tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-04-08 18:55:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Permissions in recontask changed. Ticket #2179

Browse Source
This commit is contained in:
Arturo Gonzalez Diaz 2015-07-21 11:55:10 +02:00
parent 0ef4510990
commit 34a17df3b7
2 changed files with 28 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pandora_console/godmode/servers/manage_recontask.php
View File

@ -32,6 +32,9 @@ if (check_acl ($config['id_user'], 0, "AW")) {
$options[]['text'] = "<a href='index.php?sec=estado&sec2=operation/servers/recon_view'>" . html_print_image ("images/operation.png", true, array ("title" =>__('View'))) . "</a>";
}
$user_groups = users_get_groups(false, 'AW', true, false, null, 'id_grupo');
$user_groups = array_keys($user_groups);
// Headers
//ui_print_page_header (__('Manage recontask'), "images/gm_servers.png", false, "", true);
ui_print_page_header (__('Manage recontask'), "images/gm_servers.png", false, "", true, $options);
@ -261,8 +264,8 @@ if ($result !== false) {
foreach ($result as $row) {
$data = array();
$data[0] = '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&crt=update&update='.$row["id_rt"].'&upd='.$row["id_rt"].'"><b>'.$row["name"].'</b></a>';
//$data[0] = '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&crt=update&update='.$row["id_rt"].'&upd='.$row["id_rt"].'"><b>'.$row["name"].'</b></a>';
$data[0] = $row["name"];
if ($row["id_recon_script"] == 0)
$data[1] = $row["subnet"];
else
@ -314,16 +317,21 @@ if ($result !== false) {
}
// ACTION
$data[8] = '<a href="index.php?sec=estado&sec2=operation/servers/recon_view">' . html_print_image("images/eye.png", true) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&delete='.$row["id_rt"].'">' . html_print_image("images/cross.png", true, array("border" => '0')) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&update='.$row["id_rt"].'">' .html_print_image("images/config.png", true) . '</a>';
$task_group = $row["id_group"];
if (in_array($task_group, $user_groups)){
$data[8] = '<a href="index.php?sec=estado&sec2=operation/servers/recon_view">' . html_print_image("images/eye.png", true) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&delete='.$row["id_rt"].'">' . html_print_image("images/cross.png", true, array("border" => '0')) . '</a>';
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&update='.$row["id_rt"].'">' .html_print_image("images/config.png", true) . '</a>';
if($row["disabled"] == 0) {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=1">' .html_print_image("images/lightbulb.png", true) . '</a>';
}
else {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=0">' .html_print_image("images/lightbulb_off.png", true) . '</a>';
if($row["disabled"] == 0) {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=1">' .html_print_image("images/lightbulb.png", true) . '</a>';
}
else {
$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=0">' .html_print_image("images/lightbulb_off.png", true) . '</a>';
}
}
$table->data[] = $data;
}

10
pandora_console/godmode/servers/manage_recontask_form.php
View File

@ -27,6 +27,9 @@ if (! check_acl ($config['id_user'], 0, "AW")) {
require_once ($config['homedir'].'/include/functions_users.php');
$user_groups = users_get_groups(false, 'AW', true, false, null, 'id_grupo');
$user_groups = array_keys($user_groups);
if (is_ajax ()) {
$get_explanation = (bool) get_parameter('get_explanation', 0);
@ -124,6 +127,13 @@ if (isset($_GET["update"]) || (isset($_GET["crt"]))) {
$name_script = db_get_value('name',
'trecon_script', 'id_recon_script', $id_recon_script);
if (! in_array($id_group, $user_groups)){
db_pandora_audit("ACL Violation",
"Trying to access Recon Task Management");
require ("general/noaccess.php");
return;
}
}
}
elseif (isset($_GET["create"]) || isset($_GET["crt"])) {