tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 00:04:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added public dashboard authentication to some components

Browse Source
This commit is contained in:
fermin831 2017-11-21 16:59:49 +01:00
parent 92c7eb59f5
commit 0f814c0b63
4 changed files with 72 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pandora_console/include/ajax/tree.ajax.php
View File

@ -17,8 +17,25 @@
if (is_ajax ()) { if (is_ajax ()) {
global $config; global $config;
// Login check enterprise_include_once("include/functions_dashboard.php");
check_login ();
$public_hash = get_parameter('hash', 0);
// Try to authenticate by hash on public dashboards
if ($public_hash != 0) {
// Login check
check_login();
} else {
$validate_hash = enterprise_hook(
'dasboard_validate_public_hash',
array($public_hash, 'tree_view')
);
if ($validate_hash === false || $validate_hash === ENTERPRISE_NOT_HOOK) {
db_pandora_audit("Invalid public hash", "Trying to access report builder");
require ("general/noaccess.php");
exit;
}
}
require_once($config['homedir'] . "/include/class/Tree.class.php"); require_once($config['homedir'] . "/include/class/Tree.class.php");
enterprise_include_once("include/class/Tree.class.php"); enterprise_include_once("include/class/Tree.class.php");
@ -36,6 +53,10 @@ if (is_ajax ()) {
$rootID = get_parameter('rootID', -1); $rootID = get_parameter('rootID', -1);
$serverID = get_parameter('serverID', false); $serverID = get_parameter('serverID', false);
$childrenMethod = get_parameter('childrenMethod', 'on_demand'); $childrenMethod = get_parameter('childrenMethod', 'on_demand');
$hash = get_parameter('hash', false);
if ($hash !== false) {
enterprise_hook('dasboard_validate_public_hash', array($hash, 'tree_view'));
}
$default_filters = array( $default_filters = array(
'searchAgent' => '', 'searchAgent' => '',

31
pandora_console/include/ajax/visual_console.ajax.php
View File

@ -12,12 +12,29 @@
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details. // GNU General Public License for more details.
// Login check
global $config; global $config;
// Public dashboards have not user. Try to get from URL enterprise_include_once ('include/functions_dashboard.php');
if (!isset($config['id_user'])) { require_once('include/functions_visual_map.php');
$config['id_user'] = get_parameter('id_user'); enterprise_include_once('include/functions_visual_map.php');
$public_hash = get_parameter('hash', false);
$id_visual_console = get_parameter('id_visual_console', null);
// Try to authenticate by hash on public dashboards
if ($public_hash === false) {
// Login check
check_login();
} else {
$validate_hash = enterprise_hook(
'dasboard_validate_public_hash',
array($public_hash, $id_visual_console, 'visual_console')
);
if ($validate_hash === false || $validate_hash === ENTERPRISE_NOT_HOOK) {
db_pandora_audit("Invalid public hash", "Trying to access report builder");
require ("general/noaccess.php");
exit;
}
} }
// Fix: IW was the old ACL to check for report editing, now is RW // Fix: IW was the old ACL to check for report editing, now is RW
@ -32,12 +49,6 @@ if (! check_acl ($config['id_user'], 0, "VR")) {
//Fix ajax to avoid include the file, 'functions_graph.php'. //Fix ajax to avoid include the file, 'functions_graph.php'.
$ajax = true; $ajax = true;
require_once('include/functions_visual_map.php');
enterprise_include_once('include/functions_visual_map.php');
$id_visual_console = get_parameter('id_visual_console', null);
$render_map = (bool)get_parameter('render_map', false); $render_map = (bool)get_parameter('render_map', false);
$graph_javascript = (bool)get_parameter('graph_javascript', false); $graph_javascript = (bool)get_parameter('graph_javascript', false);

10
pandora_console/include/javascript/tree/TreeController.js
View File

@ -572,6 +572,12 @@ var TreeController = {
}); });
} }
} }
// Get hash and user.
var public_hash = $("#hidden-publi_dash_tree_view_hash" ).val();
if (typeof(public_hash) === 'undefined') public_hash = 0;
var public_user = $("#hidden-publi_dash_tree_view_id_user" ).val();
if (typeof(public_user) === 'undefined') public_user = 0;
if (typeof element.searchChildren != 'undefined' && element.searchChildren) { if (typeof element.searchChildren != 'undefined' && element.searchChildren) {
$node $node
.removeClass("leaf-empty") .removeClass("leaf-empty")
@ -598,7 +604,9 @@ var TreeController = {
rootID: element.rootID, rootID: element.rootID,
serverID: element.serverID, serverID: element.serverID,
rootType: element.rootType, rootType: element.rootType,
filter: controller.filter filter: controller.filter,
hash: public_hash,
id_user: public_user
}, },
complete: function(xhr, textStatus) { complete: function(xhr, textStatus) {
$node.removeClass("leaf-loading"); $node.removeClass("leaf-loading");

24
pandora_console/operation/agentes/pandora_networkmap.view.php
View File

@ -13,15 +13,29 @@
// Load global variables // Load global variables
global $config; global $config;
// Public dashboards have not user. Try to get from URL
if (!isset($config['id_user'])) {
$config['id_user'] = get_parameter('id_user');
}
require_once ('include/functions_pandora_networkmap.php'); require_once ('include/functions_pandora_networkmap.php');
enterprise_include_once('include/functions_policies.php'); enterprise_include_once('include/functions_policies.php');
enterprise_include_once('include/functions_dashboard.php');
require_once ('include/functions_modules.php'); require_once ('include/functions_modules.php');
$public_hash = get_parameter('hash', false);
// Try to authenticate by hash on public dashboards
if ($public_hash === false) {
// Login check
check_login();
} else {
$validate_hash = enterprise_hook(
'dasboard_validate_public_hash',
array($public_hash, get_parameter('networkmap_id'), 'network_map')
);
if ($validate_hash === false || $validate_hash === ENTERPRISE_NOT_HOOK) {
db_pandora_audit("Invalid public hash", "Trying to access report builder");
require ("general/noaccess.php");
exit;
}
}
//--------------INIT AJAX----------------------------------------------- //--------------INIT AJAX-----------------------------------------------
if (is_ajax ()) { if (is_ajax ()) {
$update_refresh_state = (bool)get_parameter('update_refresh_state',false); $update_refresh_state = (bool)get_parameter('update_refresh_state',false);