mirror of
https://github.com/rsyslog/loganalyzer.git
synced 2025-09-26 03:09:21 +02:00
Secured NON-Admin access in Searches and Charts admin pandel
This commit is contained in:
Andre Lorbach
parent
21c98c0331
commit
0f9ed81824
@ -54,6 +54,13 @@ IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
|
||||
|
||||
// --- BEGIN Custom Code
|
||||
|
||||
// --- Set Helpervariable for non-ADMIN users
|
||||
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 )
|
||||
$content['READONLY_ISUSERONLY'] = "disabled";
|
||||
else
|
||||
$content['READONLY_ISUSERONLY'] = "";
|
||||
// ---
|
||||
|
||||
if ( isset($_GET['op']) )
|
||||
{
|
||||
if ($_GET['op'] == "add")
|
||||
@ -81,6 +88,14 @@ if ( isset($_GET['op']) )
|
||||
$content['userid'] = null;
|
||||
$content['CHECKED_ISUSERONLY'] = "";
|
||||
$content['CHARTID'] = "";
|
||||
|
||||
// --- Can only create a USER source!
|
||||
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 )
|
||||
{
|
||||
$content['userid'] = $content['SESSION_USERID'];
|
||||
$content['CHECKED_ISUSERONLY'] = "checked";
|
||||
}
|
||||
// ---
|
||||
|
||||
// --- Check if groups are available
|
||||
$content['SUBGROUPS'] = GetGroupsForSelectfield();
|
||||
@ -129,11 +144,17 @@ if ( isset($_GET['op']) )
|
||||
CreateChartFields($content['chart_field']);
|
||||
|
||||
// COMMON Fields
|
||||
if ( $myChart['userid'] != null )
|
||||
$content['userid'] = $myChart['userid'];
|
||||
if ( $content['userid'] != null )
|
||||
$content['CHECKED_ISUSERONLY'] = "checked";
|
||||
else
|
||||
$content['CHECKED_ISUSERONLY'] = "";
|
||||
|
||||
// --- Can only EDIT own views!
|
||||
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 && $content['userid'] == NULL )
|
||||
DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWEDTOEDIT'] );
|
||||
// ---
|
||||
|
||||
// --- Check if groups are available
|
||||
$content['SUBGROUPS'] = GetGroupsForSelectfield();
|
||||
if ( is_array($content['SUBGROUPS']) )
|
||||
@ -233,11 +254,20 @@ if ( isset($_POST['op']) )
|
||||
}
|
||||
else
|
||||
{
|
||||
$content['userid'] = "null";
|
||||
if ( isset ($_POST['groupid']) && $_POST['groupid'] != -1 )
|
||||
$content['groupid'] = intval($_POST['groupid']);
|
||||
else
|
||||
$content['groupid'] = "null";
|
||||
// --- Can only create a USER source!
|
||||
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 )
|
||||
{
|
||||
$content['userid'] = $content['SESSION_USERID'];
|
||||
$content['groupid'] = "null";
|
||||
}
|
||||
else
|
||||
{
|
||||
$content['userid'] = "null";
|
||||
if ( isset ($_POST['groupid']) && $_POST['groupid'] != -1 )
|
||||
$content['groupid'] = intval($_POST['groupid']);
|
||||
else
|
||||
$content['groupid'] = "null";
|
||||
}
|
||||
}
|
||||
|
||||
// --- Check mandotary values
|
||||
|
||||
@ -53,6 +53,14 @@ IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
|
||||
// ---
|
||||
|
||||
// --- BEGIN Custom Code
|
||||
|
||||
// --- Set Helpervariable for non-ADMIN users
|
||||
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 )
|
||||
$content['READONLY_ISUSERONLY'] = "disabled";
|
||||
else
|
||||
$content['READONLY_ISUSERONLY'] = "";
|
||||
// ---
|
||||
|
||||
if ( isset($_GET['op']) )
|
||||
{
|
||||
if ($_GET['op'] == "add")
|
||||
@ -70,6 +78,14 @@ if ( isset($_GET['op']) )
|
||||
$content['userid'] = null;
|
||||
$content['CHECKED_ISUSERONLY'] = "";
|
||||
$content['SEARCHID'] = "";
|
||||
|
||||
// --- Can only create a USER source!
|
||||
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 )
|
||||
{
|
||||
$content['userid'] = $content['SESSION_USERID'];
|
||||
$content['CHECKED_ISUSERONLY'] = "checked";
|
||||
}
|
||||
// ---
|
||||
|
||||
// --- Check if groups are available
|
||||
$content['SUBGROUPS'] = GetGroupsForSelectfield();
|
||||
@ -100,11 +116,17 @@ if ( isset($_GET['op']) )
|
||||
{
|
||||
$content['SEARCHID'] = $mysearch['ID'];
|
||||
$content['DisplayName'] = $mysearch['DisplayName'];
|
||||
$content['userid'] = $mysearch['userid'];
|
||||
$content['SearchQuery'] = $mysearch['SearchQuery'];
|
||||
if ( $mysearch['userid'] != null )
|
||||
if ( $content['userid'] != null )
|
||||
$content['CHECKED_ISUSERONLY'] = "checked";
|
||||
else
|
||||
$content['CHECKED_ISUSERONLY'] = "";
|
||||
|
||||
// --- Can only EDIT own views!
|
||||
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 && $content['userid'] == NULL )
|
||||
DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWEDTOEDIT'] );
|
||||
// ---
|
||||
|
||||
// --- Check if groups are available
|
||||
$content['SUBGROUPS'] = GetGroupsForSelectfield();
|
||||
@ -199,11 +221,20 @@ if ( isset($_POST['op']) )
|
||||
}
|
||||
else
|
||||
{
|
||||
$content['userid'] = "null";
|
||||
if ( isset ($_POST['groupid']) && $_POST['groupid'] != -1 )
|
||||
$content['groupid'] = intval($_POST['groupid']);
|
||||
else
|
||||
$content['groupid'] = "null";
|
||||
// --- Can only create a USER source!
|
||||
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 )
|
||||
{
|
||||
$content['userid'] = $content['SESSION_USERID'];
|
||||
$content['groupid'] = "null";
|
||||
}
|
||||
else
|
||||
{
|
||||
$content['userid'] = "null";
|
||||
if ( isset ($_POST['groupid']) && $_POST['groupid'] != -1 )
|
||||
$content['groupid'] = intval($_POST['groupid']);
|
||||
else
|
||||
$content['groupid'] = "null";
|
||||
}
|
||||
}
|
||||
|
||||
// --- Check mandotary values
|
||||
|
||||
@ -305,11 +305,20 @@ if ( isset($_POST['op']) )
|
||||
}
|
||||
else
|
||||
{
|
||||
$content['userid'] = "null";
|
||||
if ( isset ($_POST['groupid']) && $_POST['groupid'] != -1 )
|
||||
$content['groupid'] = intval($_POST['groupid']);
|
||||
else
|
||||
$content['groupid'] = "null";
|
||||
// --- Can only create a USER source!
|
||||
if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 )
|
||||
{
|
||||
$content['userid'] = $content['SESSION_USERID'];
|
||||
$content['groupid'] = "null";
|
||||
}
|
||||
else
|
||||
{
|
||||
$content['userid'] = "null";
|
||||
if ( isset ($_POST['groupid']) && $_POST['groupid'] != -1 )
|
||||
$content['groupid'] = intval($_POST['groupid']);
|
||||
else
|
||||
$content['groupid'] = "null";
|
||||
}
|
||||
}
|
||||
|
||||
// --- Check mandotary values
|
||||
|
||||
@ -121,7 +121,7 @@
|
||||
<tr>
|
||||
<td align="left" class="cellmenu2"><b>{LN_GEN_GROUPONLY}</b></td>
|
||||
<td align="right" class="line2">
|
||||
<select name="groupid" size="1" STYLE="width: 300px">
|
||||
<select name="groupid" size="1" STYLE="width: 300px" {READONLY_ISUSERONLY}>
|
||||
<!-- BEGIN SUBGROUPS -->
|
||||
<option value="{mygroupid}" {group_selected}>{groupname}</option>
|
||||
<!-- END SUBGROUPS -->
|
||||
|
||||
@ -84,7 +84,7 @@
|
||||
<tr>
|
||||
<td align="left" class="cellmenu2"><b>{LN_GEN_GROUPONLY}</b></td>
|
||||
<td align="right" class="line2">
|
||||
<select name="groupid" size="1" STYLE="width: 300px">
|
||||
<select name="groupid" size="1" STYLE="width: 300px" {READONLY_ISUSERONLY}>
|
||||
<!-- BEGIN SUBGROUPS -->
|
||||
<option value="{mygroupid}" {group_selected}>{groupname}</option>
|
||||
<!-- END SUBGROUPS -->
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user