tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

[ACL API] Fixed get planned_downtimes_items and added ACL to more the rest of get functions

Browse Source
This commit is contained in:
Fermin 2018-06-07 13:11:40 +02:00
parent 2e1bb2ac9c
commit 054b915846
2 changed files with 60 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
pandora_console/include/functions_api.php
View File

@ -93,6 +93,10 @@ function returnError($typeError, $returnType = 'string') {
returnData($returnType, returnData($returnType,
array('type' => 'string', 'data' => __('The user has not enough permission to make this action.'))); array('type' => 'string', 'data' => __('The user has not enough permission to make this action.')));
break; break;
case 'no_data_to_show':
returnData($returnType,
array('type' => 'string', 'data' => __('No data to show.')));
break;
default: default:
returnData("string", returnData("string",
array('type' => 'string', 'data' => __($returnType))); array('type' => 'string', 'data' => __($returnType)));
@ -2116,6 +2120,7 @@ function api_get_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) {
} }
else { else {
$agent_id = agents_get_agent_id($other['data'][0],true); $agent_id = agents_get_agent_id($other['data'][0],true);
if (!util_api_check_agent_and_print_error($agent_id, 'csv')) return;
$sql = sprintf("SELECT groups.nombre nombre $sql = sprintf("SELECT groups.nombre nombre
FROM tagente agents, tgrupo groups FROM tagente agents, tgrupo groups
@ -2149,7 +2154,11 @@ function api_get_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) {
* @param $thrash3 Don't use. * @param $thrash3 Don't use.
*/ */
function api_get_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) { function api_get_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) {
global $config;
if (!check_acl($config['id_user'], 0, "AR")) {
returnError('forbidden', 'csv');
return;
}
$group_names =array(); $group_names =array();
if (is_metaconsole()) { if (is_metaconsole()) {
@ -2188,6 +2197,8 @@ function api_get_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) {
$agent_id = db_get_all_rows_sql($sql); $agent_id = db_get_all_rows_sql($sql);
foreach ($agent_id as &$id) { foreach ($agent_id as &$id) {
if(!users_access_to_agent($id['id_agente'])) continue;
$sql = sprintf("SELECT groups.nombre nombre $sql = sprintf("SELECT groups.nombre nombre
FROM tagente agents, tgrupo groups FROM tagente agents, tgrupo groups
WHERE id_agente = %d WHERE id_agente = %d
@ -2304,6 +2315,8 @@ function api_get_id_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) {
else { else {
$agent_id = agents_get_agent_id($other['data'][0],true); $agent_id = agents_get_agent_id($other['data'][0],true);
if(!util_api_check_agent_and_print_error($agent_id, 'csv')) return;
$sql = sprintf("SELECT groups.id_grupo id_group $sql = sprintf("SELECT groups.id_grupo id_group
FROM tagente agents, tgrupo groups FROM tagente agents, tgrupo groups
WHERE id_agente = %d WHERE id_agente = %d
@ -2336,6 +2349,12 @@ function api_get_id_group_agent_by_name($thrash1, $thrash2, $other, $thrash3) {
* @param $thrash3 Don't use. * @param $thrash3 Don't use.
*/ */
function api_get_id_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) { function api_get_id_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) {
global $config;
if (!check_acl($config['id_user'], 0, "AR")) {
returnError('forbidden', 'csv');
return;
}
$group_names =array(); $group_names =array();
@ -2375,6 +2394,8 @@ function api_get_id_group_agent_by_alias($thrash1, $thrash2, $other, $thrash3) {
$agent_id = db_get_all_rows_sql($sql); $agent_id = db_get_all_rows_sql($sql);
foreach ($agent_id as &$id) { foreach ($agent_id as &$id) {
if(!users_access_to_agent($id['id_agente'])) continue;
$sql = sprintf("SELECT groups.id_grupo id_group $sql = sprintf("SELECT groups.id_grupo id_group
FROM tagente agents, tgrupo groups FROM tagente agents, tgrupo groups
WHERE id_agente = %d WHERE id_agente = %d
@ -5036,10 +5057,17 @@ function api_get_all_planned_downtimes ($thrash1, $thrash2, $other, $returnType
*/ */
function api_get_planned_downtimes_items ($thrash1, $thrash2, $other, $returnType = 'json') { function api_get_planned_downtimes_items ($thrash1, $thrash2, $other, $returnType = 'json') {
global $config;
if (defined ('METACONSOLE')) { if (defined ('METACONSOLE')) {
return; return;
} }
if(!check_acl($config['id_user'], 0, "AR")) {
returnError('forbidden', $returnType);
return;
}
$values = array(); $values = array();
$values = array( $values = array(
"name LIKE '%".$other['data'][0]."%'" "name LIKE '%".$other['data'][0]."%'"
@ -5066,7 +5094,14 @@ function api_get_planned_downtimes_items ($thrash1, $thrash2, $other, $returnTyp
$filter['id_downtime'] = $downtime['id']; $filter['id_downtime'] = $downtime['id'];
$return[] = planned_downtimes_items ($filter); $items = planned_downtimes_items ($filter);
if ($items !== false) $return[] = $items;
}
// If the header is the unique element in the array, return an error
if (count($return) == 1) {
returnError('no_data_to_show', $returnType);
return;
} }
if ($is_quiet) if ($is_quiet)

22
pandora_console/include/functions_planned_downtimes.php
View File

@ -753,9 +753,19 @@ function planned_downtimes_items ($filter) {
$downtime_agents = db_get_all_rows_filter('tplanned_downtime_agents',$filter, 'id_agent,id_downtime,all_modules'); $downtime_agents = db_get_all_rows_filter('tplanned_downtime_agents',$filter, 'id_agent,id_downtime,all_modules');
$downtime = db_get_row_filter('tplanned_downtime',array('id' => $filter['id_downtime']), 'type_downtime'); $downtime = db_get_row_filter('tplanned_downtime',array('id' => $filter['id_downtime']), 'type_downtime');
$return = array(
'id_agents' => array(),
'id_downtime' => $filter['id_downtime'],
'all_modules' => 0,
'modules' => array(),
);
foreach ( $downtime_agents as $key => $data ) { foreach ( $downtime_agents as $key => $data ) {
$return = $data; // Do not add the agent information if no permissions
$modules = array(); if (!agents_check_access_agent($data['id_agent'], "AR")) continue;
$return['id_agents'][] = $data['id_agent'];
$return['id_downtime'] = $data['id_downtime'];
$return['all_modules'] = $data['all_modules'];
if ($downtime['type_downtime'] === 'quiet') { if ($downtime['type_downtime'] === 'quiet') {
if (!$data['all_modules']) { if (!$data['all_modules']) {
$second_filter = array( $second_filter = array(
@ -765,14 +775,18 @@ function planned_downtimes_items ($filter) {
$downtime_modules = db_get_all_rows_filter('tplanned_downtime_modules',$second_filter, 'id_agent_module'); $downtime_modules = db_get_all_rows_filter('tplanned_downtime_modules',$second_filter, 'id_agent_module');
if ( $downtime_modules ) { if ( $downtime_modules ) {
foreach ( $downtime_modules as $data2 ) { foreach ( $downtime_modules as $data2 ) {
$modules[] = $data2['id_agent_module']; $return['modules'][$data2['id_agent_module']] = $data2['id_agent_module'];
} }
$return['modules'] = implode(',', $modules);
} }
} }
} }
} }
if (empty($return['id_agents'])) return false;
// Implode agents and modules
$return['id_agents'] = implode(',', $return['id_agents']);
$return['modules'] = implode(',', $return['modules']);
return $return; return $return;
} }