tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5284-Granular-los-permisos-de-alerta' into 'develop' 

permissions limitation for command management

See merge request artica/pandorafms!3872
This commit is contained in:
Daniel Rodriguez 2021-03-10 15:54:31 +00:00
parent 3db990ba36 af680b5d92
commit 38cc8d2ab9
2 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
pandora_console/godmode/alerts/alert_commands.php
View File

@ -28,6 +28,12 @@ if (! check_acl($config['id_user'], 0, 'LM')) {
exit; exit;
} }
if (!check_acl($config['id_user'], 0, 'PM') && !is_user_admin($config['id_user'])) {
echo "<div id='message_permissions' title='".__('Permissions warning')."' style='display:none;'>";
echo "<p style='text-align: center;font-weight: bold;'>".__('Command management is limited to administrator users or user profiles with permissions over Pandora FMS management').'</p>';
echo '</div>';
}
if (is_metaconsole()) { if (is_metaconsole()) {
$sec = 'advanced'; $sec = 'advanced';
} else { } else {
@ -558,7 +564,7 @@ foreach ($commands as $command) {
$data['name'] = '<span style="font-size: 7.5pt">'; $data['name'] = '<span style="font-size: 7.5pt">';
// (IMPORTANT, DO NOT CHANGE!) only users with permissions over "All" group have access to edition of commands belonging to "All" group. // (IMPORTANT, DO NOT CHANGE!) only users with permissions over "All" group have access to edition of commands belonging to "All" group.
if (!$command['internal'] && check_acl_restricted_all($config['id_user'], $command['id_group'], 'LM')) { if (!$command['internal'] && check_acl_restricted_all($config['id_user'], $command['id_group'], 'PM')) {
$data['name'] .= '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_command&id='.$command['id'].'&pure='.$pure.'">'.$command['name'].'</a>'; $data['name'] .= '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_command&id='.$command['id'].'&pure='.$pure.'">'.$command['name'].'</a>';
} else { } else {
$data['name'] .= $command['name']; $data['name'] .= $command['name'];
@ -584,7 +590,7 @@ foreach ($commands as $command) {
$table->cellclass[]['action'] = 'action_buttons'; $table->cellclass[]['action'] = 'action_buttons';
// (IMPORTANT, DO NOT CHANGE!) only users with permissions over "All" group have access to edition of commands belonging to "All" group. // (IMPORTANT, DO NOT CHANGE!) only users with permissions over "All" group have access to edition of commands belonging to "All" group.
if ($is_central_policies_on_node === false && !$command['internal'] && check_acl_restricted_all($config['id_user'], $command['id_group'], 'LM')) { if ($is_central_policies_on_node === false && !$command['internal'] && check_acl_restricted_all($config['id_user'], $command['id_group'], 'PM')) {
$data['action'] = '<span style="display: inline-flex">'; $data['action'] = '<span style="display: inline-flex">';
$data['action'] .= '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/alert_commands&amp;copy_command=1&id='.$command['id'].'&pure='.$pure.'" $data['action'] .= '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/alert_commands&amp;copy_command=1&id='.$command['id'].'&pure='.$pure.'"
onClick="if (!confirm(\''.__('Are you sure?').'\')) return false;">'.html_print_image('images/copy.png', true).'</a>'; onClick="if (!confirm(\''.__('Are you sure?').'\')) return false;">'.html_print_image('images/copy.png', true).'</a>';
@ -602,7 +608,7 @@ if (count($table->data) > 0) {
ui_print_info_message(['no_close' => true, 'message' => __('No alert commands configured') ]); ui_print_info_message(['no_close' => true, 'message' => __('No alert commands configured') ]);
} }
if ($is_central_policies_on_node === false) { if ($is_central_policies_on_node === false && check_acl_restricted_all($config['id_user'], $command['id_group'], 'PM')) {
echo '<div class="action-buttons" style="width: '.$table->width.'">'; echo '<div class="action-buttons" style="width: '.$table->width.'">';
echo '<form method="post" action="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_command&pure='.$pure.'">'; echo '<form method="post" action="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_command&pure='.$pure.'">';
html_print_submit_button(__('Create'), 'create', false, 'class="sub next"'); html_print_submit_button(__('Create'), 'create', false, 'class="sub next"');
@ -612,3 +618,26 @@ if ($is_central_policies_on_node === false) {
} }
enterprise_hook('close_meta_frame'); enterprise_hook('close_meta_frame');
?>
<script type="text/javascript">
$(document).ready(function () {
dialog_message("#message_permissions");
});
function dialog_message(message) {
$(message)
.css("display", "inline")
.dialog({
modal: true,
width: "400px",
buttons: {
Close: function() {
$(this).dialog("close");
}
}
});
}
</script>

4
pandora_console/godmode/alerts/configure_alert_command.php
View File

@ -21,7 +21,7 @@ check_login();
enterprise_hook('open_meta_frame'); enterprise_hook('open_meta_frame');
if (! check_acl($config['id_user'], 0, 'LM')) { if (! check_acl($config['id_user'], 0, 'PM')) {
db_pandora_audit( db_pandora_audit(
'ACL Violation', 'ACL Violation',
'Trying to access Alert Management' 'Trying to access Alert Management'
@ -51,7 +51,7 @@ if (is_metaconsole() === true) {
if ($id > 0) { if ($id > 0) {
$alert = alerts_get_alert_command($id); $alert = alerts_get_alert_command($id);
if ($alert['internal'] || !check_acl_restricted_all($config['id_user'], $alert['id_group'], 'LM')) { if ($alert['internal'] || !check_acl_restricted_all($config['id_user'], $alert['id_group'], 'PM')) {
db_pandora_audit('ACL Violation', 'Trying to access Alert Management'); db_pandora_audit('ACL Violation', 'Trying to access Alert Management');
include 'general/noaccess.php'; include 'general/noaccess.php';
exit; exit;