類型", "xloc": [ - "default.handlebars->29->1627" + "default.handlebars->29->1629" ] }, { @@ -12998,7 +13005,7 @@ "ru": "Некорректный JSON", "zh-chs": "無效的JSON", "xloc": [ - "default.handlebars->29->1621" + "default.handlebars->29->1623" ] }, { @@ -13050,7 +13057,7 @@ "ru": "Некорректная сигнатура PKCS", "zh-chs": "無效的PKCS簽名", "xloc": [ - "default.handlebars->29->1619" + "default.handlebars->29->1621" ] }, { @@ -13067,7 +13074,7 @@ "ru": "Некорректная сигнатура RSA", "zh-chs": "無效的RSA密碼", "xloc": [ - "default.handlebars->29->1620" + "default.handlebars->29->1622" ] }, { @@ -14128,7 +14135,7 @@ "ru": "Меньше", "zh-chs": "減", "xloc": [ - "default.handlebars->29->1689" + "default.handlebars->29->1691" ] }, { @@ -15204,7 +15211,7 @@ "ru": "Сообщения главного сервера", "zh-chs": "主服務器消息", "xloc": [ - "default.handlebars->29->1661" + "default.handlebars->29->1663" ] }, { @@ -15605,7 +15612,7 @@ "ru": "Достигнуто максимальное число сессий", "zh-chs": "達到的會話數上限", "xloc": [ - "default.handlebars->29->1625" + "default.handlebars->29->1627" ] }, { @@ -15659,7 +15666,7 @@ "ru": "Мегабайт", "zh-chs": "兆字節", "xloc": [ - "default.handlebars->29->1651" + "default.handlebars->29->1653" ] }, { @@ -15676,7 +15683,7 @@ "ru": "ОЗУ", "zh-chs": "記憶", "xloc": [ - "default.handlebars->29->1642", + "default.handlebars->29->1644", "default.handlebars->29->806", "default.handlebars->container->column_l->p40->3->1->p40type->3" ] @@ -15812,7 +15819,7 @@ "ru": "Трафик MeshAgent", "zh-chs": "MeshAgent流量", "xloc": [ - "default.handlebars->29->1663" + "default.handlebars->29->1665" ] }, { @@ -15829,7 +15836,7 @@ "ru": "Обновление MeshAgent", "zh-chs": "MeshAgent更新", "xloc": [ - "default.handlebars->29->1664" + "default.handlebars->29->1666" ] }, { @@ -15932,7 +15939,7 @@ "ru": "Соединения сервера MeshCentral", "zh-chs": "MeshCentral服務器對等", "xloc": [ - "default.handlebars->29->1662" + "default.handlebars->29->1664" ] }, { @@ -16195,7 +16202,7 @@ "ru": "Диспетчер сообщения", "zh-chs": "郵件調度程序", "xloc": [ - "default.handlebars->29->1660" + "default.handlebars->29->1662" ] }, { @@ -16326,7 +16333,7 @@ "ru": "Еще", "zh-chs": "更多", "xloc": [ - "default.handlebars->29->1688" + "default.handlebars->29->1690" ] }, { @@ -17052,7 +17059,7 @@ "zh-chs": "找不到活動", "xloc": [ "default.handlebars->29->1350", - "default.handlebars->29->1607", + "default.handlebars->29->1609", "default.handlebars->29->754" ] }, @@ -18162,7 +18169,7 @@ "ru": "Произошло в {0}", "zh-chs": "發生在{0}", "xloc": [ - "default.handlebars->29->1610" + "default.handlebars->29->1612" ] }, { @@ -19192,7 +19199,7 @@ "zh-chs": "插件動作", "xloc": [ "default.handlebars->29->164", - "default.handlebars->29->1685" + "default.handlebars->29->1687" ] }, { @@ -19908,7 +19915,7 @@ "ru": "RSS", "zh-chs": "的RSS", "xloc": [ - "default.handlebars->29->1655" + "default.handlebars->29->1657" ] }, { @@ -20092,7 +20099,7 @@ "ru": "Число ретрансляций", "zh-chs": "中繼計數", "xloc": [ - "default.handlebars->29->1637" + "default.handlebars->29->1639" ] }, { @@ -20109,7 +20116,7 @@ "ru": "Ошибки ретранслятора", "zh-chs": "中繼錯誤", "xloc": [ - "default.handlebars->29->1630" + "default.handlebars->29->1632" ] }, { @@ -20126,8 +20133,8 @@ "ru": "Сессии ретранслятора", "zh-chs": "接力會議", "xloc": [ - "default.handlebars->29->1636", - "default.handlebars->29->1649" + "default.handlebars->29->1638", + "default.handlebars->29->1651" ] }, { @@ -20419,7 +20426,7 @@ "nl": "Apparaatgroepmachtigingen verwijderen", "xloc": [ "default.handlebars->29->1493", - "default.handlebars->29->1605" + "default.handlebars->29->1607" ] }, { @@ -20448,7 +20455,7 @@ "en": "Remove User Group Membership", "nl": "Lidmaatschap van gebruikersgroep verwijderen", "xloc": [ - "default.handlebars->29->1601" + "default.handlebars->29->1603" ] }, { @@ -20456,7 +20463,7 @@ "nl": "Gebruikersgroepmachtigingen verwijderen", "xloc": [ "default.handlebars->29->1277", - "default.handlebars->29->1598" + "default.handlebars->29->1599" ] }, { @@ -21950,7 +21957,7 @@ "ru": "Сертификат сервера", "zh-chs": "服務器證書", "xloc": [ - "default.handlebars->29->1665" + "default.handlebars->29->1667" ] }, { @@ -21967,7 +21974,7 @@ "zh-chs": "服務器數據庫", "es": "Base de Datos del Servidor", "xloc": [ - "default.handlebars->29->1666" + "default.handlebars->29->1668" ] }, { @@ -22076,7 +22083,7 @@ "ru": "Состояние сервера", "zh-chs": "服務器狀態", "xloc": [ - "default.handlebars->29->1616" + "default.handlebars->29->1618" ] }, { @@ -22110,7 +22117,7 @@ "ru": "Трассировка сервера", "zh-chs": "服務器跟踪", "xloc": [ - "default.handlebars->29->1676" + "default.handlebars->29->1678" ] }, { @@ -22249,7 +22256,7 @@ "ru": "ServerStats.csv", "zh-chs": "ServerStats.csv", "xloc": [ - "default.handlebars->29->1657" + "default.handlebars->29->1659" ] }, { @@ -24319,7 +24326,7 @@ "ru": "На данный момент уведомлений нет", "zh-chs": "目前沒有任何通知", "xloc": [ - "default.handlebars->29->1609" + "default.handlebars->29->1611" ] }, { @@ -25525,7 +25532,7 @@ "default-mobile.handlebars->9->174", "default-mobile.handlebars->9->175", "default.handlebars->29->13", - "default.handlebars->29->1600", + "default.handlebars->29->1602", "default.handlebars->29->374", "default.handlebars->29->41", "default.handlebars->29->42", @@ -25570,7 +25577,7 @@ "ru": "Неизвестное действие", "zh-chs": "未知動作", "xloc": [ - "default.handlebars->29->1622" + "default.handlebars->29->1624" ] }, { @@ -25607,7 +25614,7 @@ "xloc": [ "default.handlebars->29->1480", "default.handlebars->29->1578", - "default.handlebars->29->1626" + "default.handlebars->29->1628" ] }, { @@ -25624,7 +25631,7 @@ "ru": "Неизвестная группа", "zh-chs": "未知群組", "xloc": [ - "default.handlebars->29->1618" + "default.handlebars->29->1620" ] }, { @@ -25741,7 +25748,7 @@ "ru": "Актуально", "zh-chs": "最新", "xloc": [ - "default.handlebars->29->1683" + "default.handlebars->29->1685" ] }, { @@ -25990,8 +25997,8 @@ "ru": "Использовано", "zh-chs": "用過的", "xloc": [ - "default.handlebars->29->1612", - "default.handlebars->29->1614" + "default.handlebars->29->1614", + "default.handlebars->29->1616" ] }, { @@ -26067,7 +26074,7 @@ "ru": "Учетные записи пользователей", "zh-chs": "用戶帳號", "xloc": [ - "default.handlebars->29->1631" + "default.handlebars->29->1633" ] }, { @@ -26126,7 +26133,7 @@ "default.handlebars->29->1211", "default.handlebars->29->1458", "default.handlebars->29->1586", - "default.handlebars->29->1603", + "default.handlebars->29->1605", "default.handlebars->29->555" ] }, @@ -26277,7 +26284,7 @@ "ru": "Сессии пользователя", "zh-chs": "用戶會話", "xloc": [ - "default.handlebars->29->1648" + "default.handlebars->29->1650" ] }, { @@ -26462,7 +26469,7 @@ "xloc": [ "default.handlebars->29->1446", "default.handlebars->29->1468", - "default.handlebars->29->1647", + "default.handlebars->29->1649", "default.handlebars->container->topbar->1->1->UsersSubMenuSpan->UsersSubMenu->1->0->UsersGeneral" ] }, @@ -26480,7 +26487,7 @@ "ru": "Сессии пользователей", "zh-chs": "用戶會話", "xloc": [ - "default.handlebars->29->1635" + "default.handlebars->29->1637" ] }, { @@ -26619,7 +26626,7 @@ "zh-chs": "版本不兼容,请先升级您的MeshCentral安装", "es": "Versión Incompatible, por favor primero actualice su instalación de MeshCentral", "xloc": [ - "default.handlebars->29->1679" + "default.handlebars->29->1681" ] }, { @@ -26685,8 +26692,8 @@ "zh-chs": "查看变更日志", "es": "Ver registro de cambios", "xloc": [ - "default.handlebars->29->1682", - "default.handlebars->29->1684" + "default.handlebars->29->1684", + "default.handlebars->29->1686" ] }, { @@ -26929,8 +26936,8 @@ "ru": "Веб-сервер", "zh-chs": "網絡服務器", "xloc": [ - "default.handlebars->29->1668", - "default.handlebars->29->1669" + "default.handlebars->29->1670", + "default.handlebars->29->1671" ] }, { @@ -26947,7 +26954,7 @@ "ru": "Запросы веб-сервера", "zh-chs": "Web服務器請求", "xloc": [ - "default.handlebars->29->1670" + "default.handlebars->29->1672" ] }, { @@ -26964,7 +26971,7 @@ "ru": "Ретранслятор Web Socket", "zh-chs": "Web套接字中繼", "xloc": [ - "default.handlebars->29->1671" + "default.handlebars->29->1673" ] }, { @@ -27985,7 +27992,7 @@ "ru": "\\\\'", "zh-chs": "\\\\'", "xloc": [ - "default.handlebars->29->1680" + "default.handlebars->29->1682" ] }, { @@ -28256,7 +28263,7 @@ "ru": "свободно", "zh-chs": "自由", "xloc": [ - "default.handlebars->29->1643" + "default.handlebars->29->1645" ] }, { @@ -28612,7 +28619,7 @@ "ru": "servertrace.csv", "zh-chs": "servertrace.csv", "xloc": [ - "default.handlebars->29->1678" + "default.handlebars->29->1680" ] }, { @@ -28665,7 +28672,7 @@ "zh-chs": "時間,conn.agent,conn.users,conn.usersessions,conn.relaysession,conn.intelamt,mem.external,mem.heapused,mem.heaptotal,mem.rss", "es": "time, conn.agent, conn.users, conn.usersessions, conn.relaysession, conn.intelamt, mem.external, mem.heapused, mem.heaptotal, mem.rss", "xloc": [ - "default.handlebars->29->1656" + "default.handlebars->29->1658" ] }, { @@ -28682,7 +28689,7 @@ "ru": "time, source, message", "zh-chs": "時間,來源,訊息", "xloc": [ - "default.handlebars->29->1677" + "default.handlebars->29->1679" ] }, { @@ -28713,7 +28720,7 @@ "ru": "всего", "zh-chs": "總", "xloc": [ - "default.handlebars->29->1644" + "default.handlebars->29->1646" ] }, { diff --git a/views/default.handlebars b/views/default.handlebars index bbb74e5b..86ef449b 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -1811,11 +1811,11 @@ var groupCount = 0; if (Array.isArray(message.ugroups)) { usergroups = {}; - for (var i in message.ugroups) { groupCount++; usergroups[message.ugroups[i]._id] = message.ugroups[i]; } + for (var i in message.ugroups) { groupCount++; usergroups[message.ugroups[i]._id] = message.ugroups[i]; } if (groupCount == 0) { usergroups = null; } } else { usergroups = message.ugroups; - for (var i in message.ugroups) { groupCount++; } + for (var i in message.ugroups) { groupCount++; message.ugroups[i]._id = i; } if (groupCount == 0) { usergroups = null; } } masterUpdate(8192); @@ -8692,6 +8692,7 @@ if (userid == null) { setDialogMode(2, "Add Users to Device Group", 3, p20showAddMeshUserDialogEx, x); + QE('p20fulladmin', GetMeshRights(currentMesh) == 0xFFFFFFFF); Q('dp20username').focus(); } else if (userid === 1) { setDialogMode(2, (selected == null)?"Add Device Group Permissions":"Edit Device Group Permissions", selected?7:3, p20showAddMeshUserDialogEx, x, userid); @@ -8699,6 +8700,7 @@ if (urights == 0xFFFFFFFF) { Q('p20fulladmin').checked = true; urights = -1; } } else if (userid === 2) { setDialogMode(2, "Add User Group", 3, p20showAddMeshUserDialogEx, x, userid); + QE('p20fulladmin', GetMeshRights(currentMesh) == 0xFFFFFFFF); } else if (userid === 3) { setDialogMode(2, (selected == null)?"Add Device Group":"Edit Device Group", selected?7:3, p20showAddMeshUserDialogEx, x, userid); QE('dp2groupid', selected == null); @@ -8733,6 +8735,7 @@ } var cmeshrights = GetMeshRights(currentMesh), urights = GetMeshRights(currentMesh, userid); if (urights == 0xFFFFFFFF) { Q('p20fulladmin').checked = true; urights = -1; } + QE('p20fulladmin', GetMeshRights(currentMesh) == 0xFFFFFFFF); } if (urights != -1) { @@ -10808,12 +10811,14 @@ function p30removeUserFromNode(event, userid) { if (xxdialogMode) return; - var user = users[decodeURIComponent(userid)]; - if (user != null) { - setDialogMode(2, "Remove User Permissions", 3, function(b, user) { meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, userids: [ user._id ], rights: 0, remove: true }); }, format("Confirm removal of access rights for user \"{0}\"?", user.name), user); - } else if (usergroups != null) { - user = usergroups[decodeURIComponent(userid)]; - if (user != null) { setDialogMode(2, "Remove User Group Permissions", 3, function(b, user) { meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, userids: [ user._id ], rights: 0, remove: true }); }, format("Confirm removal of access rights for user group \"{0}\"?", user.name), user); } + var user = null, name = ''; + userid = decodeURIComponent(userid); + if (userid.startsWith('user/')) { + if (users) { user = users[userid]; if (user != null) { name = user.name; } } + setDialogMode(2, "Remove User Permissions", 3, function(b, user) { meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, userids: [ userid ], rights: 0, remove: true }); }, name?format("Confirm removal of access rights for user \"{0}\"?", name):"Confirm removal of access rights?", user); + } else if (userid.startsWith('ugrp/')) { + if (usergroups) { user = usergroups[userid]; if (user != null) { name = user.name; } } + setDialogMode(2, "Remove User Group Permissions", 3, function(b, user) { meshserver.send({ action: 'adddeviceuser', nodeid: currentNode._id, nodename: currentNode.name, userids: [ userid ], rights: 0, remove: true }); }, name?format("Confirm removal of access rights for user group \"{0}\"?", name):"Confirm removal of access rights?", user); } } @@ -11483,8 +11488,14 @@ if (event && (event.shiftKey == true) && (x != 15) && ('{{currentNode}}' == '')) { // Open the device in a different tab if ((x >= 10) && (x <= 19)) { - if (currentNode) { window.open(window.location.origin + '?node=' + currentNode._id.split('/')[2] + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentNode._id); } - } else if (x < 10) { + if (currentNode) { window.open(window.location.origin + '?gotonode=' + currentNode._id.split('/')[2] + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentNode._id); } + } else if ((x >= 20) && (x <= 29)) { + if (currentMesh) { window.open(window.location.origin + '?gotomesh=' + currentMesh._id.split('/')[2] + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentMesh._id); } + } else if ((x >= 30) && (x <= 39)) { + if (currentUser) { window.open(window.location.origin + '?gotouser=' + currentUser._id.split('/')[2] + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentUser._id); } + } else if ((x >= 50) && (x <= 59)) { + if (currentUserGroup) { window.open(window.location.origin + '?gotougrp=' + currentUserGroup._id.split('/')[2] + '&viewmode=' + x + '&hide=16', 'meshcentral:' + currentUserGroup._id); } + } else { // if (x < 10)) window.open(window.location.origin + '?viewmode=' + x + '&hide=0', 'meshcentral:' + x); } return;