diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php
index 3a62e68bb8..4eb66a588b 100644
--- a/pandora_console/include/ajax/events.php
+++ b/pandora_console/include/ajax/events.php
@@ -220,7 +220,9 @@ if ($get_extended_event) {
global $config;
$event_id = get_parameter('event_id',false);
-
+ $childrens_ids = get_parameter('childrens_ids');
+ $childrens_ids = json_decode($childrens_ids);
+
if ($meta) {
$event = events_meta_get_event($event_id, false, $history);
}
@@ -295,8 +297,9 @@ if ($get_extended_event) {
$tabs .= "".html_print_image('images/zoom.png',true).__('Details')."";
$tabs .= "".html_print_image('images/custom_field_col.png',true).__('Agent fields')."";
$tabs .= "";
+
if (!$readonly &&
- (tags_check_acl ($config['id_user'], $event['id_grupo'], "EW", $event['clean_tags']) || tags_check_acl ($config['id_user'], $event['id_grupo'], "EM", $event['clean_tags']))) {
+ (tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) || (tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'],$childrens_ids))) {
$tabs .= "".html_print_image('images/event_responses_col.png',true).__('Responses')."";
}
if ($event['custom_data'] != '') {
@@ -331,8 +334,8 @@ if ($get_extended_event) {
}
if (!$readonly &&
- (tags_check_acl ($config['id_user'], $event['id_grupo'], "EW", $event['clean_tags']) || tags_check_acl ($config['id_user'], $event['id_grupo'], "EM", $event['clean_tags']))) {
- $responses = events_page_responses($event);
+ (tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) || (tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'],$childrens_ids))) {
+ $responses = events_page_responses($event, $childrens_ids);
}
else {
$responses = '';
@@ -366,7 +369,7 @@ if ($get_extended_event) {
$general = events_page_general($event);
- $comments = events_page_comments($event);
+ $comments = events_page_comments($event, $childrens_ids);
$notifications = '';
$notifications .= '';
diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php
index df781f4bd6..2918773110 100644
--- a/pandora_console/include/functions_events.php
+++ b/pandora_console/include/functions_events.php
@@ -1515,7 +1515,7 @@ function events_get_event_filter_select($manage = true){
// Events pages functions to load modal window with advanced view of an event.
// Called from include/ajax/events.php
-function events_page_responses ($event) {
+function events_page_responses ($event, $childrens_ids = array()) {
global $config;
/////////
// Responses
@@ -1531,7 +1531,7 @@ function events_page_responses ($event) {
$table_responses->style[1] = 'text-align: left; height: 23px; text-align: right;';
$table_responses->class = "alternate rounded_cells";
- if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'])) {
+ if (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) {
// Owner
$data = array();
$data[0] = __('Change owner');
@@ -1568,7 +1568,7 @@ function events_page_responses ($event) {
$status_blocked = false;
- if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'])) {
+ if (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) {
// If the user has manager acls, the status can be changed to all possibilities always
$status = array(0 => __('New'), 2 => __('In process'), 1 => __('Validated'));
}
@@ -1607,7 +1607,7 @@ function events_page_responses ($event) {
$table_responses->data[] = $data;
- if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'])) {
+ if (tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) {
// Delete
$data = array();
$data[0] = __('Delete event');
@@ -2256,7 +2256,7 @@ function events_page_general ($event) {
return $general;
}
-function events_page_comments ($event) {
+function events_page_comments ($event, $childrens_ids = array()) {
////////////////////////////////////////////////////////////////////
// Comments
////////////////////////////////////////////////////////////////////
@@ -2344,7 +2344,7 @@ function events_page_comments ($event) {
break;
}
- if (tags_check_acl ($config['id_user'], $event['id_grupo'], "EW", $event['clean_tags']) || tags_check_acl ($config['id_user'], $event['id_grupo'], "EM", $event['clean_tags'])) {
+ if ((tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids)) || (tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'],$childrens_ids))) {
$comments_form = '
';
}
diff --git a/pandora_console/include/functions_tags.php b/pandora_console/include/functions_tags.php
index 130aa194c3..26857870f8 100644
--- a/pandora_console/include/functions_tags.php
+++ b/pandora_console/include/functions_tags.php
@@ -636,9 +636,7 @@ function tags_get_tags_formatted ($tags_array, $get_url = true) {
* @return mixed/string Tag ids
*/
-function tags_get_acl_tags($id_user, $id_group, $access = 'AR',
- $return_mode = 'module_condition', $query_prefix = '',
- $query_table = '') {
+function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = 'module_condition', $query_prefix = '', $query_table = '', $meta = false, $childrens_ids = array()) {
global $config;
@@ -692,6 +690,9 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR',
return ERR_WRONG_PARAMETERS;
}
+ if (!empty($childrens_ids)) {
+ $id_group = $childrens_ids;
+ }
$query = sprintf("SELECT tags, id_grupo
FROM tusuario_perfil, tperfil
WHERE tperfil.id_perfil = tusuario_perfil.id_perfil AND
@@ -700,7 +701,7 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR',
(tusuario_perfil.id_grupo IN (%s) OR tusuario_perfil.id_grupo = 0)
ORDER BY id_grupo", $id_user, $acl_column, implode(',',$id_group));
$tags = db_get_all_rows_sql($query);
-
+
// If not profiles returned, the user havent acl permissions
if (empty($tags)) {
return ERR_ACL;
@@ -760,7 +761,7 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR',
break;
case 'event_condition':
// Return the condition of the tags for tevento table
- $condition = tags_get_acl_tags_event_condition($acltags);
+ $condition = tags_get_acl_tags_event_condition($acltags, $meta);
if(!empty($condition)) {
return " $query_prefix "."(".$condition.")";
}
@@ -836,7 +837,7 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') {
* @return string SQL condition for tagente_module
*/
-function tags_get_acl_tags_event_condition($acltags) {
+function tags_get_acl_tags_event_condition($acltags, $meta = false) {
$condition = '';
// Get all tags of the system
@@ -870,7 +871,7 @@ function tags_get_acl_tags_event_condition($acltags) {
//~ $tags_condition .= sprintf(' OR tags LIKE "%s %%"',io_safe_input($all_tags[$tag]));
//~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s %%"',io_safe_input($all_tags[$tag]));
- $tags_condition .= sprintf('tags LIKE "%s"',io_safe_input($all_tags[$tag]));
+ $tags_condition .= sprintf('tags = "%s"',io_safe_input($all_tags[$tag]));
}
// If there is not tag condition ignore
@@ -881,8 +882,14 @@ function tags_get_acl_tags_event_condition($acltags) {
if ($condition != '') {
$condition .= ' OR ';
}
+
+ //$condition .= "($group_condition AND \n($tags_condition))\n";
- $condition .= "($group_condition AND \n($tags_condition))\n";
+ if ($meta) {
+ $condition .= "($tags_condition)\n";
+ } else {
+ $condition .= "($group_condition AND \n($tags_condition))\n";
+ }
}
//Commented because ACLs propagation don't work
@@ -1127,7 +1134,7 @@ function tags_check_acl($id_user, $id_group, $access, $tags = array()) {
function tags_check_acl_event($id_user, $id_group, $access, $tags = array(),$p = false) {
global $config;
-
+
if($id_user === false) {
$id_user = $config['id_user'];
}
@@ -1216,4 +1223,40 @@ function tags_check_acl_event($id_user, $id_group, $access, $tags = array(),$p =
}
}
}
+
+/* This function checks event ACLs */
+function tags_checks_event_acl($id_user, $id_group, $access, $tags = array(), $childrens_ids = array()) {
+ global $config;
+
+ if($id_user === false) {
+ $id_user = $config['id_user'];
+ }
+
+ $tags_user = tags_get_acl_tags($id_user, $id_group, $access, 'data', '', '', false, $childrens_ids);
+
+ // If there are wrong parameters or fail ACL check, return false
+ if($tags_user === ERR_WRONG_PARAMETERS || $acls === ERR_ACL) {
+ return false;
+ }
+
+ // If there are not tags restrictions or tags passed, return true
+ if(empty($tags_user) || empty($tags)) {
+ return true;
+ }
+
+ $tags_user_ids = array();
+ foreach ($tags_user as $id=>$tag_user) {
+ $tags_user_ids[] = $tag_user[0];
+ }
+
+ if (in_array($id_group, $childrens_ids)) { //check group
+ foreach ($tags as $tag) {
+ $tag_id = tags_get_id($tag);
+ if (in_array($tag_id, $tags_user_ids)) { //check tag
+ return true;
+ }
+ }
+ }
+ return false;
+}
?>
diff --git a/pandora_console/include/javascript/pandora_events.js b/pandora_console/include/javascript/pandora_events.js
index f7a2a3dd1d..e617d6a7ef 100644
--- a/pandora_console/include/javascript/pandora_events.js
+++ b/pandora_console/include/javascript/pandora_events.js
@@ -12,6 +12,7 @@ function show_event_dialog(event_id, group_rep, dialog_page, result) {
var user_comment = $('#hidden-user_comment_'+event_id).val();
var event_rep = $('#hidden-event_rep_'+event_id).val();
var server_id = $('#hidden-server_id_'+event_id).val();
+ var childrens_ids = $('#hidden-childrens_ids').val();
// Metaconsole mode flag
var meta = $('#hidden-meta').val();
@@ -32,6 +33,7 @@ function show_event_dialog(event_id, group_rep, dialog_page, result) {
"event_id": event_id,
"server_id": server_id,
"meta": meta,
+ "childrens_ids": childrens_ids,
"history": history},
function (data, status) {
$("#event_details_window").hide ()
diff --git a/pandora_console/operation/events/events.build_query.php b/pandora_console/operation/events/events.build_query.php
index b0e814369d..77939a167d 100755
--- a/pandora_console/operation/events/events.build_query.php
+++ b/pandora_console/operation/events/events.build_query.php
@@ -15,31 +15,34 @@
$groups = users_get_groups($id_user, 'ER');
+$propagate = db_get_value('propagate','tgrupo','id_grupo',$id_group);
+
+if ($group > 0) {
+ if ($propagate) {
+ $childrens_ids = array($id_group);
+
+ $childrens = groups_get_childrens($id_group);
+
+ if (!empty($childrens)) {
+ foreach ($childrens as $child) {
+ $childrens_ids[] = (int)$child['id_grupo'];
+ }
+ }
+ } else {
+ $childrens_ids = array();
+ }
+} else {
+ $childrens_ids = array_keys($groups);
+}
+
//Group selection
if ($id_group > 0 && in_array ($id_group, array_keys ($groups))) {
-
- if ($meta) {
- // In metaconsole the group search is performed by name
- $group_name = groups_get_name ($id_group);
- $sql_post = " AND group_name = '$group_name'";
+ if ($propagate) {
+ $sql_post = " AND id_grupo IN (" . implode(',', $childrens_ids) . ")";
}
else {
- if ($recursion) {
- $childrens_ids = array($id_group);
-
- $childrens = groups_get_childrens($id_group);
- if (!empty($childrens)) {
- foreach ($childrens as $child) {
- $childrens_ids[] = $child['id_grupo'];
- }
- }
-
- $sql_post = " AND id_grupo IN (" . implode(',', $childrens_ids) . ")";
- }
- else {
- //If a group is selected and it's in the groups allowed
- $sql_post = " AND id_grupo = $id_group";
- }
+ //If a group is selected and it's in the groups allowed
+ $sql_post = " AND id_grupo = $id_group";
}
}
else {
@@ -48,29 +51,7 @@ else {
$sql_post = "";
}
else {
- if ($meta) {
- // In metaconsole the group search is performed by name
-
- $sql_post = " AND group_name IN ( ";
- $i = 0;
- foreach ($groups as $group_id=>$group_name) {
- if ($group_id == 0) {
- continue;
- }
- if ($i==0) {
- $sql_post .= "'$group_name'";
- } else {
- $sql_post .= ",'$group_name'";
- }
- $i++;
- }
- $sql_post.= ")";
-
- } else {
- //Otherwise select all groups the user has rights to.
- $sql_post = " AND id_grupo IN (" .
- implode (",", array_keys ($groups)) . ")";
- }
+ $sql_post = " AND id_grupo IN (" . implode (",", array_keys ($groups)) . ")";
}
}
@@ -194,7 +175,7 @@ if (!empty($tag_with)) {
foreach ($tag_with as $id_tag) {
if ($first) $first = false;
else $sql_post .= " OR ";
- $sql_post .= "tags LIKE '" . tags_get_name($id_tag) . "'";
+ $sql_post .= "tags = '" . tags_get_name($id_tag) . "'";
}
$sql_post .= ' ) ';
}
@@ -226,8 +207,7 @@ else {
$group_array = array_keys($groups);
}
-$tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER',
- 'event_condition', 'AND');
+$tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER', 'event_condition', 'AND', '', $meta);
if (($tags_acls_condition != ERR_WRONG_PARAMETERS) && ($tags_acls_condition != ERR_ACL)&& ($tags_acls_condition != -110000)) {
$sql_post .= $tags_acls_condition;
diff --git a/pandora_console/operation/events/events.build_table.php b/pandora_console/operation/events/events.build_table.php
index 919de31239..83b3521bad 100644
--- a/pandora_console/operation/events/events.build_table.php
+++ b/pandora_console/operation/events/events.build_table.php
@@ -211,6 +211,7 @@ foreach ($result as $event) {
$data[$i] .= html_print_input_hidden('similar_ids_' . $event["id_evento"], $similar_ids, true);
$data[$i] .= html_print_input_hidden('timestamp_first_' . $event["id_evento"], $timestamp_first, true);
$data[$i] .= html_print_input_hidden('timestamp_last_' . $event["id_evento"], $timestamp_last, true);
+ $data[$i] .= html_print_input_hidden('childrens_ids', json_encode($childrens_ids), true);
// Store server id if is metaconsole. 0 otherwise
if ($meta) {
@@ -528,15 +529,15 @@ foreach ($result as $event) {
if(!$readonly) {
// Validate event
- if (($event["estado"] != 1) && (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'], true) == 1)) {
+ if (($event["estado"] != 1) && (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'], $childrens_ids))) {
$data[$i] .= '';
$data[$i] .= html_print_image ("images/ok.png", true,
array ("title" => __('Validate event')));
$data[$i] .= '';
}
-
+
// Delete event
- if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags']) == 1) {
+ if ((tags_checks_event_acl($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'],$childrens_ids) == 1)) {
if($event['estado'] != 2) {
$data[$i] .= '';
$data[$i] .= html_print_image ("images/cross.png", true,
@@ -561,12 +562,12 @@ foreach ($result as $event) {
$i++;
if(!$readonly) {
- if (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags']) == 1) {
+ if (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags'], $childrens_ids) == 1) {
//Checkbox
// Class 'candeleted' must be the fist class to be parsed from javascript. Dont change
$data[$i] = html_print_checkbox_extended ("validate_ids[]", $event['id_evento'], false, false, false, 'class="candeleted chk_val"', true);
}
- else if (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags']) == 1) {
+ else if (tags_checks_event_acl ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'], $childrens_ids) == 1) {
//Checkbox
$data[$i] = html_print_checkbox_extended ("validate_ids[]", $event['id_evento'], false, false, false, 'class="chk_val"', true);
}
diff --git a/pandora_console/operation/events/events_list.php b/pandora_console/operation/events/events_list.php
index 127cafd831..b5936fd105 100644
--- a/pandora_console/operation/events/events_list.php
+++ b/pandora_console/operation/events/events_list.php
@@ -602,7 +602,7 @@ if (empty ($result)) {
$allow_action = true;
$allow_pagination = true;
-
+$id_group_filter = $id_group;
require('events.build_table.php');
enterprise_hook('close_meta_frame');
diff --git a/pandora_console/operation/search_modules.getdata.php b/pandora_console/operation/search_modules.getdata.php
index 5a4d18fe57..be2fff2145 100644
--- a/pandora_console/operation/search_modules.getdata.php
+++ b/pandora_console/operation/search_modules.getdata.php
@@ -26,6 +26,7 @@ $selectModuleNameUp = '';
$selectModuleNameDown = '';
$selectAgentNameUp = '';
$selectAgentNameDown = '';
+$is_admin = (bool)db_get_value('is_admin', 'tusuario', 'id_user', $config['id_user']);
switch ($sortField) {
case 'module_name':
@@ -67,23 +68,28 @@ if ($searchModules) {
$tags = tags_get_user_tags();
$sql_tags = "'no_check_tags' = 'no_check_tags'";
if (!empty($tags)) {
- $sql_tags = "
- (
- t1.id_agente_modulo IN
+
+ if ($is_admin) {
+ $sql_tags = "1=1";
+ } else {
+ $sql_tags = "
(
- SELECT tt.id_agente_modulo
- FROM ttag_module AS tt
- WHERE id_tag IN (" . implode(",", array_keys($tags)) . ")
+ t1.id_agente_modulo IN
+ (
+ SELECT tt.id_agente_modulo
+ FROM ttag_module AS tt
+ WHERE id_tag IN (" . implode(",", array_keys($tags)) . ")
+ )
+
+ OR
+
+ t1.id_agente_modulo IN (
+ SELECT id_agente_modulo
+ FROM ttag_module
+ )
)
-
- OR
-
- t1.id_agente_modulo NOT IN (
- SELECT id_agente_modulo
- FROM ttag_module
- )
- )
- ";
+ ";
+ }
}
switch ($config["dbtype"]) {