tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

[API ACL] Fixed the rest of reopened node API ACL fails

Browse Source
This commit is contained in:
fermin831 2018-06-19 17:05:23 +02:00
parent 2fc6b86251
commit 0d2ee35e0f
1 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pandora_console/include/functions_api.php
View File

@ -4832,7 +4832,7 @@ function api_set_validate_all_alerts($id, $thrash1, $other, $thrash3) {
return; return;
} }
if (!check_acl($config['id_user'], 0, "LM")){ if (!check_acl($config['id_user'], 0, "LW")){
returnError('forbidden', 'string'); returnError('forbidden', 'string');
return; return;
} }
@ -4856,7 +4856,7 @@ function api_set_validate_all_alerts($id, $thrash1, $other, $thrash3) {
ON t2.id_agente = t3.id_agente ON t2.id_agente = t3.id_agente
INNER JOIN talert_templates t4 INNER JOIN talert_templates t4
ON talert_template_modules.id_alert_template = t4.id ON talert_template_modules.id_alert_template = t4.id
WHERE id_agent_module in (%s)", $agents_string); WHERE t3.id_agente in (%s)", $agents_string);
$alerts = db_get_all_rows_sql($sql); $alerts = db_get_all_rows_sql($sql);
if ($alerts === false) $alerts = array(); if ($alerts === false) $alerts = array();
@ -4864,7 +4864,7 @@ function api_set_validate_all_alerts($id, $thrash1, $other, $thrash3) {
$total_alerts = count($alerts); $total_alerts = count($alerts);
$count_results = 0; $count_results = 0;
foreach ($alerts as $alert) { foreach ($alerts as $alert) {
$result = alerts_validate_alert_agent_module($alert['id'], true); $result = alerts_validate_alert_agent_module($alert['id'], false);
if ($result) { if ($result) {
$count_results++; $count_results++;
@ -6834,7 +6834,7 @@ function api_set_create_netflow_filter($thrash1, $thrash2, $other, $thrash3) {
return; return;
} }
if (!check_acl($config['id_user'], 0, "AW")) { if (!check_acl($config['id_user'], $other['data'][1], "AW")) {
returnError('forbidden', 'string'); returnError('forbidden', 'string');
return; return;
} }
@ -7514,7 +7514,7 @@ function api_set_module_data($id, $thrash2, $other, $trash1) {
} }
if ($other['type'] == 'array') { if ($other['type'] == 'array') {
if (!util_api_check_agent_and_print_error(modules_get_agentmodule_agent($$id), 'string', 'AW')) { if (!util_api_check_agent_and_print_error(modules_get_agentmodule_agent($id), 'string', 'AW')) {
return; return;
} }
$idAgentModule = $id; $idAgentModule = $id;
@ -10267,6 +10267,24 @@ function api_set_create_special_day($thrash1, $thrash2, $other, $thrash3) {
return; return;
} }
if (!isset($idGroup) || $idGroup == '') {
returnError('error_create_special_day', __('Error creating special day. Group id cannot be left blank.'));
return;
}
else {
$group = groups_get_group_by_id($idGroup);
if ($group == false) {
returnError('error_create_special_day', __('Error creating special day. Id_group doesn\'t exist.'));
return;
}
if (!check_acl($config['id_user'], $idGroup, "LM")) {
returnError('forbidden', 'string');
return;
}
}
$values = array( $values = array(
'description' => $other['data'][2], 'description' => $other['data'][2],
'id_group' => $other['data'][3], 'id_group' => $other['data'][3],