tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-9527-derivado-del-trabajo-q-a-765-api-pfms-1-0-en-llamada-new_user-permite-crear-usuario-nulo' into 'develop' 

Ent 9527 derivado del trabajo q a 765 api pfms 1 0 en llamada new user permite crear usuario nulo

https://brutus.artica.es:8081/artica/pandora_enterprise/-/issues/9527

See merge request artica/pandorafms!5126
This commit is contained in:
Jimmy Olano 2022-10-14 08:05:37 +00:00
parent f871654e60 3e9e04642d
commit 3c74b0b47e
2 changed files with 72 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
pandora_console/godmode/users/user_list.php
View File

@ -265,71 +265,75 @@ $delete_user = (bool) get_parameter('user_del', false);
if ($delete_user === true) {
// Delete user.
$id_user = get_parameter('delete_user', 0);
if (users_is_admin($id_user) === true && users_is_admin() === false) {
db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION,
'Trying to delete admininstrator user by non administrator user '.$config['id_user']
);
include 'general/noaccess.php';
exit;
}
// Only allow delete user if is not the actual user.
if ($id_user != $config['id_user']) {
$user_row = users_get_user_by_id($id_user);
$result = delete_user($id_user);
if ($result) {
if ($id_user !== 0) {
if (users_is_admin($id_user) === true && users_is_admin() === false) {
db_pandora_audit(
AUDIT_LOG_USER_MANAGEMENT,
__('Deleted user %s', io_safe_output($id_user))
AUDIT_LOG_ACL_VIOLATION,
'Trying to delete admininstrator user by non administrator user '.$config['id_user']
);
include 'general/noaccess.php';
exit;
}
ui_print_result_message(
$result,
__('Successfully deleted'),
__('There was a problem deleting the user')
);
// Only allow delete user if is not the actual user.
if ($id_user != $config['id_user']) {
$user_row = users_get_user_by_id($id_user);
// Delete the user in all the consoles.
if (is_metaconsole() === true && isset($_GET['delete_all'])) {
$servers = metaconsole_get_servers();
foreach ($servers as $server) {
// Connect to the remote console.
if (metaconsole_connect($server) === NOERR) {
// Delete the user.
$result = delete_user($id_user);
$result = delete_user($id_user);
if ($result) {
db_pandora_audit(
AUDIT_LOG_USER_MANAGEMENT,
__('Deleted user %s', io_safe_output($id_user))
);
}
ui_print_result_message(
$result,
__('Successfully deleted'),
__('There was a problem deleting the user')
);
// Delete the user in all the consoles.
if (is_metaconsole() === true && isset($_GET['delete_all'])) {
$servers = metaconsole_get_servers();
foreach ($servers as $server) {
// Connect to the remote console.
if (metaconsole_connect($server) === NOERR) {
// Delete the user.
$result = delete_user($id_user);
if ($result) {
db_pandora_audit(
AUDIT_LOG_USER_MANAGEMENT,
__('Deleted user %s from metaconsole', io_safe_input($id_user))
);
}
// Restore the db connection.
metaconsole_restore_db();
}
// Log to the metaconsole too.
if ($result) {
db_pandora_audit(
AUDIT_LOG_USER_MANAGEMENT,
__('Deleted user %s from metaconsole', io_safe_input($id_user))
__('Deleted user %s from %s', io_safe_input($id_user), io_safe_input($server['server_name']))
);
}
// Restore the db connection.
metaconsole_restore_db();
}
// Log to the metaconsole too.
if ($result) {
db_pandora_audit(
AUDIT_LOG_USER_MANAGEMENT,
__('Deleted user %s from %s', io_safe_input($id_user), io_safe_input($server['server_name']))
ui_print_result_message(
$result,
__('Successfully deleted from %s', io_safe_input($server['server_name'])),
__('There was a problem deleting the user from %s', io_safe_input($server['server_name']))
);
}
ui_print_result_message(
$result,
__('Successfully deleted from %s', io_safe_input($server['server_name'])),
__('There was a problem deleting the user from %s', io_safe_input($server['server_name']))
);
}
} else {
ui_print_error_message(__('There was a problem deleting the user'));
}
} else {
ui_print_error_message(__('There was a problem deleting the user'));
ui_print_error_message(__('ID user cannot be empty'));
}
} else if (isset($_GET['profile_del'])) {
// Delete profile.
@ -586,6 +590,10 @@ $rowPair = true;
$iterator = 0;
$cont = 0;
foreach ($info as $user_id => $user_info) {
if (empty($user_id) === true) {
continue;
}
// User profiles.
if ($user_is_admin || $user_id == $config['id_user'] || isset($group_um[0])) {
$user_profiles = db_get_all_rows_field_filter(

21
pandora_console/include/functions_api.php
View File

@ -9499,14 +9499,16 @@ function api_set_new_user($id, $thrash2, $other, $thrash3)
{
global $config;
// if (defined ('METACONSOLE')) {
// return;
// }
if (!check_acl($config['id_user'], 0, 'UM')) {
returnError('forbidden', 'string');
return;
}
if (empty($id) === true) {
returnError('Id cannot be empty.');
return;
}
$idk = get_header('idk');
if (is_management_allowed($idk) === false) {
returnError('centralized');
@ -9528,6 +9530,11 @@ function api_set_new_user($id, $thrash2, $other, $thrash3)
$values['section'] = $other['data'][11];
$values['session_time'] = $other['data'][12];
if (empty($password) === true) {
returnError('Password cannot be empty.');
return;
}
if (!create_user($id, $password, $values)) {
returnError('The user could not created');
} else {
@ -11734,14 +11741,16 @@ function api_set_delete_user($id, $thrash1, $thrash2, $thrash3)
{
global $config;
// if (defined ('METACONSOLE')) {
// return;
// }
if (!check_acl($config['id_user'], 0, 'UM')) {
returnError('forbidden', 'string');
return;
}
if (empty($id) === true) {
returnError('Id cannot be empty.');
return;
}
$idk = get_header('idk');
if (is_management_allowed($idk) === false) {
returnError('centralized');