tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Permissions in recontask changed. Ticket #2179

This commit is contained in:
Arturo Gonzalez Diaz 2015-07-21 09:38:49 +02:00
parent 3744e0ea6f
commit 2aafc7a53e
2 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pandora_console/godmode/servers/manage_recontask.php
View File

@ -32,6 +32,9 @@ if (check_acl ($config['id_user'], 0, "AW")) {
$options[]['text'] = "<a href='index.php?sec=estado&sec2=operation/servers/recon_view'>" . html_print_image ("images/operation.png", true, array ("title" =>__('View'))) . "</a>";
}
$user_groups = users_get_groups(false, 'AW', true, false, null, 'id_grupo');
$user_groups = array_keys($user_groups);
// Headers
//ui_print_page_header (__('Manage recontask'), "images/gm_servers.png", false, "", true);
ui_print_page_header (__('Manage recontask'), "images/gm_servers.png", false, "", true, $options);
@ -259,8 +262,9 @@ if ($result !== false) {
foreach ($result as $row) {
$data = array();
$data[0] = '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&crt=update&update='.$row["id_rt"].'&upd='.$row["id_rt"].'"><b>'.$row["name"].'</b></a>';
//$data[0] = '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&crt=update&update='.$row["id_rt"].'&upd='.$row["id_rt"].'"><b>'.$row["name"].'</b></a>';
$data[0] = $row["name"];
if ($row["id_recon_script"] == 0)
$data[1] = $row["subnet"];
else
@ -311,6 +315,20 @@ if ($result !== false) {
$data[7] = "-";
}
$task_group = $row["id_group"];
if (in_array($task_group, $user_groups)){
$data[8] = '<a href="index.php?sec=estado&sec2=operation/servers/recon_view">' . html_print_image("images/eye.png", true) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&delete='.$row["id_rt"].'">' . html_print_image("images/cross.png", true, array("border" => '0')) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&update='.$row["id_rt"].'">' .html_print_image("images/config.png", true) . '</a>';
if($row["disabled"] == 0) {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=1">' .html_print_image("images/lightbulb.png", true) . '</a>';
}
else {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=0">' .html_print_image("images/lightbulb_off.png", true) . '</a>';
}
}
// ACTION
$data[8] = '<a href="index.php?sec=estado&sec2=operation/servers/recon_view">' . html_print_image("images/eye.png", true) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&delete='.$row["id_rt"].'">' . html_print_image("images/cross.png", true, array("border" => '0')) . '</a>';

11
pandora_console/godmode/servers/manage_recontask_form.php
View File

@ -27,6 +27,9 @@ if (! check_acl ($config['id_user'], 0, "AW")) {
require_once ($config['homedir'].'/include/functions_users.php');
$user_groups = users_get_groups(false, 'AW', true, false, null, 'id_grupo');
$user_groups = array_keys($user_groups);
if (is_ajax ()) {
$get_explanation = (bool) get_parameter('get_explanation', 0);
@ -103,6 +106,14 @@ if (isset ($_GET["update"]) or (isset($_GET["crt"]))) {
$parent_detection = $row["parent_detection"];
$parent_recursion = $row["parent_recursion"];
$macros = $row["macros"];
if (! in_array($id_group, $user_groups)){
db_pandora_audit("ACL Violation",
"Trying to access Recon Task Management");
require ("general/noaccess.php");
return;
}
}
}
elseif (isset ($_GET["create"]) or isset($_GET["crt"])) {