Fixed bus. Tickets #1562, #1556.

2014-11-18 11:41:42 +01:00 · 2014-11-18 11:41:42 +01:00 · 049daed117
parent d160d2b3c7
commit 049daed117
8 changed files with 123 additions and 88 deletions
--- a/pandora_console/include/ajax/events.php
+++ b/pandora_console/include/ajax/events.php
@ -220,7 +220,9 @@ if ($get_extended_event) {
 	global $config;
 	
 	$event_id = get_parameter('event_id',false);
-	
+	$childrens_ids = get_parameter('childrens_ids');
+	$childrens_ids = json_decode($childrens_ids);
+
 	if ($meta) {
 		$event = events_meta_get_event($event_id, false, $history);
 	}
@ -295,8 +297,9 @@ if ($get_extended_event) {
 	$tabs .= "<li><a href='#extended_event_details_page' id='link_details'>".html_print_image('images/zoom.png',true).__('Details')."</a></li>";
 	$tabs .= "<li><a href='#extended_event_custom_fields_page' id='link_custom_fields'>".html_print_image('images/custom_field_col.png',true).__('Agent fields')."</a></li>";
 	$tabs .= "<li><a href='#extended_event_comments_page' id='link_comments'>".html_print_image('images/pencil.png',true).__('Comments')."</a></li>";
+
 	if (!$readonly && 
-		(tags_check_acl ($config['id_user'], $event['id_grupo'], "EW", $event['clean_tags']) || tags_check_acl ($config['id_user'], $event['id_grupo'], "EM", $event['clean_tags']))) {
+		(tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) || (tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'],$childrens_ids))) {
 		$tabs .= "<li><a href='#extended_event_responses_page' id='link_responses'>".html_print_image('images/event_responses_col.png',true).__('Responses')."</a></li>";
 	}
 	if ($event['custom_data'] != '') {
@ -331,8 +334,8 @@ if ($get_extended_event) {
 	}
 	
 	if (!$readonly && 
-		(tags_check_acl ($config['id_user'], $event['id_grupo'], "EW", $event['clean_tags']) || tags_check_acl ($config['id_user'], $event['id_grupo'], "EM", $event['clean_tags']))) {
-		$responses = events_page_responses($event);
+	(tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) || (tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'],$childrens_ids))) {
+		$responses = events_page_responses($event, $childrens_ids);
 	}
 	else {
 		$responses = '';
@ -366,7 +369,7 @@ if ($get_extended_event) {
 	
 	$general = events_page_general($event);
 	
-	$comments = events_page_comments($event);
+	$comments = events_page_comments($event, $childrens_ids);
 	
 	$notifications = '<div id="notification_comment_error" style="display:none">'.ui_print_error_message(__('Error adding comment'),'',true).'</div>';
 	$notifications .= '<div id="notification_comment_success" style="display:none">'.ui_print_success_message(__('Comment added successfully'),'',true).'</div>';
--- a/pandora_console/include/functions_events.php
+++ b/pandora_console/include/functions_events.php
@ -1515,7 +1515,7 @@ function events_get_event_filter_select($manage = true){
 // Events pages functions to load modal window with advanced view of an event.
 // Called from include/ajax/events.php

-function events_page_responses ($event) {
+function events_page_responses ($event, $childrens_ids = array()) {
 	global $config;
 	/////////
 	// Responses
@ -1531,7 +1531,7 @@ function events_page_responses ($event) {
 	$table_responses->style[1] = 'text-align: left; height: 23px; text-align: right;';
 	$table_responses->class = "alternate rounded_cells";
 	
-	if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'])) {
+	if (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) {
 		// Owner
 		$data = array();
 		$data[0] = __('Change owner');
@ -1568,7 +1568,7 @@ function events_page_responses ($event) {
 	
 	$status_blocked = false;
 	
-	if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'])) {
+	if (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) {
 		// If the user has manager acls, the status can be changed to all possibilities always
 		$status = array(0 => __('New'), 2 => __('In process'), 1 => __('Validated'));
 	}
@ -1607,7 +1607,7 @@ function events_page_responses ($event) {
 	
 	$table_responses->data[] = $data;
 	
-	if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'])) {
+	if (tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) {
 		// Delete
 		$data = array();
 		$data[0] = __('Delete event');
@ -2256,7 +2256,7 @@ function events_page_general ($event) {
 	return $general;
 }

-function events_page_comments ($event) {
+function events_page_comments ($event, $childrens_ids = array()) {
 	////////////////////////////////////////////////////////////////////
 	// Comments
 	////////////////////////////////////////////////////////////////////
@ -2344,7 +2344,7 @@ function events_page_comments ($event) {
 			break;
 	}
 	
-	if (tags_check_acl ($config['id_user'], $event['id_grupo'], "EW", $event['clean_tags']) || tags_check_acl ($config['id_user'], $event['id_grupo'], "EM", $event['clean_tags'])) {
+	if ((tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) || (tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'],$childrens_ids))) {
 		$comments_form = '<br><div id="comments_form" style="width:98%;">'.html_print_textarea("comment", 3, 10, '', 'style="min-height: 15px; width: 100%;"', true);
 		$comments_form .= '<br><div style="text-align:right;">'.html_print_button(__('Add comment'),'comment_button',false,'event_comment();','class="sub next"',true).'</div><br></div>';
 	}
--- a/pandora_console/include/functions_tags.php
+++ b/pandora_console/include/functions_tags.php
@ -636,9 +636,7 @@ function tags_get_tags_formatted ($tags_array, $get_url = true) {
 * @return mixed/string Tag ids
 */
 
-function tags_get_acl_tags($id_user, $id_group, $access = 'AR',
-	$return_mode = 'module_condition', $query_prefix = '',
-	$query_table = '') {
+function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = 'module_condition', $query_prefix = '', $query_table = '', $meta = false, $childrens_ids = array()) {
 	
 	global $config;
 	
@ -692,6 +690,9 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR',
 		return ERR_WRONG_PARAMETERS;
 	}
 	
+	if (!empty($childrens_ids)) {
+		$id_group = $childrens_ids;
+	}
 	$query = sprintf("SELECT tags, id_grupo 
 			FROM tusuario_perfil, tperfil
 			WHERE tperfil.id_perfil = tusuario_perfil.id_perfil AND
@ -700,7 +701,7 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR',
 			(tusuario_perfil.id_grupo IN (%s) OR tusuario_perfil.id_grupo = 0)
 			ORDER BY id_grupo", $id_user, $acl_column, implode(',',$id_group));
 	$tags = db_get_all_rows_sql($query);
-	
+
 	// If not profiles returned, the user havent acl permissions
 	if (empty($tags)) {
 		return ERR_ACL;
@ -760,7 +761,7 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR',
 			break;
 		case 'event_condition':
 			// Return the condition of the tags for tevento table
-			$condition = tags_get_acl_tags_event_condition($acltags);			
+			$condition = tags_get_acl_tags_event_condition($acltags, $meta);			
 			if(!empty($condition)) {
 				return " $query_prefix "."(".$condition.")";
 			}
@ -836,7 +837,7 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') {
 * @return string SQL condition for tagente_module
 */
 
-function tags_get_acl_tags_event_condition($acltags) {
+function tags_get_acl_tags_event_condition($acltags, $meta = false) {
 	$condition = '';
 	
 	// Get all tags of the system
@ -870,7 +871,7 @@ function tags_get_acl_tags_event_condition($acltags) {
 			//~ $tags_condition .= sprintf(' OR tags LIKE "%s %%"',io_safe_input($all_tags[$tag]));
 			//~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s %%"',io_safe_input($all_tags[$tag]));
 			
-			$tags_condition .= sprintf('tags LIKE "%s"',io_safe_input($all_tags[$tag]));
+			$tags_condition .= sprintf('tags = "%s"',io_safe_input($all_tags[$tag]));
 		}
 		
 		// If there is not tag condition ignore
@ -881,8 +882,14 @@ function tags_get_acl_tags_event_condition($acltags) {
 		if ($condition != '') {
 			$condition .= ' OR ';
 		}
+	
+		//$condition .= "($group_condition AND \n($tags_condition))\n";
 		
-		$condition .= "($group_condition AND \n($tags_condition))\n";
+		if ($meta) {
+			$condition .= "($tags_condition)\n";
+		} else {
+			$condition .= "($group_condition AND \n($tags_condition))\n";
+		}
 	}
 	
 	//Commented because ACLs propagation don't work
@ -1127,7 +1134,7 @@ function tags_check_acl($id_user, $id_group, $access, $tags = array()) {

 function tags_check_acl_event($id_user, $id_group, $access, $tags = array(),$p = false) {
 	global $config;
-	
+
 	if($id_user === false) {
 		$id_user = $config['id_user'];
 	}
@ -1216,4 +1223,40 @@ function tags_check_acl_event($id_user, $id_group, $access, $tags = array(),$p =
 		}
 	}
 }
+
+/* This function checks event ACLs */
+function tags_checks_event_acl($id_user, $id_group, $access, $tags = array(), $childrens_ids = array()) {
+	global $config;
+
+	if($id_user === false) {
+		$id_user = $config['id_user'];
+	}
+	
+	$tags_user = tags_get_acl_tags($id_user, $id_group, $access, 'data', '', '', false, $childrens_ids);
+
+	// If there are wrong parameters or fail ACL check, return false
+	if($tags_user === ERR_WRONG_PARAMETERS || $acls === ERR_ACL) {
+		return false;
+	}
+
+	// If there are not tags restrictions or tags passed, return true
+	if(empty($tags_user) || empty($tags)) {
+		return true;
+	}
+	
+	$tags_user_ids = array();
+	foreach ($tags_user as $id=>$tag_user) {
+		$tags_user_ids[] = $tag_user[0];
+	}
+
+	if (in_array($id_group, $childrens_ids)) { //check group
+		foreach ($tags as $tag) {
+			$tag_id = tags_get_id($tag);
+			if (in_array($tag_id, $tags_user_ids)) { //check tag
+				return true;
+			}
+		}
+	}
+	return false;
+}
 ?>
--- a/pandora_console/include/javascript/pandora_events.js
+++ b/pandora_console/include/javascript/pandora_events.js
@ -12,6 +12,7 @@ function show_event_dialog(event_id, group_rep, dialog_page, result) {
 	var user_comment = $('#hidden-user_comment_'+event_id).val();
 	var event_rep = $('#hidden-event_rep_'+event_id).val();
 	var server_id = $('#hidden-server_id_'+event_id).val();
+	var childrens_ids = $('#hidden-childrens_ids').val();
 	
 	// Metaconsole mode flag
 	var meta = $('#hidden-meta').val();
@ -32,6 +33,7 @@ function show_event_dialog(event_id, group_rep, dialog_page, result) {
 		"event_id": event_id,
 		"server_id": server_id,
 		"meta": meta,
+		"childrens_ids": childrens_ids,
 		"history": history},
 		function (data, status) {
 			$("#event_details_window").hide ()
--- a/pandora_console/operation/events/events.build_query.php
+++ b/pandora_console/operation/events/events.build_query.php
@ -15,31 +15,34 @@

 $groups = users_get_groups($id_user, 'ER');

+$propagate = db_get_value('propagate','tgrupo','id_grupo',$id_group);
+
+if ($group > 0) {
+	if ($propagate) {
+		$childrens_ids = array($id_group);
+			
+		$childrens = groups_get_childrens($id_group);
+
+		if (!empty($childrens)) {
+			foreach ($childrens as $child) {
+				$childrens_ids[] = (int)$child['id_grupo'];
+			}
+		}
+	} else {
+		$childrens_ids = array();
+	}
+} else {
+	$childrens_ids = array_keys($groups);
+}
+
 //Group selection
 if ($id_group > 0 && in_array ($id_group, array_keys ($groups))) {
-	
-	if ($meta) {
-		// In metaconsole the group search is performed by name
-		$group_name = groups_get_name ($id_group);
-		$sql_post = " AND group_name = '$group_name'";
+	if ($propagate) {
+		$sql_post = " AND id_grupo IN (" . implode(',', $childrens_ids) . ")";
 	}
 	else {
-		if ($recursion) {
-			$childrens_ids = array($id_group);
-			
-			$childrens = groups_get_childrens($id_group);
-			if (!empty($childrens)) {
-				foreach ($childrens as $child) {
-					$childrens_ids[] = $child['id_grupo'];
-				}
-			}
-			
-			$sql_post = " AND id_grupo IN (" . implode(',', $childrens_ids) . ")";
-		}
-		else {
-			//If a group is selected and it's in the groups allowed
-			$sql_post = " AND id_grupo = $id_group";
-		}
+		//If a group is selected and it's in the groups allowed
+		$sql_post = " AND id_grupo = $id_group";
 	}
 }
 else {
@ -48,29 +51,7 @@ else {
 		$sql_post = "";
 	}
 	else {
-		if ($meta) {
-			// In metaconsole the group search is performed by name
-	
-			$sql_post = " AND group_name IN ( ";
-			$i = 0;
-			foreach ($groups as $group_id=>$group_name) {
-				if ($group_id == 0) {
-					continue;
-				}
-				if ($i==0) {
-					$sql_post .= "'$group_name'";
-				} else {
-					$sql_post .= ",'$group_name'";
-				}
-				$i++;
-			}
-			$sql_post.= ")";
-
-		} else {
-			//Otherwise select all groups the user has rights to.
-			$sql_post = " AND id_grupo IN (" .
-				implode (",", array_keys ($groups)) . ")";
-		}
+		$sql_post = " AND id_grupo IN (" . implode (",", array_keys ($groups)) . ")";
 	}
 }

@ -194,7 +175,7 @@ if (!empty($tag_with)) {
 	foreach ($tag_with as $id_tag) {
 		if ($first) $first = false;
 		else $sql_post .= " OR ";
-		$sql_post .= "tags LIKE '" . tags_get_name($id_tag) . "'";
+		$sql_post .= "tags = '" . tags_get_name($id_tag) . "'";
 	}
 	$sql_post .= ' ) ';
 }
@ -226,8 +207,7 @@ else {
 	$group_array = array_keys($groups);
 }

-$tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER',
-	'event_condition', 'AND');
+$tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER', 'event_condition', 'AND', '', $meta);

 if (($tags_acls_condition != ERR_WRONG_PARAMETERS) && ($tags_acls_condition != ERR_ACL)&& ($tags_acls_condition != -110000)) {
 	$sql_post .= $tags_acls_condition;
--- a/pandora_console/operation/events/events.build_table.php
+++ b/pandora_console/operation/events/events.build_table.php
@ -211,6 +211,7 @@ foreach ($result as $event) {
 	$data[$i] .= html_print_input_hidden('similar_ids_' . $event["id_evento"], $similar_ids, true);
 	$data[$i] .= html_print_input_hidden('timestamp_first_' . $event["id_evento"], $timestamp_first, true);
 	$data[$i] .= html_print_input_hidden('timestamp_last_' . $event["id_evento"], $timestamp_last, true);
+	$data[$i] .= html_print_input_hidden('childrens_ids', json_encode($childrens_ids), true);
 	
 	// Store server id if is metaconsole. 0 otherwise
 	if ($meta) {
@ -528,15 +529,15 @@ foreach ($result as $event) {
 		
 		if(!$readonly) {
 			// Validate event
-			if (($event["estado"] != 1) && (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'], true) == 1)) {
+			if (($event["estado"] != 1) && (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'], $childrens_ids))) {
 				$data[$i] .= '<a href="javascript:validate_event_advanced('.$event["id_evento"].', 1)" id="validate-'.$event["id_evento"].'">';
 				$data[$i] .= html_print_image ("images/ok.png", true,
 					array ("title" => __('Validate event')));
 				$data[$i] .= '</a>';
 			}
-			
+
 			// Delete event
-			if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags']) == 1) {
+			if ((tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'],$childrens_ids) == 1)) {
 				if($event['estado'] != 2) {
 					$data[$i] .= '<a class="delete_event" href="javascript:" id="delete-'.$event['id_evento'].'">';
 					$data[$i] .= html_print_image ("images/cross.png", true,
@ -561,12 +562,12 @@ foreach ($result as $event) {
 		$i++;
 		
 		if(!$readonly) {
-			if (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags']) == 1) {
+			if (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids) == 1) {
 				//Checkbox
 				// Class 'candeleted' must be the fist class to be parsed from javascript. Dont change
 				$data[$i] = html_print_checkbox_extended ("validate_ids[]", $event['id_evento'], false, false, false, 'class="candeleted chk_val"', true);
 			}
-			else if (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags']) == 1) {
+			else if (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'], $childrens_ids) == 1) {
 				//Checkbox
 				$data[$i] = html_print_checkbox_extended ("validate_ids[]", $event['id_evento'], false, false, false, 'class="chk_val"', true);
 			}
--- a/pandora_console/operation/events/events_list.php
+++ b/pandora_console/operation/events/events_list.php
@ -602,7 +602,7 @@ if (empty ($result)) {

 $allow_action = true;
 $allow_pagination = true;
-
+$id_group_filter = $id_group;
 require('events.build_table.php');

 enterprise_hook('close_meta_frame');
--- a/pandora_console/operation/search_modules.getdata.php
+++ b/pandora_console/operation/search_modules.getdata.php
@ -26,6 +26,7 @@ $selectModuleNameUp = '';
 $selectModuleNameDown = '';
 $selectAgentNameUp = '';
 $selectAgentNameDown = '';
+$is_admin = (bool)db_get_value('is_admin', 'tusuario', 'id_user', $config['id_user']);

 switch ($sortField) {
 	case 'module_name':
@ -67,23 +68,28 @@ if ($searchModules) {
 	$tags = tags_get_user_tags();
 	$sql_tags = "'no_check_tags' = 'no_check_tags'";
 	if (!empty($tags)) {
-		$sql_tags = "
-		(
-			t1.id_agente_modulo IN
+		
+		if ($is_admin) {
+			$sql_tags = "1=1";
+		} else {
+			$sql_tags = "
 			(
-				SELECT tt.id_agente_modulo
-				FROM ttag_module AS tt
-				WHERE id_tag IN (" . implode(",", array_keys($tags)) . ")
+				t1.id_agente_modulo IN
+				(
+					SELECT tt.id_agente_modulo
+					FROM ttag_module AS tt
+					WHERE id_tag IN (" . implode(",", array_keys($tags)) . ")
+				)
+				
+				OR
+				
+				t1.id_agente_modulo IN (
+					SELECT id_agente_modulo
+					FROM ttag_module
+				)
 			)
-			
-			OR
-			
-			t1.id_agente_modulo NOT IN (
-				SELECT id_agente_modulo
-				FROM ttag_module
-			)
-		)
-		";
+			";
+		}
 	}
 	
 	switch ($config["dbtype"]) {