external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-12 11:01:52 +00:00
Code Issues Releases Wiki Activity

More work on user device permissions.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2020-03-27 00:21:44 -07:00
parent 76edf4e494
commit bd3b788094
2 changed files with 68 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
meshuser.js
View file

@ -1261,19 +1261,37 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
break; break;
} }
// Remove all the mesh links to this user // Remove all links to this user
if (deluser.links != null) { if (deluser.links != null) {
for (meshid in deluser.links) { for (var i in deluser.links) {
// Get the mesh if (i.startsWith('mesh/')) {
mesh = parent.meshes[meshid]; // Get the device group
if (mesh) { mesh = parent.meshes[i];
// Remove user from the mesh if (mesh) {
if (mesh.links[deluser._id] != null) { delete mesh.links[deluser._id]; parent.db.Set(mesh); } // Remove user from the mesh
// Notify mesh change if (mesh.links[deluser._id] != null) { delete mesh.links[deluser._id]; parent.db.Set(mesh); }
change = 'Removed user ' + deluser.name + ' from group ' + mesh.name;
var event = { etype: 'mesh', userid: user._id, username: user.name, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id, invite: mesh.invite }; // Notify mesh change
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come. change = 'Removed user ' + deluser.name + ' from group ' + mesh.name;
parent.parent.DispatchEvent(['*', mesh._id, deluser._id, user._id], obj, event); var event = { etype: 'mesh', userid: user._id, username: user.name, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id, invite: mesh.invite };
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
parent.parent.DispatchEvent(['*', mesh._id, deluser._id, user._id], obj, event);
}
} else if (i.startsWith('node/')) {
// Get the node and the rights for this node
parent.GetNodeWithRights(domain, deluser, i, function (node, rights, visible) {
if ((node == null) || (node.links == null) || (node.links[deluser._id] == null)) return;
// Remove the link and save the node to the database
delete node.links[deluser._id];
if (Object.keys(node.links).length == 0) { delete node.links; }
db.Set(node);
// Event the node change
var event = { etype: 'node', userid: user._id, username: user.name, action: 'changenode', nodeid: node._id, domain: domain.id, msg: (command.rights == 0) ? ('Removed user device rights for ' + node.name) : ('Changed user device rights for ' + node.name), node: parent.CloneSafeNode(node) }
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
parent.parent.DispatchEvent(['*', node.meshid, node._id], obj, event);
});
} }
} }
} }
@ -2255,6 +2273,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Delete all devices attached to this mesh in the database // Delete all devices attached to this mesh in the database
db.RemoveMeshDocuments(command.meshid); db.RemoveMeshDocuments(command.meshid);
// TODO: We are possibly deleting devices that users will have links to. We need to clean up the broken links from on occasion.
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deletemesh', responseid: command.responseid, result: 'ok' })); } catch (ex) { } } if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deletemesh', responseid: command.responseid, result: 'ok' })); } catch (ex) { } }
break; break;

54
webserver.js
View file

@ -1346,32 +1346,52 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Check if the password is correct // Check if the password is correct
obj.authenticate(user.name, req.body.apassword1, domain, function (err, userid) { obj.authenticate(user.name, req.body.apassword1, domain, function (err, userid) {
var user = obj.users[userid]; var deluser = obj.users[userid];
if (user) { if ((deluser != null) || (userid == null)) {
// Remove all the mesh links to this user // Remove all links to this user
if (user.links != null) { if (deluser.links != null) {
for (var meshid in user.links) { for (var i in deluser.links) {
// Get the mesh if (i.startsWith('mesh/')) {
var mesh = obj.meshes[meshid]; // Get the device group
if (mesh) { mesh = parent.meshes[i];
// Remove user from the mesh if (mesh) {
if (mesh.links[userid] != null) { delete mesh.links[userid]; obj.db.Set(mesh); } // Remove user from the mesh
// Notify mesh change if (mesh.links[deluser._id] != null) { delete mesh.links[deluser._id]; parent.db.Set(mesh); }
var change = 'Removed user ' + user.name + ' from group ' + mesh.name;
obj.parent.DispatchEvent(['*', mesh._id, user._id, userid], obj, { etype: 'mesh', userid: user._id, username: user.name, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id }); // Notify mesh change
change = 'Removed user ' + deluser.name + ' from group ' + mesh.name;
var event = { etype: 'mesh', userid: user._id, username: user.name, meshid: mesh._id, name: mesh.name, mtype: mesh.mtype, desc: mesh.desc, action: 'meshchange', links: mesh.links, msg: change, domain: domain.id, invite: mesh.invite };
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
parent.parent.DispatchEvent(['*', mesh._id, deluser._id, user._id], obj, event);
}
} else if (i.startsWith('node/')) {
// Get the node and the rights for this node
parent.GetNodeWithRights(domain, deluser, i, function (node, rights, visible) {
if ((node == null) || (node.links == null) || (node.links[deluser._id] == null)) return;
// Remove the link and save the node to the database
delete node.links[deluser._id];
if (Object.keys(node.links).length == 0) { delete node.links; }
db.Set(node);
// Event the node change
var event = { etype: 'node', userid: user._id, username: user.name, action: 'changenode', nodeid: node._id, domain: domain.id, msg: (command.rights == 0) ? ('Removed user device rights for ' + node.name) : ('Changed user device rights for ' + node.name), node: parent.CloneSafeNode(node) }
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
parent.parent.DispatchEvent(['*', node.meshid, node._id], obj, event);
});
} }
} }
} }
// Remove notes for this user // Remove notes for this user
obj.db.Remove('nt' + user._id); obj.db.Remove('nt' + deluser._id);
// Remove the user // Remove the user
obj.db.Remove(user._id); obj.db.Remove(deluser._id);
delete obj.users[user._id]; delete obj.users[deluser._id];
req.session = null; req.session = null;
if (direct === true) { handleRootRequestEx(req, res, domain); } else { res.redirect(domain.url + getQueryPortion(req)); } if (direct === true) { handleRootRequestEx(req, res, domain); } else { res.redirect(domain.url + getQueryPortion(req)); }
obj.parent.DispatchEvent(['*', 'server-users'], obj, { etype: 'user', userid: user._id, username: user.name, action: 'accountremove', msg: 'Account removed', domain: domain.id }); obj.parent.DispatchEvent(['*', 'server-users'], obj, { etype: 'user', userid: deluser._id, username: deluser.name, action: 'accountremove', msg: 'Account removed', domain: domain.id });
parent.debug('web', 'handleDeleteAccountRequest: removed user.'); parent.debug('web', 'handleDeleteAccountRequest: removed user.');
} else { } else {
parent.debug('web', 'handleDeleteAccountRequest: auth failed.'); parent.debug('web', 'handleDeleteAccountRequest: auth failed.');