diff --git a/pandora_console/godmode/agentes/planned_downtime.editor.php b/pandora_console/godmode/agentes/planned_downtime.editor.php index dd1546e226..30fc6b77c6 100644 --- a/pandora_console/godmode/agentes/planned_downtime.editor.php +++ b/pandora_console/godmode/agentes/planned_downtime.editor.php @@ -143,16 +143,29 @@ $user_groups_ad = array_keys( users_get_groups($config['id_user'], $access) ); +// Check AD permission on downtime. +$downtime_group = db_get_value( + 'id_group', + 'tplanned_downtime', + 'id', + $id_downtime +); + +if ($id_downtime > 0) { + if (!check_acl_restricted_all($config['id_user'], $downtime_group, 'AW') + && !check_acl_restricted_all($config['id_user'], $downtime_group, 'AD') + ) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access downtime scheduler' + ); + include 'general/noaccess.php'; + return; + } +} + // INSERT A NEW DOWNTIME_AGENT ASSOCIATION. if ($insert_downtime_agent === 1) { - // Check AD permission on downtime. - $downtime_group = db_get_value( - 'id_group', - 'tplanned_downtime', - 'id', - $id_downtime - ); - if ($downtime_group === false || !in_array($downtime_group, $user_groups_ad) ) { @@ -644,11 +657,20 @@ $table->data[0][1] = html_print_input_text( true, $disabled_in_execution ); + +$return_all_group = false; + +if (users_can_manage_group_all('AW') === true + || users_can_manage_group_all('AD') === true +) { + $return_all_group = true; +} + $table->data[1][0] = __('Group'); $table->data[1][1] = '
'.html_print_select_groups( false, $access, - true, + $return_all_group, 'id_group', $id_group, '', diff --git a/pandora_console/godmode/agentes/planned_downtime.list.php b/pandora_console/godmode/agentes/planned_downtime.list.php index 7c828d6e72..f2ff00f87e 100755 --- a/pandora_console/godmode/agentes/planned_downtime.list.php +++ b/pandora_console/godmode/agentes/planned_downtime.list.php @@ -476,22 +476,42 @@ else { if (in_array($downtime['id_group'], $groupsAD)) { // Stop button if ($downtime['type_execution'] == 'once' && $downtime['executed'] == 1) { - $data['stop'] = ''.html_print_image('images/cancel.png', true, ['title' => __('Stop downtime')]); + if (check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AW') + || check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AD') + ) { + $data['stop'] = ''.html_print_image('images/cancel.png', true, ['title' => __('Stop downtime')]); + } else { + $data['stop'] = html_print_image('images/cancel.png', true, ['title' => __('Stop downtime')]); + } } else { $data['stop'] = ''; } // Edit & delete buttons. if ($downtime['executed'] == 0) { - // Edit. - $data['edit'] = ''.html_print_image('images/config.png', true, ['title' => __('Update')]).''; - // Delete. - $data['delete'] = ''.html_print_image('images/cross.png', true, ['title' => __('Delete')]); + if (check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AW') + || check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AD') + ) { + // Edit. + $data['edit'] = ''.html_print_image('images/config.png', true, ['title' => __('Update')]).''; + // Delete. + $data['delete'] = ''.html_print_image('images/cross.png', true, ['title' => __('Delete')]); + } else { + $data['edit'] = ''; + $data['delete'] = ''; + } } else if ($downtime['executed'] == 1 && $downtime['type_execution'] == 'once') { - // Edit. - $data['edit'] = ''.html_print_image('images/config.png', true, ['title' => __('Update')]).''; - // Delete. - $data['delete'] = __('N/A'); + if (check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AW') + || check_acl_restricted_all($config['id_user'], $downtime['id_group'], 'AD') + ) { + // Edit. + $data['edit'] = ''.html_print_image('images/config.png', true, ['title' => __('Update')]).''; + // Delete. + $data['delete'] = __('N/A'); + } else { + $data['edit'] = ''; + $data['delete'] = ''; + } } else { $data['edit'] = ''; $data['delete'] = ''; diff --git a/pandora_console/godmode/alerts/alert_actions.php b/pandora_console/godmode/alerts/alert_actions.php index 00bbf8f777..c6d298ff20 100644 --- a/pandora_console/godmode/alerts/alert_actions.php +++ b/pandora_console/godmode/alerts/alert_actions.php @@ -77,6 +77,15 @@ if ($copy_action) { $al_action = alerts_get_alert_action($id); + if (!check_acl_restricted_all($config['id_user'], $al_action['id_group'], 'LM')) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access Alert Management' + ); + include 'general/noaccess.php'; + exit; + } + if ($al_action !== false) { // If user tries to copy an action with group=ALL. if ($al_action['id_group'] == 0) { @@ -144,6 +153,15 @@ if ($delete_action) { $al_action = alerts_get_alert_action($id); + if (!check_acl_restricted_all($config['id_user'], $al_action['id_group'], 'LM')) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access Alert Management' + ); + include 'general/noaccess.php'; + exit; + } + if ($al_action !== false) { // If user tries to delete an action with group=ALL. if ($al_action['id_group'] == 0) { @@ -236,11 +254,18 @@ $table_filter->data[0][1] = html_print_input_text( 255, true ); + +$return_all_group = false; + +if (users_can_manage_group_all('LM') === true) { + $return_all_group = true; +} + $table_filter->data[0][2] = __('Group'); $table_filter->data[0][3] = html_print_select_groups( $config['id_user'], 'LM', - true, + $return_all_group, 'group_search', $group_search, '', @@ -370,7 +395,12 @@ foreach ($actions as $action) { $data = []; - $data[0] = ''.$action['name'].''; + if (check_acl_restricted_all($config['id_user'], $action['id_group'], 'LM')) { + $data[0] = ''.$action['name'].''; + } else { + $data[0] = $action['name']; + } + $data[1] = $action['command_name']; $data[2] = ui_print_group_icon($action['id_group'], true).' '; if (!alerts_validate_command_to_action($action['id_group'], $action['command_group'])) { @@ -384,8 +414,11 @@ foreach ($actions as $action) { ); } + $data[3] = ''; + $data[4] = ''; + if (is_central_policies_on_node() === false - && check_acl($config['id_user'], $action['id_group'], 'LM') + && check_acl_restricted_all($config['id_user'], $action['id_group'], 'LM') ) { $table->cellclass[] = [ 3 => 'action_buttons', diff --git a/pandora_console/godmode/alerts/configure_alert_action.php b/pandora_console/godmode/alerts/configure_alert_action.php index 67a2837955..9fd12e0516 100644 --- a/pandora_console/godmode/alerts/configure_alert_action.php +++ b/pandora_console/godmode/alerts/configure_alert_action.php @@ -101,6 +101,15 @@ if ($id) { $group = $action['id_group']; $action_threshold = $action['action_threshold']; + + if (!check_acl_restricted_all($config['id_user'], $action['id_group'], 'LM')) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access Alert Management' + ); + include 'general/noaccess.php'; + exit; + } } // Hidden div with help hint to fill with javascript. @@ -168,10 +177,16 @@ $table->data[1][0] = __('Group'); $own_info = get_user_info($config['id_user']); +$return_all_group = false; + +if (users_can_manage_group_all('LW') === true) { + $return_all_group = true; +} + $table->data[1][1] = '
'.html_print_select_groups( false, 'LW', - true, + $return_all_group, 'group', $group, '', diff --git a/pandora_console/godmode/events/event_edit_filter.php b/pandora_console/godmode/events/event_edit_filter.php index dfc1946b78..f600c3c95f 100644 --- a/pandora_console/godmode/events/event_edit_filter.php +++ b/pandora_console/godmode/events/event_edit_filter.php @@ -40,7 +40,15 @@ $strict_user = db_get_value( ); if ($id) { - $permission = events_check_event_filter_group($id); + $restrict_all_group = false; + + if (!users_can_manage_group_all('EW') === true + && !users_can_manage_group_all('EM') === true + ) { + $restrict_all_group = true; + } + + $permission = events_check_event_filter_group($id, $restrict_all_group); if (!$permission) { // User doesn't have permissions to see this filter include 'general/noaccess.php'; @@ -272,12 +280,18 @@ $table->data[1][1] = '
'.html_print_select_groups( $strict_user ).'
'; +$return_all_group = false; + +if (users_can_manage_group_all('AR') === true) { + $return_all_group = true; +} + $table->data[2][0] = ''.__('Group').''; $display_all_group = (users_is_admin() || users_can_manage_group_all('AR')); $table->data[2][1] = '
'.html_print_select_groups( $config['id_user'], 'AR', - $display_all_group, + $return_all_group, 'id_group', $id_group, '', diff --git a/pandora_console/godmode/events/event_filter.php b/pandora_console/godmode/events/event_filter.php index 39f9c32d86..097fd577c8 100644 --- a/pandora_console/godmode/events/event_filter.php +++ b/pandora_console/godmode/events/event_filter.php @@ -35,6 +35,19 @@ $multiple_delete = (bool) get_parameter('multiple_delete', 0); if ($delete) { $id = (int) get_parameter('id'); + $filter_group = (int) db_get_value('id_group', 'tevent_filter', 'id_filter', $id); + + if (!check_acl_restricted_all($config['id_user'], $filter_group, 'EW') + && !check_acl_restricted_all($config['id_user'], $filter_group, 'EM') + ) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access events filter editor' + ); + include 'general/noaccess.php'; + return; + } + $id_filter = db_get_value('id_filter', 'tevent_filter', 'id_filter', $id); if ($id_filter === false) { @@ -151,13 +164,27 @@ foreach ($filters as $filter) { $data = []; $data[0] = html_print_checkbox_extended('delete_multiple[]', $filter['id_filter'], false, false, '', 'class="check_delete"', true); - $data[1] = ''.$filter['id_name'].''; + + if (!check_acl_restricted_all($config['id_user'], $filter['id_group'], 'EW') + && !check_acl_restricted_all($config['id_user'], $filter['id_group'], 'EM') + ) { + $data[1] = $filter['id_name']; + } else { + $data[1] = ''.$filter['id_name'].''; + } + $data[2] = ui_print_group_icon($filter['id_group_filter'], true); $data[3] = events_get_event_types($filter['event_type']); $data[4] = events_get_status($filter['status']); $data[5] = events_get_severity_types($filter['severity']); - $table->cellclass[][6] = 'action_buttons'; - $data[6] = "".html_print_image('images/cross.png', true, ['title' => __('Delete')]).''; + $data[6] = ''; + + if (check_acl_restricted_all($config['id_user'], $filter['id_group'], 'EW') + || check_acl_restricted_all($config['id_user'], $filter['id_group'], 'EM') + ) { + $table->cellclass[][6] = 'action_buttons'; + $data[6] = "".html_print_image('images/cross.png', true, ['title' => __('Delete')]).''; + } array_push($table->data, $data); } diff --git a/pandora_console/godmode/events/event_responses.editor.php b/pandora_console/godmode/events/event_responses.editor.php index b5388c345b..1f03b630bb 100644 --- a/pandora_console/godmode/events/event_responses.editor.php +++ b/pandora_console/godmode/events/event_responses.editor.php @@ -39,6 +39,16 @@ $event_response_id = get_parameter('id_response', 0); if ($event_response_id > 0) { $event_response = db_get_row('tevent_response', 'id', $event_response_id); + + // ACL check for event response edition. + if (!check_acl_restricted_all($config['id_user'], $event_response['id_group'], 'PM')) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access Group Management' + ); + include 'general/noaccess.php'; + return; + } } else { $event_response = []; $event_response['name'] = ''; @@ -84,8 +94,14 @@ $data[1] = html_print_input_text( ); $data[1] .= html_print_input_hidden('id_response', $event_response['id'], true); +$return_all_group = false; + +if (users_can_manage_group_all('PM') === true) { + $return_all_group = true; +} + $data[2] = __('Group'); -$data[3] = html_print_select_groups(false, 'PM', true, 'id_group', $event_response['id_group'], '', '', '', true); +$data[3] = html_print_select_groups(false, 'PM', $return_all_group, 'id_group', $event_response['id_group'], '', '', '', true); $table->data[0] = $data; $data = []; diff --git a/pandora_console/godmode/events/event_responses.list.php b/pandora_console/godmode/events/event_responses.list.php index 88ea2b424b..ea3e8c1aae 100644 --- a/pandora_console/godmode/events/event_responses.list.php +++ b/pandora_console/godmode/events/event_responses.list.php @@ -55,6 +55,10 @@ $table->head[3] = __('Actions'); $table->data = []; foreach ($event_responses as $response) { + if (!check_acl_restricted_all($config['id_user'], $response['id_group'], 'PM')) { + continue; + } + $data = []; $data[0] = ''.$response['name'].''; $data[1] = $response['description']; diff --git a/pandora_console/godmode/gis_maps/configure_gis_map.php b/pandora_console/godmode/gis_maps/configure_gis_map.php index 3a09a31f73..4fb38b3d38 100644 --- a/pandora_console/godmode/gis_maps/configure_gis_map.php +++ b/pandora_console/godmode/gis_maps/configure_gis_map.php @@ -30,6 +30,14 @@ require_once 'include/functions_gis.php'; $idMap = (int) get_parameter('map_id', 0); $action = get_parameter('action', 'new_map'); +$gis_map_group = db_get_value('group_id', 'tgis_map', 'id_tgis_map', $idMap); + +if ($idMap > 0 && !check_acl_restricted_all($config['id_user'], $gis_map_group, 'MW') && !check_acl_restricted_all($config['id_user'], $gis_map_group, 'MW')) { + db_pandora_audit('ACL Violation', 'Trying to access map builder'); + include 'general/noaccess.php'; + return; +} + $sec2 = get_parameter_get('sec2'); $sec2 = safe_url_extraclean($sec2); diff --git a/pandora_console/godmode/netflow/nf_edit.php b/pandora_console/godmode/netflow/nf_edit.php index 2222c91d1a..c907761a3d 100644 --- a/pandora_console/godmode/netflow/nf_edit.php +++ b/pandora_console/godmode/netflow/nf_edit.php @@ -68,6 +68,19 @@ $multiple_delete = (bool) get_parameter('multiple_delete', 0); $id = (int) get_parameter('id'); $name = (string) get_parameter('name'); +if ($id > 0) { + $filter_group = db_get_value('id_group', 'tnetflow_filter', 'id_sg', $id); + + if (!check_acl_restricted_all($config['id_user'], $filter_group, 'AW')) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access events filter editor' + ); + include 'general/noaccess.php'; + return; + } +} + if ($delete) { $id_filter = db_get_value('id_name', 'tnetflow_filter', 'id_sg', $id); $result = db_process_sql_delete( @@ -164,12 +177,24 @@ $total_filters = $total_filters[0]['total']; foreach ($filters as $filter) { $data = []; - $data[0] = html_print_checkbox_extended('delete_multiple[]', $filter['id_sg'], false, false, '', 'class="check_delete"', true); - $data[1] = ''.$filter['id_name'].''; + $data[0] = ''; + + if (check_acl_restricted_all($config['id_user'], $filter['id_group'], 'AW')) { + $data[0] = html_print_checkbox_extended('delete_multiple[]', $filter['id_sg'], false, false, '', 'class="check_delete"', true); + $data[1] = ''.$filter['id_name'].''; + } else { + $data[1] = $filter['id_name']; + } + + $data[2] = ui_print_group_icon($filter['id_group'], true, 'groups_small', '', !defined('METACONSOLE')); - $table->cellclass[][3] = 'action_buttons'; - $data[3] = "".html_print_image('images/cross.png', true, ['title' => __('Delete')]).''; + $data[3] = ''; + + if (check_acl_restricted_all($config['id_user'], $filter['id_group'], 'AW')) { + $table->cellclass[][3] = 'action_buttons'; + $data[3] = "".html_print_image('images/cross.png', true, ['title' => __('Delete')]).''; + } array_push($table->data, $data); } diff --git a/pandora_console/godmode/reporting/graph_builder.main.php b/pandora_console/godmode/reporting/graph_builder.main.php index a1f0494b23..2bce9fcbb9 100644 --- a/pandora_console/godmode/reporting/graph_builder.main.php +++ b/pandora_console/godmode/reporting/graph_builder.main.php @@ -132,12 +132,20 @@ $output .= '>'; $own_info = get_user_info($config['id_user']); +$return_all_group = true; + +if (users_can_manage_group_all('RW') === false + && users_can_manage_group_all('RM') === false +) { + $return_all_group = false; +} + $output .= ''.__('Group').''; if (check_acl($config['id_user'], 0, 'RW')) { $output .= html_print_select_groups( $config['id_user'], 'RW', - true, + $return_all_group, 'graph_id_group', $id_group, '', @@ -149,7 +157,7 @@ if (check_acl($config['id_user'], 0, 'RW')) { $output .= html_print_select_groups( $config['id_user'], 'RM', - true, + $return_all_group, 'graph_id_group', $id_group, '', diff --git a/pandora_console/godmode/reporting/graph_builder.php b/pandora_console/godmode/reporting/graph_builder.php index 5fba0d2c96..6b229a2112 100644 --- a/pandora_console/godmode/reporting/graph_builder.php +++ b/pandora_console/godmode/reporting/graph_builder.php @@ -83,6 +83,20 @@ $change_weight = (bool) get_parameter('change_weight', false); $change_label = (bool) get_parameter('change_label', false); $id_graph = (int) get_parameter('id', 0); +if ($id_graph > 0) { + $graph_group = db_get_value('id_group', 'tgraph', 'id_graph', $id_graph); + if (!check_acl_restricted_all($config['id_user'], $graph_group, 'RW') + && !check_acl_restricted_all($config['id_user'], $graph_group, 'RM') + ) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access graph builder' + ); + include 'general/noaccess.php'; + exit; + } +} + if ($id_graph !== 0) { $sql = "SELECT * FROM tgraph WHERE (private = 0 OR (private = 1 AND id_user = '".$config['id_user']."')) diff --git a/pandora_console/godmode/reporting/graphs.php b/pandora_console/godmode/reporting/graphs.php index aa7f27a063..4f08883ef9 100644 --- a/pandora_console/godmode/reporting/graphs.php +++ b/pandora_console/godmode/reporting/graphs.php @@ -88,7 +88,11 @@ ui_print_page_header(__('Reporting').' » '.__('Custom graphs'), 'images/ch // Delete module SQL code if ($delete_graph) { - if ($report_w || $report_m) { + $graph_group = db_get_value('id_group', 'tgraph', 'id_graph', $id); + + if (check_acl_restricted_all($config['id_user'], $graph_group, 'RW') + || check_acl_restricted_all($config['id_user'], $graph_group, 'RM') + ) { $exist = db_get_value('id_graph', 'tgraph_source', 'id_graph', $id); if ($exist) { $result = db_process_sql_delete('tgraph_source', ['id_graph' => $id]); @@ -299,16 +303,17 @@ $table_aux = new stdClass(); $data[4] = ''; $table->cellclass[][4] = 'action_buttons'; - if (($report_w || $report_m)) { + if (check_acl_restricted_all($config['id_user'], $graph['id_group'], 'RM') + || check_acl_restricted_all($config['id_user'], $graph['id_group'], 'RW') + ) { $data[4] = ''.html_print_image('images/config.png', true).''; } - if ($report_m) { + $data[5] = ''; + if (check_acl_restricted_all($config['id_user'], $graph['id_group'], 'RM')) { $data[4] .= ''.html_print_image('images/cross.png', true, ['alt' => __('Delete'), 'title' => __('Delete')]).''; - } - if ($report_m) { $data[5] .= html_print_checkbox_extended('delete_multiple[]', $graph['id_graph'], false, false, '', 'class="check_delete" style="margin-left:2px;"', true); } diff --git a/pandora_console/godmode/reporting/map_builder.php b/pandora_console/godmode/reporting/map_builder.php index 4444396033..93f809c21b 100644 --- a/pandora_console/godmode/reporting/map_builder.php +++ b/pandora_console/godmode/reporting/map_builder.php @@ -123,8 +123,8 @@ if ($delete_layout || $copy_layout) { // ACL for the visual console // $vconsole_read = check_acl ($config['id_user'], $group_id, "VR"); - $vconsole_write = check_acl($config['id_user'], $group_id, 'VW'); - $vconsole_manage = check_acl($config['id_user'], $group_id, 'VM'); + $vconsole_write = check_acl_restricted_all($config['id_user'], $group_id, 'VW'); + $vconsole_manage = check_acl_restricted_all($config['id_user'], $group_id, 'VM'); if (!$vconsole_write && !$vconsole_manage) { db_pandora_audit( @@ -441,8 +441,10 @@ if (!$maps && !is_metaconsole()) { $data[1] = ui_print_group_icon($map['id_group'], true); $data[2] = db_get_sql('SELECT COUNT(*) FROM tlayout_data WHERE id_layout = '.$map['id']); - // Fix: IW was the old ACL for report editing, now is RW - if ($vconsoles_write || $vconsoles_manage) { + $vconsoles_write_action_btn = check_acl_restricted_all($config['id_user'], $map['id_group'], 'VW'); + $vconsoles_manage_action_btn = check_acl_restricted_all($config['id_user'], $map['id_group'], 'VM'); + + if ($vconsoles_write_action_btn || $vconsoles_manage_action_btn) { if (!is_metaconsole()) { $table->cellclass[] = [ 3 => 'action_buttons', diff --git a/pandora_console/godmode/reporting/reporting_builder.main.php b/pandora_console/godmode/reporting/reporting_builder.main.php index c6c9c410f9..7e4e9cc8d4 100755 --- a/pandora_console/godmode/reporting/reporting_builder.main.php +++ b/pandora_console/godmode/reporting/reporting_builder.main.php @@ -114,11 +114,17 @@ if (isset($write_groups[$idGroupReport]) === false && $idGroupReport) { $write_groups[$idGroupReport] = groups_get_name($idGroupReport); } +$return_all_group = false; + +if (users_can_manage_group_all('RW') === true) { + $return_all_group = true; +} + $table->data['group'][1] = '
'; $table->data['group'][1] .= html_print_select_groups( $config['id_user'], 'AR', - true, + $return_all_group, 'id_group', $idGroupReport, '', diff --git a/pandora_console/godmode/reporting/reporting_builder.php b/pandora_console/godmode/reporting/reporting_builder.php index 3180fb918e..c4d84153eb 100755 --- a/pandora_console/godmode/reporting/reporting_builder.php +++ b/pandora_console/godmode/reporting/reporting_builder.php @@ -158,6 +158,26 @@ $pure = get_parameter('pure', 0); $schedule_report = get_parameter('schbutton', ''); $pagination = (int) get_parameter('pagination', $config['block_size']); +if ($action == 'edit' && $idReport > 0) { + $report_group = db_get_value( + 'id_group', + 'treport', + 'id_report', + $idReport + ); + + if (! check_acl_restricted_all($config['id_user'], $report_group, 'RW') + && ! check_acl_restricted_all($config['id_user'], $report_group, 'RM') + ) { + db_pandora_audit( + 'ACL Violation', + 'Trying to access report builder' + ); + include 'general/noaccess.php'; + exit; + } +} + if ($schedule_report != '') { $id_user_task = 1; $scheduled = 'no'; @@ -909,8 +929,8 @@ switch ($action) { $data = []; - if (check_acl($config['id_user'], $report['id_group'], 'RW') - || check_acl($config['id_user'], $report['id_group'], 'RM') + if (check_acl_restricted_all($config['id_user'], $report['id_group'], 'RW') + || check_acl_restricted_all($config['id_user'], $report['id_group'], 'RM') ) { $data[0] = ''.ui_print_truncate_text($report['name'], 70).''; } else { @@ -994,7 +1014,7 @@ switch ($action) { switch ($type_access_selected) { case 'group_view': - $edit = check_acl( + $edit = check_acl_restricted_all( $config['id_user'], $report['id_group'], 'RW' @@ -1005,7 +1025,7 @@ switch ($action) { break; case 'group_edit': - $edit = check_acl( + $edit = check_acl_restricted_all( $config['id_user'], $report['id_group_edit'], 'RW' diff --git a/pandora_console/godmode/reporting/visual_console_builder.data.php b/pandora_console/godmode/reporting/visual_console_builder.data.php index 2f648541ea..c6cfbd5bc0 100644 --- a/pandora_console/godmode/reporting/visual_console_builder.data.php +++ b/pandora_console/godmode/reporting/visual_console_builder.data.php @@ -133,13 +133,18 @@ if ($action == 'new') { src="">'; } -$table->data[1][0] = __('Group:'); +$table->data[1][0] = __('Group'); +$return_all_group = false; + +if (users_can_manage_group_all('RW') === true) { + $return_all_group = true; +} $table->data[1][1] = '
'.html_print_select_groups( $config['id_user'], 'RW', - true, + $return_all_group, 'id_group', $idGroup, '', diff --git a/pandora_console/godmode/reporting/visual_console_builder.php b/pandora_console/godmode/reporting/visual_console_builder.php index 9cd6a4fd31..78a445ae0b 100755 --- a/pandora_console/godmode/reporting/visual_console_builder.php +++ b/pandora_console/godmode/reporting/visual_console_builder.php @@ -85,8 +85,8 @@ else if ($activeTab != 'data' || ($activeTab == 'data' && $action != 'new')) { // ACL for the existing visual console // $vconsole_read = check_acl ($config['id_user'], $visualConsole['id_group'], "VR"); - $vconsole_write = check_acl($config['id_user'], $visualConsole['id_group'], 'VW'); - $vconsole_manage = check_acl($config['id_user'], $visualConsole['id_group'], 'VM'); + $vconsole_write = check_acl_restricted_all($config['id_user'], $visualConsole['id_group'], 'VW'); + $vconsole_manage = check_acl_restricted_all($config['id_user'], $visualConsole['id_group'], 'VM'); } else { db_pandora_audit( 'ACL Violation', @@ -143,8 +143,8 @@ switch ($activeTab) { // ACL for the new visual console // $vconsole_read_new = check_acl ($config['id_user'], $idGroup, "VR"); - $vconsole_write_new = check_acl($config['id_user'], $idGroup, 'VW'); - $vconsole_manage_new = check_acl($config['id_user'], $idGroup, 'VM'); + $vconsole_write_new = check_acl_restricted_all($config['id_user'], $idGroup, 'VW'); + $vconsole_manage_new = check_acl_restricted_all($config['id_user'], $idGroup, 'VM'); // The user should have permissions on the new group if (!$vconsole_write_new && !$vconsole_manage_new) { diff --git a/pandora_console/include/class/CredentialStore.class.php b/pandora_console/include/class/CredentialStore.class.php index 418312f534..196e039c50 100644 --- a/pandora_console/include/class/CredentialStore.class.php +++ b/pandora_console/include/class/CredentialStore.class.php @@ -351,7 +351,21 @@ class CredentialStore extends Wizard return db_get_value_sql($sql); } - return db_get_all_rows_sql($sql); + $return = db_get_all_rows_sql($sql); + + // Filter out those items of group all that cannot be edited by user. + $return = array_filter( + $return, + function ($item) { + if ($item['id_group'] == 0 && users_can_manage_group_all('AR') === false) { + return false; + } else { + return true; + } + } + ); + + return $return; } @@ -857,6 +871,12 @@ class CredentialStore extends Wizard $values = []; } + $return_all_group = false; + + if (users_can_manage_group_all('AR') === true) { + $return_all_group = true; + } + $form = [ 'action' => '#', 'id' => 'modal_form', @@ -886,7 +906,7 @@ class CredentialStore extends Wizard 'id' => 'id_group', 'input_class' => 'flex-row', 'type' => 'select_groups', - 'returnAllGroup' => true, + 'returnAllGroup' => $return_all_group, 'selected' => $values['id_group'], 'return' => true, 'class' => 'w50p', @@ -1045,6 +1065,7 @@ class CredentialStore extends Wizard * Process datatable item before draw it. */ function process_datatables_item(item) { + id = item.identifier; idrow = ' $this->dashboardFields['name'], 'hash' => self::generatePublicHash(), 'publicLink' => $this->publicLink, + 'dashboardGroup' => $this->dashboardFields['id_group'], ] ); } else { @@ -1025,6 +1026,7 @@ class Manager 'cells' => $this->cells, 'cellModeSlides' => $this->cellModeSlides, 'cellId' => ($this->cellId === 0) ? $this->cells[0]['id'] : $this->cellId, + 'dashboardGroup' => $this->dashboardFields['id_group'], ] ); } diff --git a/pandora_console/operation/agentes/pandora_networkmap.editor.php b/pandora_console/operation/agentes/pandora_networkmap.editor.php index 147d417b76..9ace6bc1e3 100644 --- a/pandora_console/operation/agentes/pandora_networkmap.editor.php +++ b/pandora_console/operation/agentes/pandora_networkmap.editor.php @@ -80,9 +80,15 @@ if ($edit_networkmap) { } else { $id_group = $values['id_group']; + $id_group_acl_check = $id_group_map; + + if ($id_group_map === null) { + $id_group_acl_check = $values['id_group_map']; + } + // ACL for the network map. - $networkmap_write = check_acl($config['id_user'], $id_group_map, 'MW'); - $networkmap_manage = check_acl($config['id_user'], $id_group_map, 'MM'); + $networkmap_write = check_acl_restricted_all($config['id_user'], $id_group_acl_check, 'MW'); + $networkmap_manage = check_acl_restricted_all($config['id_user'], $id_group_acl_check, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -265,6 +271,12 @@ if ($not_found) { true ); + $return_all_group = false; + + if (users_can_manage_group_all('AR') === true) { + $return_all_group = true; + } + $table->data[1][0] = __('Group'); $table->data[1][1] = '
'.html_print_select_groups( // Id_user. @@ -272,7 +284,7 @@ if ($not_found) { // Privilege. 'AR', // ReturnAllGroup. - true, + $return_all_group, // Name. 'id_group_map', // Selected. diff --git a/pandora_console/operation/agentes/pandora_networkmap.php b/pandora_console/operation/agentes/pandora_networkmap.php index fc6141ec85..49538eb24f 100644 --- a/pandora_console/operation/agentes/pandora_networkmap.php +++ b/pandora_console/operation/agentes/pandora_networkmap.php @@ -57,8 +57,8 @@ if (enterprise_installed()) { // ACL for the network map. // $networkmap_read = check_acl ($config['id_user'], $id_group, "MR"); - $networkmap_write = check_acl($config['id_user'], $id_group_map, 'MW'); - $networkmap_manage = check_acl($config['id_user'], $id_group_map, 'MM'); + $networkmap_write = check_acl_restricted_all($config['id_user'], $id_group_map, 'MW'); + $networkmap_manage = check_acl_restricted_all($config['id_user'], $id_group_map, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -145,8 +145,8 @@ if (enterprise_installed()) { // ACL for the new network map - $networkmap_write_new = check_acl($config['id_user'], $id_group_map, 'MW'); - $networkmap_manage_new = check_acl($config['id_user'], $id_group_map, 'MM'); + $networkmap_write_new = check_acl_restricted_all($config['id_user'], $id_group_map, 'MW'); + $networkmap_manage_new = check_acl_restricted_all($config['id_user'], $id_group_map, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -230,8 +230,8 @@ if ($new_networkmap || $save_networkmap) { // ACL for the network map // $networkmap_read = check_acl ($config['id_user'], $id_group, "MR"); - $networkmap_write = check_acl($config['id_user'], $id_group_map, 'MW'); - $networkmap_manage = check_acl($config['id_user'], $id_group_map, 'MM'); + $networkmap_write = check_acl_restricted_all($config['id_user'], $id_group_map, 'MW'); + $networkmap_manage = check_acl_restricted_all($config['id_user'], $id_group_map, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -420,8 +420,8 @@ else if ($update_networkmap || $copy_networkmap || $delete) { return; } - $networkmap_write = check_acl($config['id_user'], $id_group_map_old, 'MW'); - $networkmap_manage = check_acl($config['id_user'], $id_group_map_old, 'MM'); + $networkmap_write = check_acl_restricted_all($config['id_user'], $id_group_map_old, 'MW'); + $networkmap_manage = check_acl_restricted_all($config['id_user'], $id_group_map_old, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -440,8 +440,8 @@ else if ($update_networkmap || $copy_networkmap || $delete) { // ACL for the new network map $id_group_map = (int) get_parameter('id_group_map', 0); - $networkmap_write_new = check_acl($config['id_user'], $id_group_map, 'MW'); - $networkmap_manage_new = check_acl($config['id_user'], $id_group_map, 'MM'); + $networkmap_write_new = check_acl_restricted_all($config['id_user'], $id_group_map, 'MW'); + $networkmap_manage_new = check_acl_restricted_all($config['id_user'], $id_group_map, 'MM'); if (!$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -727,9 +727,9 @@ switch ($tab) { foreach ($network_maps as $network_map) { // ACL for the network map - $networkmap_read = check_acl($config['id_user'], $network_map['id_group_map'], 'MR'); - $networkmap_write = check_acl($config['id_user'], $network_map['id_group_map'], 'MW'); - $networkmap_manage = check_acl($config['id_user'], $network_map['id_group_map'], 'MM'); + $networkmap_read = check_acl_restricted_all($config['id_user'], $network_map['id_group_map'], 'MR'); + $networkmap_write = check_acl_restricted_all($config['id_user'], $network_map['id_group_map'], 'MW'); + $networkmap_manage = check_acl_restricted_all($config['id_user'], $network_map['id_group_map'], 'MM'); if (!$networkmap_read && !$networkmap_write && !$networkmap_manage) { db_pandora_audit( @@ -785,6 +785,10 @@ switch ($tab) { $data['groups'] = ui_print_group_icon($network_map['id_group_map'], true); + $data['copy'] = ''; + $data['edit'] = ''; + $data['delete'] = ''; + if ($networkmap_write || $networkmap_manage) { $table->cellclass[] = [ 'copy' => 'action_buttons', diff --git a/pandora_console/operation/gis_maps/gis_map.php b/pandora_console/operation/gis_maps/gis_map.php index 6afd84907e..bbc552bc31 100644 --- a/pandora_console/operation/gis_maps/gis_map.php +++ b/pandora_console/operation/gis_maps/gis_map.php @@ -170,8 +170,17 @@ if ($maps !== false) { $data['name'] = ''.$map['map_name'].' '; $data['group'] = ui_print_group_icon($map['group_id'], true); - if ($edit_gis_maps) { - if ($display_default_column) { + if (check_acl($config['id_user'], 0, 'MW') + || check_acl($config['id_user'], 0, 'MM') + ) { + $data['default'] = ''; + $data['op'] = ''; + } + + if (check_acl_restricted_all($config['id_user'], $map['group_id'], 'MW') + || check_acl_restricted_all($config['id_user'], $map['group_id'], 'MM') + ) { + if (check_acl_restricted_all($config['id_user'], 0, 'MM')) { $checked = false; if ($map['default_map']) { $checked = true; diff --git a/pandora_console/operation/reporting/graph_viewer.php b/pandora_console/operation/reporting/graph_viewer.php index fe43cfc238..e85b263c0c 100644 --- a/pandora_console/operation/reporting/graph_viewer.php +++ b/pandora_console/operation/reporting/graph_viewer.php @@ -145,7 +145,9 @@ if ($view_graph) { $options = []; - if (check_acl($config['id_user'], 0, 'RW')) { + if (check_acl_restricted_all($config['id_user'], $graph['id_group'], 'RW') + || check_acl_restricted_all($config['id_user'], $graph['id_group'], 'RM') + ) { $options = [ 'graph_list' => [ 'active' => false, @@ -160,6 +162,13 @@ if ($view_graph) { 'text' => ''.html_print_image('images/builder.png', true, ['title' => __('Graph editor')]).'', ], ]; + } else { + $options = [ + 'graph_list' => [ + 'active' => false, + 'text' => ''.html_print_image('images/list.png', true, ['title' => __('Graph list')]).'', + ], + ]; } $options['view']['text'] = ''.html_print_image( @@ -275,7 +284,7 @@ if ($view_graph) { echo ''; echo ""; - echo "
  ".__('Equalize maximum thresholds').''.ui_print_help_tip(__('If an option is selected, all graphs will have the highest value from all modules included in the graph as a maximum threshold'), true); + echo "
  ".__('Equalize maxiddmum thresholds').''.ui_print_help_tip(__('If an option is selected, all graphs will have the highest value from all modules included in the graph as a maximum threshold'), true); html_print_checkbox('threshold', CUSTOM_GRAPH_BULLET_CHART_THRESHOLD, $check, false, false, '', false); echo '
'; diff --git a/pandora_console/operation/reporting/reporting_viewer.php b/pandora_console/operation/reporting/reporting_viewer.php index 0bd400c6af..5120d6ea75 100755 --- a/pandora_console/operation/reporting/reporting_viewer.php +++ b/pandora_console/operation/reporting/reporting_viewer.php @@ -80,7 +80,16 @@ $options['list_reports'] = [ ).'', ]; -if (check_acl($config['id_user'], 0, 'RW')) { +if ($id_report > 0) { + $report_group = db_get_value( + 'id_group', + 'treport', + 'id_report', + $id_report + ); +} + +if (check_acl_restricted_all($config['id_user'], $report_group, 'RW')) { $options['main']['text'] = ''.html_print_image( 'images/op_reporting.png', true, diff --git a/pandora_console/operation/visual_console/legacy_view.php b/pandora_console/operation/visual_console/legacy_view.php index 879024ad0f..35ce901c89 100644 --- a/pandora_console/operation/visual_console/legacy_view.php +++ b/pandora_console/operation/visual_console/legacy_view.php @@ -97,9 +97,9 @@ $bheight = $layout['height']; $pure_url = '&pure='.$config['pure']; // ACL -$vconsole_read = check_acl($config['id_user'], $id_group, 'VR'); -$vconsole_write = check_acl($config['id_user'], $id_group, 'VW'); -$vconsole_manage = check_acl($config['id_user'], $id_group, 'VM'); +$vconsole_read = check_acl_restricted_all($config['id_user'], $id_group, 'VR'); +$vconsole_write = check_acl_restricted_all($config['id_user'], $id_group, 'VW'); +$vconsole_manage = check_acl_restricted_all($config['id_user'], $id_group, 'VM'); if (! $vconsole_read && !$vconsole_write && !$vconsole_manage) { db_pandora_audit( diff --git a/pandora_console/operation/visual_console/view.php b/pandora_console/operation/visual_console/view.php index 494d7e2cbb..511c2eaa59 100644 --- a/pandora_console/operation/visual_console/view.php +++ b/pandora_console/operation/visual_console/view.php @@ -95,9 +95,9 @@ $groupId = $visualConsoleData['groupId']; $visualConsoleName = $visualConsoleData['name']; // ACL. -$aclRead = check_acl($config['id_user'], $groupId, 'VR'); -$aclWrite = check_acl($config['id_user'], $groupId, 'VW'); -$aclManage = check_acl($config['id_user'], $groupId, 'VM'); +$aclRead = check_acl_restricted_all($config['id_user'], $groupId, 'VR'); +$aclWrite = check_acl_restricted_all($config['id_user'], $groupId, 'VW'); +$aclManage = check_acl_restricted_all($config['id_user'], $groupId, 'VM'); if (!$aclRead && !$aclWrite && !$aclManage) { db_pandora_audit( diff --git a/pandora_console/views/dashboard/formDashboard.php b/pandora_console/views/dashboard/formDashboard.php index c11e0b92e4..89304bb3aa 100644 --- a/pandora_console/views/dashboard/formDashboard.php +++ b/pandora_console/views/dashboard/formDashboard.php @@ -43,6 +43,12 @@ if (empty($arrayDashboard) === true) { } } +$return_all_group = false; + +if (users_can_manage_group_all('RW') === true) { + $return_all_group = true; +} + $dataQuery = ['dashboardId' => $dashboardId]; $url = ui_get_full_url( @@ -100,11 +106,12 @@ $inputs = [ [ 'label' => __('Group'), 'arguments' => [ - 'name' => 'id_group', - 'id' => 'id_group', - 'type' => 'select_groups', - 'selected' => $arrayDashboard['id_group'], - 'return' => true, + 'name' => 'id_group', + 'id' => 'id_group', + 'type' => 'select_groups', + 'returnAllGroup' => $return_all_group, + 'selected' => $arrayDashboard['id_group'], + 'return' => true, ], ], ], diff --git a/pandora_console/views/dashboard/header.php b/pandora_console/views/dashboard/header.php index ea43f54ee7..0449e4dfb6 100644 --- a/pandora_console/views/dashboard/header.php +++ b/pandora_console/views/dashboard/header.php @@ -194,7 +194,7 @@ if ($config['public_dashboard'] === true) { 'combo_refresh_countdown' => $comboRefreshCountdown, ]; } else if ($config['pure']) { - if (check_acl($config['id_user'], 0, 'RW') === 0) { + if (check_acl_restricted_all($config['id_user'], $dashboardGroup, 'RW') === 0) { $buttons = [ 'back_to_dashboard_list' => $back_to_dashboard_list, 'normalscreen' => $normalscreen, @@ -221,7 +221,7 @@ if ($config['public_dashboard'] === true) { } } } else { - if (check_acl($config['id_user'], 0, 'RW') === 0) { + if (check_acl_restricted_all($config['id_user'], $dashboardGroup, 'RW') === 0) { $buttons = [ 'back_to_dashboard_list' => $back_to_dashboard_list, 'fullscreen' => $fullscreen, diff --git a/pandora_console/views/dashboard/list.php b/pandora_console/views/dashboard/list.php index 2fafdae999..be282e679b 100644 --- a/pandora_console/views/dashboard/list.php +++ b/pandora_console/views/dashboard/list.php @@ -155,6 +155,11 @@ if (empty($dashboards) === true) { $data['full_screen'] .= ''; if ($manageDashboards === 1) { + $data['copy'] = ''; + $data['delete'] = ''; + } + + if (check_acl_restricted_all($config['id_user'], $dashboard['id_group'], 'RM')) { $dataQueryCopy = [ 'dashboardId' => $dashboard['id'], 'copyDashboard' => 1,