Add ACL for item vc

Former-commit-id: 7356f08a79378ada1df07ead930fcc01b84ba79c
2025-07-28 16:24:54 +02:00 · 2019-04-12 13:59:19 +02:00 · 2019-04-12 13:59:19 +02:00 · 3ae6423fc9
commit 3ae6423fc9
parent e6741067ff
4 changed files with 39 additions and 6 deletions
--- a/pandora_console/include/rest-api/index.php
+++ b/pandora_console/include/rest-api/index.php
@ -14,6 +14,12 @@ $visualConsoleId = (int) get_parameter('visualConsoleId');
 $getVisualConsole = (bool) get_parameter('getVisualConsole');
 $getVisualConsoleItems = (bool) get_parameter('getVisualConsoleItems');
 // Check groups can access user.
 $aclUserGroups = [];
 if (!users_can_manage_group_all('AR')) {
    $aclUserGroups = array_keys(users_get_groups(false, 'AR'));
 }
 ob_clean();
 if ($getVisualConsole === true) {
@ -36,7 +42,7 @@ if ($getVisualConsole === true) {
    echo $visualConsole;
 } else if ($getVisualConsoleItems === true) {
-    echo '['.implode(VisualConsole::getItemsFromDB($visualConsoleId), ',').']';
+    echo '['.implode(VisualConsole::getItemsFromDB($visualConsoleId, $aclUserGroups), ',').']';
 }
 exit;
--- a/pandora_console/include/rest-api/models/VisualConsole/Container.php
+++ b/pandora_console/include/rest-api/models/VisualConsole/Container.php
@ -314,18 +314,27 @@ final class Container extends Model
    /**
     * Obtain a list of items which belong to the Visual Console.
     *
-     * @param integer $layoutId Identifier of the Visual Console.
+     * @param integer $layoutId      Identifier of the Visual Console.
     * @param array   $aclUserGroups Groups can access user.
     *
     * @return array A list of items.
     * @throws \Exception When the data cannot be retrieved from the DB.
     */
-    public static function getItemsFromDB(int $layoutId): array
+    public static function getItemsFromDB(
-    {
+        int $layoutId,
        array $aclUserGroups=[]
    ): array {
        $filter = ['id_layout' => $layoutId];
        // If is empty array user view all groups.
        if (count($aclUserGroups) > 0) {
            $filter['element_group'] = $aclUserGroups;
        }
        $fields = [
            'id',
            'type',
        ];
        $rows = \db_get_all_rows_filter('tlayout_data', $filter, $fields);
        if ($rows === false) {
--- a/pandora_console/operation/visual_console/public_view.php
+++ b/pandora_console/operation/visual_console/public_view.php
@ -107,8 +107,17 @@ echo '<div style="display: none;" id="qrcode_container" title="'.__('QR code of
 echo '<div id="qrcode_container_image"></div>';
 echo '</div>';
 // Check groups can access user.
 $aclUserGroups = [];
 if (!users_can_manage_group_all('AR')) {
    $aclUserGroups = array_keys(users_get_groups(false, 'AR'));
 }
 // Load Visual Console Items.
-$visualConsoleItems = VisualConsole::getItemsFromDB($visualConsoleId);
+$visualConsoleItems = VisualConsole::getItemsFromDB(
    $visualConsoleId,
    $aclUserGroups
 );
 ui_require_javascript_file('pandora_visual_console');
 visual_map_load_client_resources();
--- a/pandora_console/operation/visual_console/view.php
+++ b/pandora_console/operation/visual_console/view.php
@ -193,8 +193,17 @@ if ($pure === true) {
    <?php
 }
 // Check groups can access user.
 $aclUserGroups = [];
 if (!users_can_manage_group_all('AR')) {
    $aclUserGroups = array_keys(users_get_groups(false, 'AR'));
 }
 // Load Visual Console Items.
-$visualConsoleItems = VisualConsole::getItemsFromDB($visualConsoleId);
+$visualConsoleItems = VisualConsole::getItemsFromDB(
    $visualConsoleId,
    $aclUserGroups
 );
 ui_require_javascript_file('pandora_visual_console');
 visual_map_load_client_resources();