[ACL API] Fixed get planned_downtimes_items and added ACL to more the rest of get functions

This commit is contained in:
Fermin 2018-06-07 13:11:40 +02:00
parent 2e1bb2ac9c
commit 054b915846
2 changed files with 60 additions and 11 deletions

View File

@ -93,6 +93,10 @@ function returnError($typeError, $returnType = 'string') {
returnData($returnType,
array('type' => 'string', 'data' => __('The user has not enough permission to make this action.')));
break;
case 'no_data_to_show':
returnData($returnType,
array('type' => 'string', 'data' => __('No data to show.')));
break;
default:
returnData("string",
array('type' => 'string', 'data' => __($returnType)));
@ -2116,6 +2120,7 @@ function api_get_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) {
}
else {
$agent_id = agents_get_agent_id($other['data'][0],true);
if (!util_api_check_agent_and_print_error($agent_id, 'csv')) return;
$sql = sprintf("SELECT groups.nombre nombre
FROM tagente agents, tgrupo groups
@ -2149,7 +2154,11 @@ function api_get_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) {
* @param $thrash3 Don't use.
*/
function api_get_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) {
global $config;
if (!check_acl($config['id_user'], 0, "AR")) {
returnError('forbidden', 'csv');
return;
}
$group_names =array();
if (is_metaconsole()) {
@ -2188,6 +2197,8 @@ function api_get_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) {
$agent_id = db_get_all_rows_sql($sql);
foreach ($agent_id as &$id) {
if(!users_access_to_agent($id['id_agente'])) continue;
$sql = sprintf("SELECT groups.nombre nombre
FROM tagente agents, tgrupo groups
WHERE id_agente = %d
@ -2303,6 +2314,8 @@ function api_get_id_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) {
}
else {
$agent_id = agents_get_agent_id($other['data'][0],true);
if(!util_api_check_agent_and_print_error($agent_id, 'csv')) return;
$sql = sprintf("SELECT groups.id_grupo id_group
FROM tagente agents, tgrupo groups
@ -2336,9 +2349,15 @@ function api_get_id_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) {
* @param $thrash3 Don't use.
*/
function api_get_id_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) {
global $config;
if (!check_acl($config['id_user'], 0, "AR")) {
returnError('forbidden', 'csv');
return;
}
$group_names =array();
if (is_metaconsole()) {
$servers = db_get_all_rows_sql ("SELECT *
FROM tmetaconsole_setup
@ -2375,6 +2394,8 @@ function api_get_id_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) {
$agent_id = db_get_all_rows_sql($sql);
foreach ($agent_id as &$id) {
if(!users_access_to_agent($id['id_agente'])) continue;
$sql = sprintf("SELECT groups.id_grupo id_group
FROM tagente agents, tgrupo groups
WHERE id_agente = %d
@ -5036,10 +5057,17 @@ function api_get_all_planned_downtimes ($thrash1, $thrash2, $other, $returnType
*/
function api_get_planned_downtimes_items ($thrash1, $thrash2, $other, $returnType = 'json') {
global $config;
if (defined ('METACONSOLE')) {
return;
}
if(!check_acl($config['id_user'], 0, "AR")) {
returnError('forbidden', $returnType);
return;
}
$values = array();
$values = array(
"name LIKE '%".$other['data'][0]."%'"
@ -5066,9 +5094,16 @@ function api_get_planned_downtimes_items ($thrash1, $thrash2, $other, $returnTyp
$filter['id_downtime'] = $downtime['id'];
$return[] = planned_downtimes_items ($filter);
$items = planned_downtimes_items ($filter);
if ($items !== false) $return[] = $items;
}
// If the header is the unique element in the array, return an error
if (count($return) == 1) {
returnError('no_data_to_show', $returnType);
return;
}
if ($is_quiet)
$return['list_index'][] = 'modules';

View File

@ -752,10 +752,20 @@ function planned_downtimes_items ($filter) {
$downtime_agents = db_get_all_rows_filter('tplanned_downtime_agents',$filter, 'id_agent,id_downtime,all_modules');
$downtime = db_get_row_filter('tplanned_downtime',array('id' => $filter['id_downtime']), 'type_downtime');
$return = array(
'id_agents' => array(),
'id_downtime' => $filter['id_downtime'],
'all_modules' => 0,
'modules' => array(),
);
foreach ( $downtime_agents as $key => $data ) {
$return = $data;
$modules = array();
// Do not add the agent information if no permissions
if (!agents_check_access_agent($data['id_agent'], "AR")) continue;
$return['id_agents'][] = $data['id_agent'];
$return['id_downtime'] = $data['id_downtime'];
$return['all_modules'] = $data['all_modules'];
if ($downtime['type_downtime'] === 'quiet') {
if (!$data['all_modules']) {
$second_filter = array(
@ -765,14 +775,18 @@ function planned_downtimes_items ($filter) {
$downtime_modules = db_get_all_rows_filter('tplanned_downtime_modules',$second_filter, 'id_agent_module');
if ( $downtime_modules ) {
foreach ( $downtime_modules as $data2 ) {
$modules[] = $data2['id_agent_module'];
$return['modules'][$data2['id_agent_module']] = $data2['id_agent_module'];
}
$return['modules'] = implode(',', $modules);
}
}
}
}
}
if (empty($return['id_agents'])) return false;
// Implode agents and modules
$return['id_agents'] = implode(',', $return['id_agents']);
$return['modules'] = implode(',', $return['modules']);
return $return;
}