From 12baeb10b345f6675da229531dcb0c05eddd08dc Mon Sep 17 00:00:00 2001
From: juanmanuelr <noreply@pandorafms.org>
Date: Fri, 17 Jan 2014 11:53:30 +0000
Subject: [PATCH] 2014-01-17 Juan Manuel Ramon Vigo
 <juanmanuel.ramon@artica.es>

        * godmode/events/event_edit_filter.php
        include/functions_events.php
        operation/events/events_list.php:Fixed an ACL issue with event filters.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@9335 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                            | 6 ++++++
 pandora_console/godmode/events/event_edit_filter.php | 9 +++++++--
 pandora_console/include/functions_events.php         | 5 +++--
 pandora_console/operation/events/events_list.php     | 8 ++++++--
 4 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index dddfa8a104..e7cd2050ff 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,9 @@
+2014-01-17 Juan Manuel Ramon Vigo <juanmanuel.ramon@artica.es>
+
+	* godmode/events/event_edit_filter.php
+	include/functions_events.php
+	operation/events/events_list.php:Fixed an ACL issue with event filters.
+
 2014-01-17  Sergio Martin <sergio.martin@artica.es>
 
 	* include/functions_events.php: Added ack_utimestamp and id_agent
diff --git a/pandora_console/godmode/events/event_edit_filter.php b/pandora_console/godmode/events/event_edit_filter.php
index d07526808f..da6e149ba5 100644
--- a/pandora_console/godmode/events/event_edit_filter.php
+++ b/pandora_console/godmode/events/event_edit_filter.php
@@ -218,7 +218,10 @@ $table->data[9][0] = '<b>' . __('Max. hours old') . '</b>';
 $table->data[9][1] = html_print_input_text ('event_view_hr', $event_view_hr, '', 5, 255, true);
 
 $table->data[10][0] = '<b>' . __('User ack.') . '</b>'. ' ' . ui_print_help_tip (__('Choose between the users who have validated an event. '), true);
-$users = users_get_info ();
+
+# Fix : Only admin user can see all users 
+$users = users_get_user_users($config['id_user'], "ER", users_can_manage_group_all(0));
+
 $table->data[10][1] = html_print_select ($users, "id_user_ack", $id_user_ack, '', __('Any'), 0, true);
 
 $repeated_sel[0] = __("All events");
@@ -236,7 +239,9 @@ if(empty($tag_without)) {
 	$tag_without = array();
 }
 
-$tags = tags_search_tag(false, false, true);
+# Fix : only admin users can see all tags
+$tags = tags_get_user_tags($config['id_user'], 'ER');
+
 $tags_select_with = array();
 $tags_select_without = array();
 $tag_with_temp = array();
diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php
index 108e24ca38..da1c45b54e 100644
--- a/pandora_console/include/functions_events.php
+++ b/pandora_console/include/functions_events.php
@@ -1489,12 +1489,13 @@ function events_get_event_filter ($id_filter, $filter = false, $fields = false)
 /**
  *  Get a event filters in select format.
  *
+ * @param boolean If event filters are used for manage/view operations (non admin users can see group ALL for manage) # Fix
  * @return array A event filter matching id and filter or false.
  */
-function events_get_event_filter_select(){
+function events_get_event_filter_select($manage = true){
 	global $config;
 	
-	$user_groups = users_get_groups ($config['id_user'], "EW", true, true);
+	$user_groups = users_get_groups ($config['id_user'], "EW", $manage, true);
 	if(empty($user_groups)) {
 		return array();
 	}
diff --git a/pandora_console/operation/events/events_list.php b/pandora_console/operation/events/events_list.php
index 0e24f98c90..26982f6b55 100644
--- a/pandora_console/operation/events/events_list.php
+++ b/pandora_console/operation/events/events_list.php
@@ -208,7 +208,8 @@ if (check_acl ($config["id_user"], 0, "EW") || check_acl ($config["id_user"], 0,
 	$data[0] = __('Filter name') . '<br>';
 	$data[0] .= html_print_input_text ('id_name', '', '', 15, 255, true);
 	$data[1] = __('Filter group') . '<br>';
-	$data[1] .= html_print_select_groups($config["id_user"], "ER", true, 'id_group', $id_group, '', '', 0, true, false, false, 'w130');
+	# Fix : Only admin users can see group ALL
+	$data[1] .= html_print_select_groups($config["id_user"], "ER", users_can_manage_group_all(), 'id_group', $id_group, '', '', 0, true, false, false, 'w130');
 	$table->data[] = $data;
 	$table->rowclass[] = '';
 
@@ -223,7 +224,10 @@ if (check_acl ($config["id_user"], 0, "EW") || check_acl ($config["id_user"], 0,
 	$data = array();
 	$table->rowid[3] = 'update_filter_row1';
 	$data[0] = __("Overwrite filter") . '<br>';
-	$data[0] .= html_print_select ($filters, "overwrite_filter", '', '', '', 0, true);
+	# Fix  : Only admin user can see filters of group ALL for update
+	$_filters_update = events_get_event_filter_select(false);
+
+	$data[0] .= html_print_select ($_filters_update, "overwrite_filter", '', '', '', 0, true);
 	$data[1] = html_print_submit_button (__('Update filter'), 'update_filter', false, 'class="sub upd"', true);
 	$table->data[] = $data;
 	$table->rowclass[] = '';