external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Added function handler for adddeviceuser

Browse source
This commit is contained in:
Noah Zalev 2022-01-08 14:46:55 -05:00
parent 89e5572130
commit e0915f97f8
1 changed files with 137 additions and 137 deletions
Download patch file Download diff file Expand all files Collapse all files

274
meshuser.js
View file

@ -2171,143 +2171,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'editmesh', responseid: command.responseid, result: 'ok' })); } catch (ex) { } }
break;
}
case 'adddeviceuser': {
if (typeof command.userid == 'string') { command.userids = [command.userid]; }
var err = null, nodeIdSplit;
try {
if (common.validateString(command.nodeid, 1, 1024) == false) { err = 'Invalid nodeid'; } // Check the nodeid
else if (common.validateInt(command.rights) == false) { err = 'Invalid rights'; } // Device rights must be an integer
else if ((command.rights & 7) != 0) { err = 'Invalid rights'; } // EDITMESH, MANAGEUSERS or MANAGECOMPUTERS rights can't be assigned to a user to device link
else if ((common.validateStrArray(command.usernames, 1, 64) == false) && (common.validateStrArray(command.userids, 1, 128) == false)) { err = 'Invalid usernames'; } // Username is between 1 and 64 characters
else {
if (command.nodeid.indexOf('/') == -1) { command.nodeid = 'node/' + domain.id + '/' + command.nodeid; }
else if ((command.nodeid.split('/').length != 3) || (command.nodeid.split('/')[1] != domain.id)) { err = 'Invalid domain'; } // Invalid domain, operation only valid for current domain
}
} catch (ex) { err = 'Validation exception: ' + ex; }
// Handle any errors
if (err != null) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'adddeviceuser', responseid: command.responseid, result: err })); } catch (ex) { } }
break;
}
// Convert user names to userid's
if (command.userids == null) {
command.userids = [];
for (var i in command.usernames) {
if (command.usernames[i] != null) {
if (parent.users['user/' + domain.id + '/' + command.usernames[i].toLowerCase()] != null) { command.userids.push('user/' + domain.id + '/' + command.usernames[i].toLowerCase()); }
else if (parent.users['user/' + domain.id + '/' + command.usernames[i]] != null) { command.userids.push('user/' + domain.id + '/' + command.usernames[i]); }
}
}
}
// Get the node and the rights for this node
parent.GetNodeWithRights(domain, user, command.nodeid, function (node, rights, visible) {
// Check if already in the right mesh
if ((node == null) || (node.meshid == command.meshid)) return;
var dispatchTargets = ['*', node.meshid, node._id];
// Check that we have rights to manage users on this device
if ((rights & MESHRIGHT_MANAGEUSERS) == 0) return;
// Add the new link to the users
var nodeChanged = false;
for (var i in command.userids) {
var newuserid = command.userids[i];
// Add a user
var newuser = null;
if (newuserid.startsWith('ugrp/')) { newuser = parent.userGroups[newuserid]; }
if (newuserid.startsWith('user/')) {
newuser = parent.users[newuserid];
// Search for a user name in that windows domain is the username starts with *\
if ((newuser == null) && (newuserid.startsWith('user/' + domain.id + '/*\\')) == true) {
var search = newuserid.split('/')[2].substring(1);
for (var i in parent.users) { if (i.endsWith(search) && (parent.users[i].domain == domain.id)) { newuser = parent.users[i]; command.userids[i] = newuserid = newuser._id; break; } }
}
}
// Check the the user and device are in the same domain
if (command.nodeid.split('/')[1] != newuserid.split('/')[1]) return; // Domain mismatch
if (newuser != null) {
// Add this user to the dispatch target list
dispatchTargets.push(newuser._id);
if (command.remove === true) {
// Remove link to this user
if (newuser.links != null) {
delete newuser.links[command.nodeid];
if (Object.keys(newuser.links).length == 0) { delete newuser.links; }
}
// Remove link to this device
if (node.links != null) {
delete node.links[newuserid];
nodeChanged = true;
if (Object.keys(node.links).length == 0) { delete node.links; }
}
} else {
// Add the new link to this user
if (newuser.links == null) { newuser.links = {}; }
newuser.links[command.nodeid] = { rights: command.rights };
// Add the new link to the device
if (node.links == null) { node.links = {}; }
node.links[newuserid] = { rights: command.rights }
nodeChanged = true;
}
// Save the user to the database
if (newuserid.startsWith('user/')) {
db.SetUser(newuser);
parent.parent.DispatchEvent([newuser], obj, 'resubscribe');
// Notify user change
var targets = ['*', 'server-users', newuserid];
var event;
if (command.rights == 0) {
event = { etype: 'user', userid: user._id, username: user.name, action: 'accountchange', msgid: 81, msgArgs: [newuser.name], msg: 'Removed user device rights for ' + newuser.name, domain: domain.id, account: parent.CloneSafeUser(newuser), nodeListChange: newuserid };
} else {
event = { etype: 'user', userid: user._id, username: user.name, action: 'accountchange', msgid: 82, msgArgs: [newuser.name], msg: 'Changed user device rights for ' + newuser.name, domain: domain.id, account: parent.CloneSafeUser(newuser), nodeListChange: newuserid };
}
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the user. Another event will come.
parent.parent.DispatchEvent(targets, obj, event);
} else if (newuserid.startsWith('ugrp/')) {
db.Set(newuser);
// Notify user group change
var targets = ['*', 'server-ugroups', newuser._id];
var event = { etype: 'ugrp', username: user.name, ugrpid: newuser._id, name: newuser.name, action: 'usergroupchange', links: newuser.links, msgid: 79, msgArgs: [newuser.name], msg: 'User group changed: ' + newuser.name, domain: domain.id };
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the user. Another event will come.
parent.parent.DispatchEvent(targets, obj, event);
}
}
}
// Save the device
if (nodeChanged == true) {
// Save the node to the database
db.Set(parent.cleanDevice(node));
// Event the node change
var event;
if (command.rights == 0) {
event = { etype: 'node', userid: user._id, username: user.name, action: 'changenode', nodeid: node._id, domain: domain.id, msgid: 81, msgArgs: [node.name], msg: 'Removed user device rights for ' + node.name, node: parent.CloneSafeNode(node) }
} else {
event = { etype: 'node', userid: user._id, username: user.name, action: 'changenode', nodeid: node._id, domain: domain.id, msgid: 82, msgArgs: [node.name], msg: 'Changed user device rights for ' + node.name, node: parent.CloneSafeNode(node) }
}
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
parent.parent.DispatchEvent(dispatchTargets, obj, event);
}
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'adddeviceuser', responseid: command.responseid, result: 'ok' })); } catch (ex) { } }
});
break;
}
case 'removemeshuser':
{
var xdomain, err = null;
@ -5175,6 +5038,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
}
const serverCommands = {
'adddeviceuser': serverCommandAddDeviceUser,
'addmeshuser': serverCommandAddMeshUser,
'adduser': serverCommandAddUser,
'adduserbatch': serverCommandAddUserBatch,
@ -5266,6 +5130,142 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
'webstats': [serverUserCommandWebStats, ""]
};
function serverCommandAddDeviceUser(command) {
if (typeof command.userid == 'string') { command.userids = [command.userid]; }
var err = null;
try {
if (common.validateString(command.nodeid, 1, 1024) == false) { err = 'Invalid nodeid'; } // Check the nodeid
else if (common.validateInt(command.rights) == false) { err = 'Invalid rights'; } // Device rights must be an integer
else if ((command.rights & 7) != 0) { err = 'Invalid rights'; } // EDITMESH, MANAGEUSERS or MANAGECOMPUTERS rights can't be assigned to a user to device link
else if ((common.validateStrArray(command.usernames, 1, 64) == false) && (common.validateStrArray(command.userids, 1, 128) == false)) { err = 'Invalid usernames'; } // Username is between 1 and 64 characters
else {
if (command.nodeid.indexOf('/') == -1) { command.nodeid = 'node/' + domain.id + '/' + command.nodeid; }
else if ((command.nodeid.split('/').length != 3) || (command.nodeid.split('/')[1] != domain.id)) { err = 'Invalid domain'; } // Invalid domain, operation only valid for current domain
}
} catch (ex) { err = 'Validation exception: ' + ex; }
// Handle any errors
if (err != null) {
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'adddeviceuser', responseid: command.responseid, result: err })); } catch (ex) { } }
return;
}
// Convert user names to userid's
if (command.userids == null) {
command.userids = [];
for (var i in command.usernames) {
if (command.usernames[i] != null) {
if (parent.users['user/' + domain.id + '/' + command.usernames[i].toLowerCase()] != null) { command.userids.push('user/' + domain.id + '/' + command.usernames[i].toLowerCase()); }
else if (parent.users['user/' + domain.id + '/' + command.usernames[i]] != null) { command.userids.push('user/' + domain.id + '/' + command.usernames[i]); }
}
}
}
// Get the node and the rights for this node
parent.GetNodeWithRights(domain, user, command.nodeid, function (node, rights, visible) {
// Check if already in the right mesh
if ((node == null) || (node.meshid == command.meshid)) return;
var dispatchTargets = ['*', node.meshid, node._id];
// Check that we have rights to manage users on this device
if ((rights & MESHRIGHT_MANAGEUSERS) == 0) return;
// Add the new link to the users
var nodeChanged = false;
for (var i in command.userids) {
var newuserid = command.userids[i];
// Add a user
var newuser = null;
if (newuserid.startsWith('ugrp/')) { newuser = parent.userGroups[newuserid]; }
if (newuserid.startsWith('user/')) {
newuser = parent.users[newuserid];
// Search for a user name in that windows domain is the username starts with *\
if ((newuser == null) && (newuserid.startsWith('user/' + domain.id + '/*\\')) == true) {
var search = newuserid.split('/')[2].substring(1);
for (var i in parent.users) { if (i.endsWith(search) && (parent.users[i].domain == domain.id)) { newuser = parent.users[i]; command.userids[i] = newuserid = newuser._id; break; } }
}
}
// Check the the user and device are in the same domain
if (command.nodeid.split('/')[1] != newuserid.split('/')[1]) return; // Domain mismatch
if (newuser != null) {
// Add this user to the dispatch target list
dispatchTargets.push(newuser._id);
if (command.remove === true) {
// Remove link to this user
if (newuser.links != null) {
delete newuser.links[command.nodeid];
if (Object.keys(newuser.links).length == 0) { delete newuser.links; }
}
// Remove link to this device
if (node.links != null) {
delete node.links[newuserid];
nodeChanged = true;
if (Object.keys(node.links).length == 0) { delete node.links; }
}
} else {
// Add the new link to this user
if (newuser.links == null) { newuser.links = {}; }
newuser.links[command.nodeid] = { rights: command.rights };
// Add the new link to the device
if (node.links == null) { node.links = {}; }
node.links[newuserid] = { rights: command.rights };
nodeChanged = true;
}
// Save the user to the database
if (newuserid.startsWith('user/')) {
db.SetUser(newuser);
parent.parent.DispatchEvent([newuser], obj, 'resubscribe');
// Notify user change
var targets = ['*', 'server-users', newuserid];
var event;
if (command.rights == 0) {
event = { etype: 'user', userid: user._id, username: user.name, action: 'accountchange', msgid: 81, msgArgs: [newuser.name], msg: 'Removed user device rights for ' + newuser.name, domain: domain.id, account: parent.CloneSafeUser(newuser), nodeListChange: newuserid };
} else {
event = { etype: 'user', userid: user._id, username: user.name, action: 'accountchange', msgid: 82, msgArgs: [newuser.name], msg: 'Changed user device rights for ' + newuser.name, domain: domain.id, account: parent.CloneSafeUser(newuser), nodeListChange: newuserid };
}
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the user. Another event will come.
parent.parent.DispatchEvent(targets, obj, event);
} else if (newuserid.startsWith('ugrp/')) {
db.Set(newuser);
// Notify user group change
var targets = ['*', 'server-ugroups', newuser._id];
var event = { etype: 'ugrp', username: user.name, ugrpid: newuser._id, name: newuser.name, action: 'usergroupchange', links: newuser.links, msgid: 79, msgArgs: [newuser.name], msg: 'User group changed: ' + newuser.name, domain: domain.id };
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the user. Another event will come.
parent.parent.DispatchEvent(targets, obj, event);
}
}
}
// Save the device
if (nodeChanged == true) {
// Save the node to the database
db.Set(parent.cleanDevice(node));
// Event the node change
var event;
if (command.rights == 0) {
event = { etype: 'node', userid: user._id, username: user.name, action: 'changenode', nodeid: node._id, domain: domain.id, msgid: 81, msgArgs: [node.name], msg: 'Removed user device rights for ' + node.name, node: parent.CloneSafeNode(node) };
} else {
event = { etype: 'node', userid: user._id, username: user.name, action: 'changenode', nodeid: node._id, domain: domain.id, msgid: 82, msgArgs: [node.name], msg: 'Changed user device rights for ' + node.name, node: parent.CloneSafeNode(node) };
}
if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
parent.parent.DispatchEvent(dispatchTargets, obj, event);
}
if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'adddeviceuser', responseid: command.responseid, result: 'ok' })); } catch (ex) { } }
});
}
function serverCommandAddMeshUser(command) {
var err = null, mesh, meshIdSplit;
if (typeof command.userid == 'string') { command.userids = [command.userid]; }