From 3ae6423fc97c93897b98bf7f8da55566b1c9153d Mon Sep 17 00:00:00 2001 From: Daniel Barbero Martin Date: Fri, 12 Apr 2019 13:59:19 +0200 Subject: [PATCH] Add ACL for item vc Former-commit-id: 7356f08a79378ada1df07ead930fcc01b84ba79c --- pandora_console/include/rest-api/index.php | 8 +++++++- .../rest-api/models/VisualConsole/Container.php | 15 ++++++++++++--- .../operation/visual_console/public_view.php | 11 ++++++++++- pandora_console/operation/visual_console/view.php | 11 ++++++++++- 4 files changed, 39 insertions(+), 6 deletions(-) diff --git a/pandora_console/include/rest-api/index.php b/pandora_console/include/rest-api/index.php index ca0e096c28..bef87ac985 100644 --- a/pandora_console/include/rest-api/index.php +++ b/pandora_console/include/rest-api/index.php @@ -14,6 +14,12 @@ $visualConsoleId = (int) get_parameter('visualConsoleId'); $getVisualConsole = (bool) get_parameter('getVisualConsole'); $getVisualConsoleItems = (bool) get_parameter('getVisualConsoleItems'); +// Check groups can access user. +$aclUserGroups = []; +if (!users_can_manage_group_all('AR')) { + $aclUserGroups = array_keys(users_get_groups(false, 'AR')); +} + ob_clean(); if ($getVisualConsole === true) { @@ -36,7 +42,7 @@ if ($getVisualConsole === true) { echo $visualConsole; } else if ($getVisualConsoleItems === true) { - echo '['.implode(VisualConsole::getItemsFromDB($visualConsoleId), ',').']'; + echo '['.implode(VisualConsole::getItemsFromDB($visualConsoleId, $aclUserGroups), ',').']'; } exit; diff --git a/pandora_console/include/rest-api/models/VisualConsole/Container.php b/pandora_console/include/rest-api/models/VisualConsole/Container.php index fcbf89b47a..9845969dfd 100644 --- a/pandora_console/include/rest-api/models/VisualConsole/Container.php +++ b/pandora_console/include/rest-api/models/VisualConsole/Container.php @@ -314,18 +314,27 @@ final class Container extends Model /** * Obtain a list of items which belong to the Visual Console. * - * @param integer $layoutId Identifier of the Visual Console. + * @param integer $layoutId Identifier of the Visual Console. + * @param array $aclUserGroups Groups can access user. * * @return array A list of items. * @throws \Exception When the data cannot be retrieved from the DB. */ - public static function getItemsFromDB(int $layoutId): array - { + public static function getItemsFromDB( + int $layoutId, + array $aclUserGroups=[] + ): array { $filter = ['id_layout' => $layoutId]; + // If is empty array user view all groups. + if (count($aclUserGroups) > 0) { + $filter['element_group'] = $aclUserGroups; + } + $fields = [ 'id', 'type', ]; + $rows = \db_get_all_rows_filter('tlayout_data', $filter, $fields); if ($rows === false) { diff --git a/pandora_console/operation/visual_console/public_view.php b/pandora_console/operation/visual_console/public_view.php index 35013cb123..d94472c631 100644 --- a/pandora_console/operation/visual_console/public_view.php +++ b/pandora_console/operation/visual_console/public_view.php @@ -107,8 +107,17 @@ echo ''; echo ''; +// Check groups can access user. +$aclUserGroups = []; +if (!users_can_manage_group_all('AR')) { + $aclUserGroups = array_keys(users_get_groups(false, 'AR')); +} + // Load Visual Console Items. -$visualConsoleItems = VisualConsole::getItemsFromDB($visualConsoleId); +$visualConsoleItems = VisualConsole::getItemsFromDB( + $visualConsoleId, + $aclUserGroups +); ui_require_javascript_file('pandora_visual_console'); visual_map_load_client_resources(); diff --git a/pandora_console/operation/visual_console/view.php b/pandora_console/operation/visual_console/view.php index e51c15ec4c..79997de9fb 100644 --- a/pandora_console/operation/visual_console/view.php +++ b/pandora_console/operation/visual_console/view.php @@ -193,8 +193,17 @@ if ($pure === true) {