Feature: filter device visibility by allowed groups for web user

2026-05-02 00:30:08 +02:00
parent 56419f8ecb
commit fd3838a151
3 changed files with 207 additions and 16 deletions
--- a/server/2015Remote/WebService.h
+++ b/server/2015Remote/WebService.h
@@ -43,6 +43,7 @@ struct WebUser {
    std::string password_hash;  // SHA256(password + salt)
    std::string salt;
    std::string role;           // "admin" | "viewer"
+    std::vector<std::string> allowed_groups;  // Groups this user can view (empty = no access, admin = all)
 };

 // Device info for web clients
@@ -79,7 +80,8 @@ public:
    void SetAdminPassword(const std::string& password);

    // User management
-    bool CreateUser(const std::string& username, const std::string& password, const std::string& role);
+    bool CreateUser(const std::string& username, const std::string& password, const std::string& role,
+                    const std::vector<std::string>& allowed_groups = {});
    bool DeleteUser(const std::string& username);
    std::vector<std::pair<std::string, std::string>> ListUsers();  // Returns [(username, role), ...]

@@ -144,7 +146,7 @@ private:

    // JSON helpers
    std::string BuildJsonResponse(const std::string& cmd, bool ok, const std::string& msg = "");
-    std::string BuildDeviceListJson();
+    std::string BuildDeviceListJson(const std::string& username = "");

    // Password verification
    bool VerifyPassword(const std::string& input, const WebUser& user);
@@ -157,6 +159,7 @@ private:
    void HandleCreateUser(void* ws_ptr, const std::string& msg);
    void HandleDeleteUser(void* ws_ptr, const std::string& msg);
    void HandleListUsers(void* ws_ptr, const std::string& token);
+    void HandleGetGroups(void* ws_ptr, const std::string& token);

    // Send to WebSocket
    void SendText(void* ws_ptr, const std::string& text);