pandorafms/pandora_console/include/rest-api/index.php

<?php

if (!is_ajax()) {
    return;
}

global $config;

require_once $config['homedir'].'/vendor/autoload.php';

use Models\VisualConsole\Container as VisualConsole;

$visualConsoleId = (int) get_parameter('visualConsoleId');
$getVisualConsole = (bool) get_parameter('getVisualConsole');
$getVisualConsoleItems = (bool) get_parameter('getVisualConsoleItems');

// Check groups can access user.
$aclUserGroups = [];
if (!users_can_manage_group_all('AR')) {
    $aclUserGroups = array_keys(users_get_groups(false, 'AR'));
}

ob_clean();

if ($getVisualConsole === true) {
    $visualConsole = VisualConsole::fromDB(['id' => $visualConsoleId]);
    $visualConsoleData = $visualConsole->toArray();
    $groupId = $visualConsoleData['groupId'];

    // ACL.
    $aclRead = check_acl($config['id_user'], $groupId, 'VR');
    $aclWrite = check_acl($config['id_user'], $groupId, 'VW');
    $aclManage = check_acl($config['id_user'], $groupId, 'VM');

    if (!$aclRead && !$aclWrite && !$aclManage) {
        db_pandora_audit(
            'ACL Violation',
            'Trying to access visual console without group access'
        );
        exit;
    }

    echo $visualConsole;
} else if ($getVisualConsoleItems === true) {
    echo '['.implode(VisualConsole::getItemsFromDB($visualConsoleId, $aclUserGroups), ',').']';
}

exit;
Visual Console Refactor: added the initial version of the background updates Former-commit-id: 6c859ebebf4882b3e48e9ec5f99570687ec31117 2019-04-11 10:05:28 +02:00			`<?php`

			`if (!is_ajax()) {`
			`return;`
			`}`

			`global $config;`

			`require_once $config['homedir'].'/vendor/autoload.php';`

			`use Models\VisualConsole\Container as VisualConsole;`

			`$visualConsoleId = (int) get_parameter('visualConsoleId');`
			`$getVisualConsole = (bool) get_parameter('getVisualConsole');`
			`$getVisualConsoleItems = (bool) get_parameter('getVisualConsoleItems');`

Add ACL for item vc Former-commit-id: 7356f08a79378ada1df07ead930fcc01b84ba79c 2019-04-12 13:59:19 +02:00			`// Check groups can access user.`
			`$aclUserGroups = [];`
			`if (!users_can_manage_group_all('AR')) {`
			`$aclUserGroups = array_keys(users_get_groups(false, 'AR'));`
			`}`

Visual Console Refactor: added the initial version of the background updates Former-commit-id: 6c859ebebf4882b3e48e9ec5f99570687ec31117 2019-04-11 10:05:28 +02:00			`ob_clean();`

			`if ($getVisualConsole === true) {`
Visual Console Refactor: acl improvements Former-commit-id: f2cd4e7dd12a02eb4cee34f5947566ae37c35e9d 2019-04-12 13:12:12 +02:00			`$visualConsole = VisualConsole::fromDB(['id' => $visualConsoleId]);`
			`$visualConsoleData = $visualConsole->toArray();`
			`$groupId = $visualConsoleData['groupId'];`

			`// ACL.`
			`$aclRead = check_acl($config['id_user'], $groupId, 'VR');`
			`$aclWrite = check_acl($config['id_user'], $groupId, 'VW');`
			`$aclManage = check_acl($config['id_user'], $groupId, 'VM');`

			`if (!$aclRead && !$aclWrite && !$aclManage) {`
			`db_pandora_audit(`
			`'ACL Violation',`
			`'Trying to access visual console without group access'`
			`);`
			`exit;`
			`}`

			`echo $visualConsole;`
Visual Console Refactor: added the initial version of the background updates Former-commit-id: 6c859ebebf4882b3e48e9ec5f99570687ec31117 2019-04-11 10:05:28 +02:00			`} else if ($getVisualConsoleItems === true) {`
Add ACL for item vc Former-commit-id: 7356f08a79378ada1df07ead930fcc01b84ba79c 2019-04-12 13:59:19 +02:00			`echo '['.implode(VisualConsole::getItemsFromDB($visualConsoleId, $aclUserGroups), ',').']';`
Visual Console Refactor: added the initial version of the background updates Former-commit-id: 6c859ebebf4882b3e48e9ec5f99570687ec31117 2019-04-11 10:05:28 +02:00			`}`

			`exit;`