From 054b915846d3e984dd819192ba423bfffaa0407c Mon Sep 17 00:00:00 2001 From: Fermin Date: Thu, 7 Jun 2018 13:11:40 +0200 Subject: [PATCH] [ACL API] Fixed get planned_downtimes_items and added ACL to more the rest of get functions --- pandora_console/include/functions_api.php | 43 +++++++++++++++++-- .../include/functions_planned_downtimes.php | 28 +++++++++--- 2 files changed, 60 insertions(+), 11 deletions(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index f78f73cac0..e973c6bfda 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -93,6 +93,10 @@ function returnError($typeError, $returnType = 'string') { returnData($returnType, array('type' => 'string', 'data' => __('The user has not enough permission to make this action.'))); break; + case 'no_data_to_show': + returnData($returnType, + array('type' => 'string', 'data' => __('No data to show.'))); + break; default: returnData("string", array('type' => 'string', 'data' => __($returnType))); @@ -2116,6 +2120,7 @@ function api_get_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) { } else { $agent_id = agents_get_agent_id($other['data'][0],true); + if (!util_api_check_agent_and_print_error($agent_id, 'csv')) return; $sql = sprintf("SELECT groups.nombre nombre FROM tagente agents, tgrupo groups @@ -2149,7 +2154,11 @@ function api_get_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) { * @param $thrash3 Don't use. */ function api_get_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) { - + global $config; + if (!check_acl($config['id_user'], 0, "AR")) { + returnError('forbidden', 'csv'); + return; + } $group_names =array(); if (is_metaconsole()) { @@ -2188,6 +2197,8 @@ function api_get_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) { $agent_id = db_get_all_rows_sql($sql); foreach ($agent_id as &$id) { + if(!users_access_to_agent($id['id_agente'])) continue; + $sql = sprintf("SELECT groups.nombre nombre FROM tagente agents, tgrupo groups WHERE id_agente = %d @@ -2303,6 +2314,8 @@ function api_get_id_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) { } else { $agent_id = agents_get_agent_id($other['data'][0],true); + + if(!util_api_check_agent_and_print_error($agent_id, 'csv')) return; $sql = sprintf("SELECT groups.id_grupo id_group FROM tagente agents, tgrupo groups @@ -2336,9 +2349,15 @@ function api_get_id_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) { * @param $thrash3 Don't use. */ function api_get_id_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) { - + global $config; + + if (!check_acl($config['id_user'], 0, "AR")) { + returnError('forbidden', 'csv'); + return; + } + $group_names =array(); - + if (is_metaconsole()) { $servers = db_get_all_rows_sql ("SELECT * FROM tmetaconsole_setup @@ -2375,6 +2394,8 @@ function api_get_id_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) { $agent_id = db_get_all_rows_sql($sql); foreach ($agent_id as &$id) { + if(!users_access_to_agent($id['id_agente'])) continue; + $sql = sprintf("SELECT groups.id_grupo id_group FROM tagente agents, tgrupo groups WHERE id_agente = %d @@ -5036,10 +5057,17 @@ function api_get_all_planned_downtimes ($thrash1, $thrash2, $other, $returnType */ function api_get_planned_downtimes_items ($thrash1, $thrash2, $other, $returnType = 'json') { + global $config; + if (defined ('METACONSOLE')) { return; } + if(!check_acl($config['id_user'], 0, "AR")) { + returnError('forbidden', $returnType); + return; + } + $values = array(); $values = array( "name LIKE '%".$other['data'][0]."%'" @@ -5066,9 +5094,16 @@ function api_get_planned_downtimes_items ($thrash1, $thrash2, $other, $returnTyp $filter['id_downtime'] = $downtime['id']; - $return[] = planned_downtimes_items ($filter); + $items = planned_downtimes_items ($filter); + if ($items !== false) $return[] = $items; } + // If the header is the unique element in the array, return an error + if (count($return) == 1) { + returnError('no_data_to_show', $returnType); + return; + } + if ($is_quiet) $return['list_index'][] = 'modules'; diff --git a/pandora_console/include/functions_planned_downtimes.php b/pandora_console/include/functions_planned_downtimes.php index 8da0660504..eb0b730649 100644 --- a/pandora_console/include/functions_planned_downtimes.php +++ b/pandora_console/include/functions_planned_downtimes.php @@ -752,10 +752,20 @@ function planned_downtimes_items ($filter) { $downtime_agents = db_get_all_rows_filter('tplanned_downtime_agents',$filter, 'id_agent,id_downtime,all_modules'); $downtime = db_get_row_filter('tplanned_downtime',array('id' => $filter['id_downtime']), 'type_downtime'); - + + $return = array( + 'id_agents' => array(), + 'id_downtime' => $filter['id_downtime'], + 'all_modules' => 0, + 'modules' => array(), + ); foreach ( $downtime_agents as $key => $data ) { - $return = $data; - $modules = array(); + // Do not add the agent information if no permissions + if (!agents_check_access_agent($data['id_agent'], "AR")) continue; + + $return['id_agents'][] = $data['id_agent']; + $return['id_downtime'] = $data['id_downtime']; + $return['all_modules'] = $data['all_modules']; if ($downtime['type_downtime'] === 'quiet') { if (!$data['all_modules']) { $second_filter = array( @@ -765,14 +775,18 @@ function planned_downtimes_items ($filter) { $downtime_modules = db_get_all_rows_filter('tplanned_downtime_modules',$second_filter, 'id_agent_module'); if ( $downtime_modules ) { foreach ( $downtime_modules as $data2 ) { - $modules[] = $data2['id_agent_module']; + $return['modules'][$data2['id_agent_module']] = $data2['id_agent_module']; } - $return['modules'] = implode(',', $modules); } } } - } - + } + + if (empty($return['id_agents'])) return false; + + // Implode agents and modules + $return['id_agents'] = implode(',', $return['id_agents']); + $return['modules'] = implode(',', $return['modules']); return $return; }