tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

13293-Fix ACL in Discovery view

This commit is contained in:
Pablo Aragon 2024-05-07 15:42:12 +02:00
parent 3ce9156e12
commit 1695886014
2 changed files with 84 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pandora_console/godmode/wizards/ManageExtensions.class.php
View File

@ -160,6 +160,16 @@ class ManageExtensions extends HTML
public function run() public function run()
{ {
global $config; global $config;
if (! check_acl($config['id_user'], 0, 'AR')) {
db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION,
'Trying to access Manage disco packages'
);
include 'general/noaccess.php';
return;
}
// Load styles. // Load styles.
parent::run(); parent::run();
@ -278,6 +288,7 @@ class ManageExtensions extends HTML
$this->printHeader(true) $this->printHeader(true)
); );
if ((bool) check_acl($config['id_user'], 0, 'AW') === true) {
$table = new stdClass(); $table = new stdClass();
$table->width = '100%'; $table->width = '100%';
$table->class = 'databox filters'; $table->class = 'databox filters';
@ -324,6 +335,7 @@ class ManageExtensions extends HTML
echo '</div>'; echo '</div>';
echo '</form>'; echo '</form>';
}
echo '<script type="text/javascript"> echo '<script type="text/javascript">
var page = "'.$this->ajaxController.'"; var page = "'.$this->ajaxController.'";
@ -366,7 +378,7 @@ class ManageExtensions extends HTML
ui_print_datatable( ui_print_datatable(
[ [
'id' => 'list_extensions', 'id' => 'list_extensions',
'class' => 'info_table', 'class' => 'info_table discovery-list-extensions',
'style' => 'width: 99%', 'style' => 'width: 99%',
'dom_elements' => 'plfti', 'dom_elements' => 'plfti',
'filter_main_class' => 'box-flat white_table_graph fixed_filter_bar', 'filter_main_class' => 'box-flat white_table_graph fixed_filter_bar',
@ -723,7 +735,10 @@ class ManageExtensions extends HTML
$data[$key]['short_name'] = $row['short_name']; $data[$key]['short_name'] = $row['short_name'];
$data[$key]['description'] = io_safe_output($row['description']); $data[$key]['description'] = io_safe_output($row['description']);
$data[$key]['version'] = $row['version']; $data[$key]['version'] = $row['version'];
$data[$key]['actions'] = '<form name="grupo" method="post" class="rowPair table_action_buttons" action="'.$this->url.'&action=delete">';
$data[$key]['actions'] = '';
if ((bool) check_acl($config['id_user'], 0, 'AW') === true) {
$data[$key]['actions'] .= '<form name="grupo" method="post" class="rowPair table_action_buttons" action="'.$this->url.'&action=delete">';
$data[$key]['actions'] .= html_print_input_image( $data[$key]['actions'] .= html_print_input_image(
'button_delete', 'button_delete',
'images/delete.svg', 'images/delete.svg',
@ -738,8 +753,10 @@ class ManageExtensions extends HTML
); );
$data[$key]['actions'] .= html_print_input_hidden('short_name', $row['short_name'], true); $data[$key]['actions'] .= html_print_input_hidden('short_name', $row['short_name'], true);
$data[$key]['actions'] .= '</form>'; $data[$key]['actions'] .= '</form>';
}
if ($this->checkFolderConsole($row['short_name']) === true) { if ($this->checkFolderConsole($row['short_name']) === true) {
if ((bool) check_acl($config['id_user'], 0, 'AW') === true) {
$data[$key]['actions'] .= '<form name="grupo" method="post" class="rowPair table_action_buttons" action="'.$this->url.'&action=sync_server">'; $data[$key]['actions'] .= '<form name="grupo" method="post" class="rowPair table_action_buttons" action="'.$this->url.'&action=sync_server">';
$data[$key]['actions'] .= html_print_input_image( $data[$key]['actions'] .= html_print_input_image(
'button_refresh', 'button_refresh',
@ -756,6 +773,7 @@ class ManageExtensions extends HTML
$data[$key]['actions'] .= html_print_input_hidden('sync_action', 'refresh', true); $data[$key]['actions'] .= html_print_input_hidden('sync_action', 'refresh', true);
$data[$key]['actions'] .= html_print_input_hidden('short_name', $row['short_name'], true); $data[$key]['actions'] .= html_print_input_hidden('short_name', $row['short_name'], true);
$data[$key]['actions'] .= '</form>'; $data[$key]['actions'] .= '</form>';
}
} else { } else {
$data[$key]['actions'] .= html_print_image( $data[$key]['actions'] .= html_print_image(
'images/error_red.png', 'images/error_red.png',

4
pandora_console/include/styles/pandora.css
View File

@ -14315,3 +14315,7 @@ div.fixed-bottom-box.tree-view-bottom-modal {
.bg-image-none { .bg-image-none {
background-image: none !important; background-image: none !important;
} }
.discovery-list-extensions tbody tr td {
height: 30px;
}