From 6d4422d1fd6874ab83a69ab5155f9c7001a85735 Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Wed, 10 Jan 2018 18:00:34 +0100 Subject: [PATCH 1/6] Modified users_get_groups --- pandora_console/include/functions_users.php | 177 +++++++++++++++++++- 1 file changed, 175 insertions(+), 2 deletions(-) diff --git a/pandora_console/include/functions_users.php b/pandora_console/include/functions_users.php index 4a3ccd9169..3b1718a74d 100755 --- a/pandora_console/include/functions_users.php +++ b/pandora_console/include/functions_users.php @@ -138,6 +138,177 @@ function users_get_groups_for_select($id_user, $privilege = "AR", $returnAllGro return $fields; } + + + + +// XXX +// + + +function get_group_ancestors($group_id,$groups, $debug = 0) { + + if (!isset($groups[$group_id])) { + return null; + } + + $parent = $groups[$group_id]["parent"]; + + if ($groups[$group_id]["propagate"] == 0){ + return $group_id; + } + + if ($parent == 0) { + return 0; + } + + $r = get_group_ancestors($parent, $groups, $debug); + + if (is_array($r)) { + $r = array_merge(array($parent), $r); + } + else { + $r = array($parent, $r); + } + + + return $r; +} + + +function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup = true, $returnAllColumns = false, + $id_groups = null, $keys_field = 'id_grupo', $cache = true) { + static $group_cache = array(); + + if (empty ($id_user)) { + global $config; + + $id_user = null; + if (isset($config['id_user'])) { + $id_user = $config['id_user']; + } + } + + + // Check the group cache first. + if (array_key_exists($id_user, $group_cache) && $cache) { + $forest_acl = $group_cache[$id_user]; + } + else { + // Admin. + if (is_user_admin($id_user)) { + $groups = db_get_all_rows_sql ("SELECT * FROM tgrupo ORDER BY nombre"); + } + // Per-group permissions. + else { + $query = "SELECT * FROM tgrupo ORDER BY parent,id_grupo DESC"; + $raw_groups = db_get_all_rows_sql($query); + + $query = sprintf("SELECT tgrupo.*, tperfil.*, tusuario_perfil.tags FROM tgrupo, tusuario_perfil, tperfil + WHERE (tgrupo.id_grupo = tusuario_perfil.id_grupo OR tusuario_perfil.id_grupo = 0) + AND tusuario_perfil.id_perfil = tperfil.id_perfil + AND tusuario_perfil.id_usuario = '%s' ORDER BY nombre", $id_user); + $forest_acl = db_get_all_rows_sql ($query); + + + + foreach ($forest_acl as $g) { + $forest_acl[$g["id_grupo"]] = $g; + } + + $groups = array(); + foreach ($raw_groups as $g) { + $groups[$g["id_grupo"]] = $g; + } + + foreach ($groups as $group) { + $parents = get_group_ancestors($group["id_grupo"],$groups); + + if (is_array($parents)) { + foreach ($parents as $parent) { + if ( (isset($forest_acl[$parent])) && ($groups[$parent]["propagate"] == 1)) { + $forest_acl[$group["id_grupo"]] = array_merge($forest_acl[$parent], $group); + } + } + } + else { + // grants over ALL group TODO + } + } + + + // Filter based on arguments + + //html_debug_print($forest_acl); + + //html_debug_print($groups); + } + + // Update the group cache. + $group_cache[$id_user] = $forest_acl; + } + + $user_groups = array (); + if (!$forest_acl) { + return $user_groups; + } + + if ($returnAllGroup) { //All group + $groupall = array('id_grupo' => 0, 'nombre' => __('All'), + 'icon' => 'world', 'parent' => 0, 'disabled' => 0, + 'custom_id' => null, 'description' => '', 'propagate' => 0); + + // Add the All group to the beginning to be always the first + array_unshift($forest_acl, $groupall); + } + + $acl_column = get_acl_column($privilege); + foreach ($forest_acl as $group) { + + # Check the specific permission column. acl_column is undefined for admins. + if (defined($group[$acl_column]) && $group[$acl_column] != '1') { + continue; + } + + if ($returnAllColumns) { + $user_groups[$group[$keys_field]] = $group; + } + else { + $user_groups[$group[$keys_field]] = $group['nombre']; + } + } + + //html_debug_print($user_groups); + + return $user_groups; + +} + +// +// XXX + + + + + + + + + + + + + + + + + + + + + + + /** * Get all the groups a user has reading privileges. @@ -151,7 +322,7 @@ function users_get_groups_for_select($id_user, $privilege = "AR", $returnAllGro * * @return array A list of the groups the user has certain privileges. */ -function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup = true, $returnAllColumns = false, +function old_users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup = true, $returnAllColumns = false, $id_groups = null, $keys_field = 'id_grupo', $cache = true) { static $group_cache = array(); @@ -171,7 +342,7 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup // Admin. if (is_user_admin($id_user)) { $groups = db_get_all_rows_sql ("SELECT * FROM tgrupo ORDER BY nombre"); - } + } // Per-group permissions. else { $query = sprintf("SELECT tgrupo.*, tperfil.*, tusuario_perfil.tags FROM tgrupo, tusuario_perfil, tperfil @@ -256,6 +427,8 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup } } + //html_debug_print($user_groups); + return $user_groups; } From 12faad02174089dbb2fe315eb2812ab5ef2afe53 Mon Sep 17 00:00:00 2001 From: daniel Date: Thu, 11 Jan 2018 11:53:09 +0100 Subject: [PATCH 2/6] modificate users_get_group for acl groups parents and children --- pandora_console/include/functions_users.php | 135 ++++++++++++-------- 1 file changed, 79 insertions(+), 56 deletions(-) diff --git a/pandora_console/include/functions_users.php b/pandora_console/include/functions_users.php index 3b1718a74d..9f47135084 100755 --- a/pandora_console/include/functions_users.php +++ b/pandora_console/include/functions_users.php @@ -139,13 +139,6 @@ function users_get_groups_for_select($id_user, $privilege = "AR", $returnAllGro return $fields; } - - - -// XXX -// - - function get_group_ancestors($group_id,$groups, $debug = 0) { if (!isset($groups[$group_id])) { @@ -171,13 +164,73 @@ function get_group_ancestors($group_id,$groups, $debug = 0) { $r = array($parent, $r); } - return $r; } +function groups_combine_acl($acl_group_a, $acl_group_b){ + if(!is_array($acl_group_a)){ + if(is_array($acl_group_b)){ + return $acl_group_b; + } + else{ + return null; + } + } + else{ + if(!is_array($acl_group_b)){ + return $acl_group_a; + } + } + $acl_list = array ( + "incident_view" => 1, + "incident_edit" => 1, + "incident_management" => 1, + "agent_view" => 1, + "agent_edit" => 1, + "agent_disable" => 1, + "alert_edit" => 1, + "alert_management" => 1, + "pandora_management" => 1, + "db_management" => 1, + "user_management" => 1, + "report_view" => 1, + "report_edit" => 1, + "report_management" => 1, + "event_view" => 1, + "event_edit" => 1, + "event_management" => 1, + "map_view" => 1, + "map_edit" => 1, + "map_management" => 1, + "vconsole_view" => 1, + "vconsole_edit" => 1, + "vconsole_management" => 1, + ); + + foreach ($acl_list as $acl => $aux) { + // propagate ACL + $acl_group_b[$acl] = $acl_group_a[$acl] || $acl_group_b[$acl]; + } + + return $acl_group_b; + +} + +/** + * Get all the groups a user has reading privileges. + * + * @param string User id + * @param string The privilege to evaluate, and it is false then no check ACL. + * @param boolean $returnAllGroup Flag the return group, by default true. + * @param boolean $returnAllColumns Flag to return all columns of groups. + * @param array $id_groups The list of group to scan to bottom child. By default null. + * @param string $keys_field The field of the group used in the array keys. By default ID + * + * @return array A list of the groups the user has certain privileges. + */ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup = true, $returnAllColumns = false, - $id_groups = null, $keys_field = 'id_grupo', $cache = true) { + $id_groups = null, $keys_field = 'id_grupo', $cache = true) { static $group_cache = array(); if (empty ($id_user)) { @@ -189,7 +242,6 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup } } - // Check the group cache first. if (array_key_exists($id_user, $group_cache) && $cache) { $forest_acl = $group_cache[$id_user]; @@ -197,7 +249,7 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup else { // Admin. if (is_user_admin($id_user)) { - $groups = db_get_all_rows_sql ("SELECT * FROM tgrupo ORDER BY nombre"); + $forest_acl = db_get_all_rows_sql ("SELECT * FROM tgrupo ORDER BY nombre"); } // Per-group permissions. else { @@ -210,8 +262,6 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup AND tusuario_perfil.id_usuario = '%s' ORDER BY nombre", $id_user); $forest_acl = db_get_all_rows_sql ($query); - - foreach ($forest_acl as $g) { $forest_acl[$g["id_grupo"]] = $g; } @@ -223,25 +273,29 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup foreach ($groups as $group) { $parents = get_group_ancestors($group["id_grupo"],$groups); - + if (is_array($parents)) { foreach ($parents as $parent) { if ( (isset($forest_acl[$parent])) && ($groups[$parent]["propagate"] == 1)) { - $forest_acl[$group["id_grupo"]] = array_merge($forest_acl[$parent], $group); + if (isset($forest_acl[$group["id_grupo"]])) { + // update ACL propagation + $tmp = groups_combine_acl($forest_acl[$parent], $forest_acl[$group["id_grupo"]]); + } + else { + // add group to user ACL forest + $tmp = groups_combine_acl($forest_acl[$parent], $group); + } + if ($tmp !== null) { + // add only if valid + $forest_acl[$group["id_grupo"]] = $tmp; + } } } } else { - // grants over ALL group TODO + // no parents, direct assignment already done } - } - - - // Filter based on arguments - - //html_debug_print($forest_acl); - - //html_debug_print($groups); + } } // Update the group cache. @@ -278,37 +332,8 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup } } - //html_debug_print($user_groups); - return $user_groups; - } - -// -// XXX - - - - - - - - - - - - - - - - - - - - - - - /** * Get all the groups a user has reading privileges. @@ -426,9 +451,7 @@ function old_users_get_groups ($id_user = false, $privilege = "AR", $returnAllGr $user_groups[$group[$keys_field]] = $group['nombre']; } } - - //html_debug_print($user_groups); - + return $user_groups; } From 57990d80a8b022d4797699b47e9bcc5b34cc556c Mon Sep 17 00:00:00 2001 From: daniel Date: Thu, 11 Jan 2018 13:05:31 +0100 Subject: [PATCH 3/6] fixed warnings php --- pandora_console/include/functions_config.php | 2 +- pandora_console/include/functions_modules.php | 16 +++++++++++++--- .../include/functions_reporting_html.php | 10 ++++++---- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index a057dd1b62..b2fc9d65d3 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -1630,7 +1630,7 @@ function config_process_config () { if ($is_user_updating == 'operation/users/user_edit') { $id = get_parameter_get ("id", $config["id_user"]); // ID given as parameter $user_info = get_user_info ($id); - + //If current user is editing himself or if the user has UM (User Management) rights on any groups the user is part of AND the authorization scheme allows for users/admins to update info if (($config["id_user"] == $id || check_acl ($config["id_user"], users_get_groups ($id), "UM")) && $config["user_can_update_info"]) { $view_mode = false; diff --git a/pandora_console/include/functions_modules.php b/pandora_console/include/functions_modules.php index 15058a3a4b..0822169265 100755 --- a/pandora_console/include/functions_modules.php +++ b/pandora_console/include/functions_modules.php @@ -2552,7 +2552,9 @@ function modules_get_modules_name ($sql_from , $sql_conditions = '', $meta = fal foreach ($rows_temp as $module_group_key => $modules_group_val) $rows_temp_processed[$modules_group_val['name']] = $modules_group_val['name']; - $rows_select = array_unique(array_merge($rows_select, $rows_temp_processed)); + if(is_array($rows_select) && is_array($rows_temp_processed)){ + $rows_select = array_unique(array_merge($rows_select, $rows_temp_processed)); + } } $groups_temp = users_get_groups_for_select(false, "AR", true, true, false); @@ -2565,7 +2567,9 @@ function modules_get_modules_name ($sql_from , $sql_conditions = '', $meta = fal } if (!empty($groups_temp_processed)) { - $groups_select = array_unique(array_merge($groups_select, $groups_temp_processed)); + if(is_array($rows_select) && is_array($rows_temp_processed)){ + $groups_select = array_unique(array_merge($groups_select, $groups_temp_processed)); + } } if (!empty($modules_temp)) @@ -2574,7 +2578,13 @@ function modules_get_modules_name ($sql_from , $sql_conditions = '', $meta = fal metaconsole_restore_db(); } unset($groups_select[__('All')]); - $key_group_all = array_search(__('All'), $groups_select); + if(is_array($groups_select)){ + $key_group_all = array_search(__('All'), $groups_select); + } + else{ + $key_group_all = false; + } + if ($key_group_all !== false) unset($groups_select[$key_group_all]); return $modules; diff --git a/pandora_console/include/functions_reporting_html.php b/pandora_console/include/functions_reporting_html.php index 88c7220001..619f986d63 100644 --- a/pandora_console/include/functions_reporting_html.php +++ b/pandora_console/include/functions_reporting_html.php @@ -3625,7 +3625,7 @@ function reporting_get_total_servers ($num_servers) { function reporting_get_events ($data, $links = false) { global $config; - + $table_events = new stdClass(); $table_events->width = "100%"; if (defined('METACONSOLE')) $style = " vertical-align:middle;"; @@ -3697,7 +3697,7 @@ function reporting_get_last_activity() { global $config; // Show last activity from this user - + $table = new stdClass(); $table->width = '100%'; $table->data = array (); $table->size = array (); @@ -4010,8 +4010,10 @@ function reporting_get_event_histogram_meta ($width) { $events = db_get_all_rows_sql($sql); $events_criticity = array(); - foreach ($events as $key => $value) { - array_push($events_criticity,$value['criticity']); + if(is_array($events)){ + foreach ($events as $key => $value) { + array_push($events_criticity,$value['criticity']); + } } if (!empty($events)) { From 638d7ced30dcd0b82b4edcd8f8c10231487b6cb7 Mon Sep 17 00:00:00 2001 From: daniel Date: Thu, 11 Jan 2018 15:25:55 +0100 Subject: [PATCH 4/6] performance improvements in visual console list is called indiscriminately to the function get_acl --- .../godmode/reporting/map_builder.php | 50 +++++++++---------- .../include/functions_visual_map.php | 39 +++++++++------ 2 files changed, 50 insertions(+), 39 deletions(-) diff --git a/pandora_console/godmode/reporting/map_builder.php b/pandora_console/godmode/reporting/map_builder.php index 24d45a4841..19253fd8c1 100644 --- a/pandora_console/godmode/reporting/map_builder.php +++ b/pandora_console/godmode/reporting/map_builder.php @@ -258,15 +258,11 @@ $table->head = array (); $table->head[0] = __('Map name'); $table->head[1] = __('Group'); $table->head[2] = __('Items'); +$table->head[3] = __('Copy'); +$table->head[4] = __('Delete'); +$table->size[3] = "6%"; +$table->size[4] = "6%"; -// Fix: IW was the old ACL for report editing, now is RW -//Only for RW flag -if ($vconsoles_write || $vconsoles_manage) { - $table->head[3] = __('Copy'); - $table->head[4] = __('Delete'); - $table->size[3] = "6%"; - $table->size[4] = "6%"; -} $table->align = array (); $table->align[0] = 'left'; @@ -299,25 +295,22 @@ if ($own_info['is_admin'] || $vconsoles_read) { $maps = visual_map_get_user_layouts (0,false,$filters,false); unset($filters['offset']); unset($filters['limit']); - $total_maps = count(visual_map_get_user_layouts(0,false,$filters,false)); + $total_maps = count($maps); }else{ - $maps = visual_map_get_user_layouts (0,false,$filters); + $maps = visual_map_get_user_layouts (0,false,$filters, false); unset($filters['offset']); unset($filters['limit']); - $total_maps = count(visual_map_get_user_layouts(0,false,$filters)); + $total_maps = count($maps); } } else { - $maps = visual_map_get_user_layouts ($config['id_user'], false, - $filters, false); + $maps = visual_map_get_user_layouts ($config['id_user'], false, $filters, false); unset($filters['offset']); unset($filters['limit']); - $total_maps = count(visual_map_get_user_layouts ($config['id_user'], false, - $filters, false)); + $total_maps = count($maps); } if (!$maps && !is_metaconsole()) { - $total = count(visual_map_get_user_layouts ($config['id_user'], false, - false, false)); + $total = count(visual_map_get_user_layouts ($config['id_user'], false, false, false)); if(!$total){ require_once ($config['homedir'] . "/general/firts_task/map_builder.php"); } else { @@ -328,8 +321,7 @@ if (!$maps && !is_metaconsole()) { } } elseif (!$maps && is_metaconsole()) { - $total = count(visual_map_get_user_layouts ($config['id_user'], false, - false, false)); + $total = count(visual_map_get_user_layouts ($config['id_user'], false, false, false)); if(!$total){ ui_print_info_message( array( @@ -345,14 +337,18 @@ elseif (!$maps && is_metaconsole()) { } else { ui_pagination ($total_maps, $url, $offset, $pagination); - foreach ($maps as $map) { // ACL for the visual console permission - $vconsole_write = check_acl ($config['id_user'], - $map['id_group'], "VW"); - $vconsole_manage = check_acl ($config['id_user'], - $map['id_group'], "VM"); + $vconsole_write = false; + $vconsole_manage = false; + if(isset($map['vw'])){ + $vconsole_write = true; + } + if(isset($map['vm'])){ + $vconsole_manage = true; + } + $data = array (); if (!is_metaconsole()) { @@ -369,7 +365,6 @@ else { // Fix: IW was the old ACL for report editing, now is RW if ($vconsole_write || $vconsole_manage) { - if (!is_metaconsole()) { $data[3] = ''.html_print_image ("images/copy.png", true).''; $data[4] = ''.html_print_image ("images/cross.png", true).''; @@ -379,6 +374,11 @@ else { $data[4] = ''.html_print_image ("images/cross.png", true).''; } } + else{ + $data[3] = ''; + $data[4] = ''; + } + array_push ($table->data, $data); } html_print_table ($table); diff --git a/pandora_console/include/functions_visual_map.php b/pandora_console/include/functions_visual_map.php index a338afa576..f66ea3acf6 100755 --- a/pandora_console/include/functions_visual_map.php +++ b/pandora_console/include/functions_visual_map.php @@ -3364,7 +3364,8 @@ function visual_map_print_visual_map ($id_layout, $show_links = true, * * @return array A list of layouts the user can see. */ -function visual_map_get_user_layouts ($id_user = 0, $only_names = false, $filter = false, $returnAllGroup = true, $favourite = false) { +function visual_map_get_user_layouts ($id_user = 0, $only_names = false, $filter = false, + $returnAllGroup = true, $favourite = false) { if (! is_array ($filter)){ $filter = array (); } else { @@ -3386,20 +3387,19 @@ function visual_map_get_user_layouts ($id_user = 0, $only_names = false, $filter $where .= "is_favourite = 1"; } - if ($returnAllGroup) { - $groups = users_get_groups ($id_user, 'VR'); + $groups = users_get_groups ($id_user, 'VR', true, true); } else { if(!empty($filter['group'])) { - $permissions_group = users_get_groups ($id_user, 'VR', false); + $permissions_group = users_get_groups ($id_user, 'VR', false, true); if(empty($permissions_group)){ - $permissions_group = users_get_groups ($id_user, 'VM', false); + $permissions_group = users_get_groups ($id_user, 'VM', false, true); } $groups = array_intersect_key($filter['group'], $permissions_group); } else { - $groups = users_get_groups ($id_user, 'VR', false); + $groups = users_get_groups ($id_user, 'VR', false, true); if(empty($groups)) { - $groups = users_get_groups ($id_user, 'VM', false); + $groups = users_get_groups ($id_user, 'VM', false, true); } } unset($filter['group']); @@ -3420,9 +3420,9 @@ function visual_map_get_user_layouts ($id_user = 0, $only_names = false, $filter if ($where == '') { $where = array(); } - + $layouts = db_get_all_rows_filter ('tlayout', $where); - + if ($layouts == false) return array (); @@ -3432,6 +3432,17 @@ function visual_map_get_user_layouts ($id_user = 0, $only_names = false, $filter $retval[$layout['id']] = $layout['name']; else $retval[$layout['id']] = $layout; + + //add_perms + if ($groups[$layout['id_group']]['vconsole_view']){ + $retval[$layout['id']]['vr'] = $groups[$layout['id_group']]['vconsole_view']; + } + if ($groups[$layout['id_group']]['vconsole_edit']){ + $retval[$layout['id']]['vw'] = $groups[$layout['id_group']]['vconsole_edit']; + } + if ($groups[$layout['id_group']]['vconsole_management']){ + $retval[$layout['id']]['vm'] = $groups[$layout['id_group']]['vconsole_management']; + } } return $retval; @@ -3486,8 +3497,8 @@ function visual_map_get_layout_status ($id_layout = 0, $depth = 0, $elements_in_ if ($data['type'] == 0) { $stcount++; if ($data["id_layout_linked"] == 0 && $data["id_agente_modulo"] == 0 && $data["id_agent"] == 0) { - $stcount_u++; - } + $stcount_u++; + } } } if ($stcount == 0 || $stcount_u == $stcount) { @@ -3568,9 +3579,9 @@ function visual_map_get_layout_status ($id_layout = 0, $depth = 0, $elements_in_ } else { $status = VISUAL_MAP_STATUS_NORMAL; - if (count($elements_in_child) == 0) { - $status = VISUAL_MAP_STATUS_UNKNOWN; - } + if (count($elements_in_child) == 0) { + $status = VISUAL_MAP_STATUS_UNKNOWN; + } } } } From 5d61ff50569f3acb7837cc2cd5f7cce14a4ab000 Mon Sep 17 00:00:00 2001 From: daniel Date: Fri, 12 Jan 2018 14:17:48 +0100 Subject: [PATCH 5/6] fixed error in ACL --- pandora_console/include/class/Tree.class.php | 2 +- pandora_console/include/functions_config.php | 17 +- pandora_console/include/functions_groups.php | 4 +- .../include/functions_groupview.php | 83 +++--- .../include/functions_networkmap.php | 10 +- .../include/functions_reporting.php | 2 +- .../include/functions_tactical.php | 2 +- pandora_console/include/functions_tags.php | 253 +++++++----------- pandora_console/include/functions_users.php | 21 +- .../operation/agentes/estado_agente.php | 2 +- .../operation/agentes/tactical.php | 2 +- .../operation/events/events_list.php | 2 +- 12 files changed, 179 insertions(+), 221 deletions(-) diff --git a/pandora_console/include/class/Tree.class.php b/pandora_console/include/class/Tree.class.php index 3b15eb9b63..507d1d2b1c 100644 --- a/pandora_console/include/class/Tree.class.php +++ b/pandora_console/include/class/Tree.class.php @@ -53,7 +53,7 @@ class Tree { $this->strictACL = (bool) db_get_value("strict_acl", "tusuario", "id_user", $config['id_user']); - $this->acltags = tags_get_user_module_and_tags($config['id_user'], $this->access); + $this->acltags = tags_get_user_groups_and_tags($config['id_user'], $this->access); } public function setFilter($filter) { diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index b2fc9d65d3..71dd08e199 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -1645,10 +1645,19 @@ function config_process_config () { } } - if (isset($config['id_user'])) - $relative_path = enterprise_hook('skins_set_image_skin_path',array($config['id_user'])); - else - $relative_path = enterprise_hook('skins_set_image_skin_path',array(get_parameter('nick'))); + if(!is_metaconsole()) { + // Skins are available only in console mode + + if (isset($config['id_user'])){ + $relative_path = enterprise_hook('skins_set_image_skin_path',array($config['id_user'])); + } + else{ + $relative_path = enterprise_hook('skins_set_image_skin_path',array(get_parameter('nick'))); + } + } + else { + $relative_path = ''; + } $config['relative_path'] = $relative_path; } } diff --git a/pandora_console/include/functions_groups.php b/pandora_console/include/functions_groups.php index 33b78067c4..42b39f2f28 100644 --- a/pandora_console/include/functions_groups.php +++ b/pandora_console/include/functions_groups.php @@ -573,7 +573,7 @@ function groups_get_status ($id_group = 0, $strict_user = false) { require_once ($config['homedir'].'/include/functions_reporting.php'); if ($strict_user) { - $acltags = tags_get_user_module_and_tags ($config['id_user'], 'AR', $strict_user); + $acltags = tags_get_user_groups_and_tags ($config['id_user'], 'AR', $strict_user); $group_status = group_get_data ($config['id_user'], $strict_user, $acltags, false, 'group'); $data['monitor_alerts_fired'] = $groups_status['_monitors_alerts_fired_']; $data['agent_critical'] = $groups_status['_agents_critical_']; @@ -3010,7 +3010,7 @@ function group_get_groups_list($id_user = false, $user_strict = false, $access = $id_user = $config['id_user']; } - $acltags = tags_get_user_module_and_tags ($id_user, $access, $user_strict); + $acltags = tags_get_user_groups_and_tags ($id_user, $access, $user_strict); // If using metaconsole, the strict users will use the agent table of every node if (is_metaconsole() && $user_strict) { diff --git a/pandora_console/include/functions_groupview.php b/pandora_console/include/functions_groupview.php index 5443f0b6d1..012bb64b4f 100644 --- a/pandora_console/include/functions_groupview.php +++ b/pandora_console/include/functions_groupview.php @@ -24,14 +24,13 @@ function groupview_get_all_data ($id_user = false, $user_strict = false, $acltag } $user_groups = array(); - $groups_without_tags = array(); - foreach ($acltags as $group => $tags) { - if ($user_strict) { //Remove groups with tags - $groups_without_tags[$group] = $group; - } - $user_groups[$group] = groups_get_name($group); - if ($tags != '') { - $tags_group = explode(',', $tags); + $user_tags = array(); + + foreach ($acltags as $item) { + $user_groups[$item["id_grupo"]] = $item["nombre"]; + + if ($item["tags"] != '') { + $tags_group = explode(',', $item["tags"]); foreach ($tags_group as $tag) { $user_tags[$tag] = tags_get_name($tag); @@ -39,12 +38,7 @@ function groupview_get_all_data ($id_user = false, $user_strict = false, $acltag } } - if ($user_strict) { - $user_groups_ids = implode(',', array_keys($groups_without_tags)); - } - else { - $user_groups_ids = implode(',', array_keys($acltags)); - } + $user_groups_ids = implode(',', array_keys($acltags)); if (!empty($user_groups_ids)) { if (is_metaconsole() && (!$user_strict)) { @@ -380,7 +374,8 @@ function groupview_status_modules_agents($id_user = false, $user_strict = false, $id_user = $config['id_user']; } - $acltags = tags_get_user_module_and_tags ($id_user, $access, $user_strict); + //$acltags = tags_get_user_groups_and_tags ($id_user, $access, $user_strict); + $acltags = users_get_groups ($id_user, $access, true, true); // If using metaconsole, the strict users will use the agent table of every node if (is_metaconsole() && $user_strict) { @@ -526,7 +521,11 @@ function groupview_get_groups_list($id_user = false, $user_strict = false, $acce $id_user = $config['id_user']; } - $acltags = tags_get_user_module_and_tags ($id_user, $access, $user_strict); + //$acltags = tags_get_user_groups_and_tags ($id_user, $access, $user_strict); + // + + + $acltags = users_get_groups($id_user, $access, true, true); // If using metaconsole, the strict users will use the agent table of every node if (is_metaconsole() && $user_strict) { @@ -575,19 +574,15 @@ function groupview_get_data ($id_user = false, $user_strict = false, $acltags, $ if ($id_user == false) { $id_user = $config['id_user']; } - $groups_with_privileges = users_get_groups($id_user, $access); - $groups_with_privileges = implode('","', $groups_with_privileges); - + $user_groups = array(); - $user_tags = array(); - $groups_without_tags = array(); - foreach ($acltags as $group => $tags) { - if ($user_strict) { //Remove groups with tags - $groups_without_tags[$group] = $group; - } - $user_groups[$group] = groups_get_name($group); - if ($tags != '') { - $tags_group = explode(',', $tags); + $user_tags = array(); + + foreach ($acltags as $item) { + $user_groups[$item["id_grupo"]] = $item["nombre"]; + + if ($item["tags"] != '') { + $tags_group = explode(',', $item["tags"]); foreach ($tags_group as $tag) { $user_tags[$tag] = tags_get_name($tag); @@ -595,15 +590,12 @@ function groupview_get_data ($id_user = false, $user_strict = false, $acltags, $ } } + $groups_with_privileges = implode(',', array_keys($acltags)); + if (!$user_strict) $acltags[0] = 0; - if ($user_strict) { - $user_groups_ids = implode(',', array_keys($groups_without_tags)); - } - else { - $user_groups_ids = implode(',', array_keys($acltags)); - } + $user_groups_ids = implode(',', array_keys($acltags)); if (!empty($user_groups_ids)) { if (is_metaconsole() && (!$user_strict)) { @@ -700,7 +692,7 @@ function groupview_get_data ($id_user = false, $user_strict = false, $acltags, $ SELECT * FROM tgrupo WHERE id_grupo IN (" . $fathers_id . ") - AND nombre IN (\"". $groups_with_privileges ."\") + AND id_grupo IN (" . $groups_with_privileges . ") ORDER BY nombre COLLATE utf8_general_ci ASC"); if (!empty($list_father_groups)) { //Merges the arrays and eliminates the duplicates groups @@ -763,17 +755,20 @@ function groupview_get_data ($id_user = false, $user_strict = false, $acltags, $ COUNT(*) AS _total_agents_, id_grupo, intervalo, ultimo_contacto, disabled FROM tmetaconsole_agent WHERE id_grupo = " . $group['id_grupo'] . " AND disabled = 0 GROUP BY id_grupo"); - $list[$group['id_grupo']]['_monitors_critical_'] = (int)$group_agents['_monitors_critical_']; - $list[$group['id_grupo']]['_monitors_warning_'] = (int)$group_agents['_monitors_warning_']; - $list[$group['id_grupo']]['_monitors_unknown_'] = (int)$group_agents['_monitors_unknown_']; - $list[$group['id_grupo']]['_monitors_not_init_'] = (int)$group_agents['_monitors_not_init_']; - $list[$group['id_grupo']]['_monitors_ok_'] = (int)$group_agents['_monitors_ok_']; + + $list[$group['id_grupo']]['_monitors_critical_'] = (int)$group_agents['_monitors_critical_']; + $list[$group['id_grupo']]['_monitors_warning_'] = (int)$group_agents['_monitors_warning_']; + $list[$group['id_grupo']]['_monitors_unknown_'] = (int)$group_agents['_monitors_unknown_']; + $list[$group['id_grupo']]['_monitors_not_init_'] = (int)$group_agents['_monitors_not_init_']; + $list[$group['id_grupo']]['_monitors_ok_'] = (int)$group_agents['_monitors_ok_']; $list[$group['id_grupo']]['_monitors_alerts_fired_'] = (int)$group_agents['_monitors_alerts_fired_']; - - $list[$group['id_grupo']]['_total_agents_'] = (int)$group_agents['_total_agents_']; - - $list[$group['id_grupo']]["_monitor_checks_"] = $list[$group['id_grupo']]["_monitors_not_init_"] + $list[$group['id_grupo']]["_monitors_unknown_"] + $list[$group['id_grupo']]["_monitors_warning_"] + $list[$group['id_grupo']]["_monitors_critical_"] + $list[$group['id_grupo']]["_monitors_ok_"]; + $list[$group['id_grupo']]['_total_agents_'] = (int)$group_agents['_total_agents_']; + $list[$group['id_grupo']]["_monitor_checks_"] = $list[$group['id_grupo']]["_monitors_not_init_"] + + $list[$group['id_grupo']]["_monitors_unknown_"] + + $list[$group['id_grupo']]["_monitors_warning_"] + + $list[$group['id_grupo']]["_monitors_critical_"] + + $list[$group['id_grupo']]["_monitors_ok_"]; if ($group['icon']) $list[$group['id_grupo']]["_iconImg_"] = html_print_image ("images/".$group['icon'].".png", true, array ("style" => 'vertical-align: middle;')); diff --git a/pandora_console/include/functions_networkmap.php b/pandora_console/include/functions_networkmap.php index b88fb07510..8c9860caae 100644 --- a/pandora_console/include/functions_networkmap.php +++ b/pandora_console/include/functions_networkmap.php @@ -317,7 +317,7 @@ function networkmap_generate_dot ($pandora_name, $group = 0, $fields = array ('tagente.id_grupo, tagente.nombre, tagente.id_os, tagente.id_parent, tagente.id_agente, tagente.normal_count, tagente.warning_count, tagente.critical_count, tagente.unknown_count, tagente.total_count, tagente.notinit_count'); - $acltags = tags_get_user_module_and_tags ($config['id_user'],'AR', $strict_user); + $acltags = tags_get_user_groups_and_tags ($config['id_user'],'AR', $strict_user); $agents = tags_get_all_user_agents (false, $config['id_user'], $acltags, $filter, $fields, false, $strict_user, true); } else { @@ -343,7 +343,7 @@ function networkmap_generate_dot ($pandora_name, $group = 0, $fields = array ('tagente.id_grupo, tagente.nombre, tagente.id_os, tagente.id_parent, tagente.id_agente, tagente.normal_count, tagente.warning_count, tagente.critical_count, tagente.unknown_count, tagente.total_count, tagente.notinit_count'); - $acltags = tags_get_user_module_and_tags ($config['id_user'],'AR', $strict_user); + $acltags = tags_get_user_groups_and_tags ($config['id_user'],'AR', $strict_user); $agents = tags_get_all_user_agents (false, $config['id_user'], $acltags, $filter, $fields, false, $strict_user, true); } else { @@ -625,7 +625,7 @@ function networkmap_generate_dot_groups ($pandora_name, $group = 0, global $config; if ($strict_user) { - $acltags = tags_get_user_module_and_tags ($config['id_user'],'AR', $strict_user); + $acltags = tags_get_user_groups_and_tags ($config['id_user'],'AR', $strict_user); } $parents = array(); $orphans = array(); @@ -1003,7 +1003,7 @@ function networkmap_create_agent_node ($agent, $simple = 0, $font_size = 10, $cu if ($strict_user) { require_once($config['homedir']."/include/functions_tags.php"); - $acltags = tags_get_user_module_and_tags ($config["id_user"], 'AR', $strict_user); + $acltags = tags_get_user_groups_and_tags ($config["id_user"], 'AR', $strict_user); $agent_filter = array("id" => $agent["id_agente"]); $strict_data['normal_count'] = (int) groups_get_normal_monitors ($agent['id_grupo'], $agent_filter, array(), $strict_user, $acltags); @@ -1798,7 +1798,7 @@ function networkmap_get_new_nodes_from_ip_mask($ip_mask, if ($strict_user) { $filter['group_by'] = 'tagente.id_agente'; $fields = array ('tagente.id_agente'); - $acltags = tags_get_user_module_and_tags ($config['id_user'],'AR', $strict_user); + $acltags = tags_get_user_groups_and_tags ($config['id_user'],'AR', $strict_user); $user_agents = tags_get_all_user_agents (false, $config['id_user'], $acltags, $filter, $fields, false, $strict_user, true); foreach ($all_user_agents as $agent) { diff --git a/pandora_console/include/functions_reporting.php b/pandora_console/include/functions_reporting.php index edb404980d..e24dc618d2 100755 --- a/pandora_console/include/functions_reporting.php +++ b/pandora_console/include/functions_reporting.php @@ -8713,7 +8713,7 @@ function reporting_tiny_stats ($counts_info, $return = false, $type = 'agent', $ if ($strict_user && $type == 'agent') { - $acltags = tags_get_user_module_and_tags ($config['id_user'],'AR', $strict_user); + $acltags = tags_get_user_groups_and_tags ($config['id_user'],'AR', $strict_user); $filter['disabled'] = 0; $id_agent = $counts_info['id_agente']; diff --git a/pandora_console/include/functions_tactical.php b/pandora_console/include/functions_tactical.php index eb736d6b5c..e0e2acbe6b 100644 --- a/pandora_console/include/functions_tactical.php +++ b/pandora_console/include/functions_tactical.php @@ -427,7 +427,7 @@ function tactical_status_modules_agents($id_user = false, $user_strict = false, $id_user = $config['id_user']; } - $acltags = tags_get_user_module_and_tags ($id_user, $access, $user_strict); + $acltags = tags_get_user_groups_and_tags ($id_user, $access, $user_strict); // If using metaconsole, the strict users will use the agent table of every node if (is_metaconsole() && $user_strict) { diff --git a/pandora_console/include/functions_tags.php b/pandora_console/include/functions_tags.php index c9f04e92fb..9a6c614fc4 100644 --- a/pandora_console/include/functions_tags.php +++ b/pandora_console/include/functions_tags.php @@ -670,30 +670,19 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', return ERR_WRONG_PARAMETERS; } - $acltags = tags_get_user_module_and_tags($id_user, $access); - - // Delete the groups without tag restrictions from the acl tags array if $force_group_and_tag == false - // Delete the groups that aren't in the received groups id - $acltags_aux = array(); - - if (!empty($groups) && in_array(0, $groups)) { - $acltags_aux[0] = ""; - } - foreach ($acltags as $group_id => $tags) { - if (!empty($groups) && array_search($group_id, $groups) === false) { - unset($acltags[$group_id]); + $raw_acltags = tags_get_user_groups_and_tags($id_user, $access); + + $acltags = array(); + foreach ($raw_acltags as $group => $taglist) { + if (!empty($taglist)) { + $acltags[$group] = explode(',', $taglist); } else { - if (!empty($tags)) - $tags = explode(",", $tags); - $acltags_aux[$group_id] = $tags; + $acltags[$group] = ''; } } - // Clean the possible empty elements - if (!$force_group_and_tag) - $acltags_aux = array_filter($acltags_aux); - $acltags = $acltags_aux; + switch ($return_mode) { case 'data': // Stop here and return the array @@ -711,6 +700,7 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', case 'event_condition': // Return the condition of the tags for tevento table $condition = tags_get_acl_tags_event_condition($acltags, $meta, $force_group_and_tag); + if (!empty($condition)) { return " $query_prefix " . "(" . $condition . ")"; } @@ -735,7 +725,7 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') { $group_conditions = array(); // The acltags array contains the groups with the acl propagation applied - // after the changes done into the 'tags_get_user_module_and_tags' function. + // after the changes done into the 'tags_get_user_groups_and_tags' function. foreach ($acltags as $group_id => $group_tags) { $tag_join = ''; if (!empty($group_tags)) { @@ -859,83 +849,84 @@ function tags_get_acl_tags_event_condition($acltags, $meta = false, $force_group // Juanma (08/05/2014) Fix : Will have all groups retrieved (also propagated ones) $_groups_not_in = ''; - - foreach ($acltags as $group_id => $group_tags) { - // Group condition (The module belongs to an agent of the group X) - // Juanma (08/05/2014) Fix : Get all groups (children also, Propagate ACL func!) - $group_condition = sprintf('id_grupo IN (%s)', implode(',', array_values(groups_get_id_recursive($group_id, true)))); - $_groups_not_in .= implode(',', array_values(groups_get_id_recursive($group_id))) . ','; - - // Tags condition (The module has at least one of the restricted tags) - $tags_condition = ''; - if (empty($group_tags)) { - $tags_condition = "id_grupo = ".$group_id; - } - else { - if (!is_array($group_tags)) { - $group_tags = explode(',', $group_tags); + + if($acltags[0]){ + foreach ($acltags as $group_id => $group_tags) { + // Group condition (The module belongs to an agent of the group X) + $group_condition = sprintf('id_grupo IN (%s)', implode(',', array_values(groups_get_id_recursive($group_id, true)))); + //$_groups_not_in .= implode(',', array_values(groups_get_id_recursive($group_id))) . ','; + + // Tags condition (The module has at least one of the restricted tags) + $tags_condition = ''; + if (empty($group_tags)) { + $tags_condition = "id_grupo = ".$group_id; + } + else { + if (!is_array($group_tags)) { + $group_tags = explode(',', $group_tags); + } + + foreach ($group_tags as $tag) { + // If the tag ID doesnt exist, ignore + if (!isset($all_tags[$tag])) { + continue; + } + + if ($tags_condition != '') { + $tags_condition .= " OR \n"; + } + + //~ // Add as condition all the posibilities of the serialized tags + //~ $tags_condition .= sprintf('tags LIKE "%s,%%"',io_safe_input($all_tags[$tag])); + //~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s,%%"',io_safe_input($all_tags[$tag])); + //~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s"',io_safe_input($all_tags[$tag])); + //~ $tags_condition .= sprintf(' OR tags LIKE "%s %%"',io_safe_input($all_tags[$tag])); + //~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s %%"',io_safe_input($all_tags[$tag])); + + if ($force_group_and_tag) { + if (!empty($all_tags[$tag])) { + if ($force_equal) { + $tags_condition .= sprintf('(tags = "%s"',io_safe_input($all_tags[$tag])); + } else { + $tags_condition .= "(tags LIKE '%".io_safe_input($all_tags[$tag])."%'"; + } + $childrens = groups_get_childrens($group_id, null, true); + + if (empty($childrens)) { + $tags_condition .= sprintf(' AND id_grupo = %d )', $group_id); + } else { + $childrens_ids[] = $group_id; + foreach ($childrens as $child) { + $childrens_ids[] = (int)$child['id_grupo']; + } + $ids_str = implode(',', $childrens_ids); + + $tags_condition .= sprintf(' AND id_grupo IN (%s) )', $ids_str); + } + } else { + $tags_condition .= "id_grupo = ".$group_id; + } + } else { + if ($force_equal) { + $tags_condition .= sprintf('tags = "%s"',io_safe_input($all_tags[$tag])); + } else { + $tags_condition .= "tags LIKE '%".io_safe_input($all_tags[$tag])."%'"; + } + } + } } - foreach ($group_tags as $tag) { - // If the tag ID doesnt exist, ignore - if (!isset($all_tags[$tag])) { - continue; - } - - if ($tags_condition != '') { - $tags_condition .= " OR \n"; - } - - //~ // Add as condition all the posibilities of the serialized tags - //~ $tags_condition .= sprintf('tags LIKE "%s,%%"',io_safe_input($all_tags[$tag])); - //~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s,%%"',io_safe_input($all_tags[$tag])); - //~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s"',io_safe_input($all_tags[$tag])); - //~ $tags_condition .= sprintf(' OR tags LIKE "%s %%"',io_safe_input($all_tags[$tag])); - //~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s %%"',io_safe_input($all_tags[$tag])); - - if ($force_group_and_tag) { - if (!empty($all_tags[$tag])) { - if ($force_equal) { - $tags_condition .= sprintf('(tags = "%s"',io_safe_input($all_tags[$tag])); - } else { - $tags_condition .= "(tags LIKE '%".io_safe_input($all_tags[$tag])."%'"; - } - $childrens = groups_get_childrens($group_id, null, true); - - if (empty($childrens)) { - $tags_condition .= sprintf(' AND id_grupo = %d )', $group_id); - } else { - $childrens_ids[] = $group_id; - foreach ($childrens as $child) { - $childrens_ids[] = (int)$child['id_grupo']; - } - $ids_str = implode(',', $childrens_ids); - - $tags_condition .= sprintf(' AND id_grupo IN (%s) )', $ids_str); - } - } else { - $tags_condition .= "id_grupo = ".$group_id; - } - } else { - if ($force_equal) { - $tags_condition .= sprintf('tags = "%s"',io_safe_input($all_tags[$tag])); - } else { - $tags_condition .= "tags LIKE '%".io_safe_input($all_tags[$tag])."%'"; - } - } + // If there is not tag condition ignore + if (empty($tags_condition)) { + continue; } + + if ($condition != '') { + $condition .= ' OR '; + } + + $condition .= "($tags_condition)\n"; } - - // If there is not tag condition ignore - if (empty($tags_condition)) { - continue; - } - - if ($condition != '') { - $condition .= ' OR '; - } - - $condition .= "($tags_condition)\n"; } //Commented because ACLs propagation don't work @@ -2402,76 +2393,22 @@ function __add_acltags (&$acltags, $group_id, $tags_str) { } /* Return array with groups and their tags */ -function tags_get_user_module_and_tags ($id_user = false, $access = 'AR', $strict_user = false) { +function tags_get_user_groups_and_tags ($id_user = false, $access = 'AR', $strict_user = false) { global $config; - + if ($id_user == false) { $id_user = $config['id_user']; } - - $acl_column = get_acl_column($access); - - $sql = sprintf("SELECT tags, id_grupo - FROM tusuario_perfil, tperfil - WHERE tperfil.id_perfil = tusuario_perfil.id_perfil AND - tusuario_perfil.id_usuario = '%s' AND - tperfil.%s = 1 - ORDER BY id_grupo", $id_user, $acl_column); - $tags_and_groups = db_get_all_rows_sql($sql); - - if ($tags_and_groups === false) - $tags_and_groups = array(); - - $acltags = array(); - - // Change the 'All' group with all groups - $user_groups = users_get_groups($id_user, $access, false); - $user_groups_ids = array(); - if (!empty($user_groups) && is_array($user_groups)) { - $user_groups_ids = array_keys($user_groups); + + $acls = users_get_groups ($id_user, $access, false, true); + + $return = array(); + foreach ($acls as $acl) { + $return[$acl["id_grupo"]] = $acl["tags"]; + } - - // If the user is admin, he should have access to the all group with the required permission - if (is_user_admin($id_user)) - array_unshift($tags_and_groups, array('id_grupo' => 0, 'tags' => '')); - - $tags_and_groups_aux = array(); - foreach ($tags_and_groups as $data) { - // All group - if ((int)$data['id_grupo'] === 0) { - // All group with empty tags. All groups without tags permission! - if (empty($data['tags'])) { - foreach ($user_groups_ids as $group_id) { - $acltags[$group_id] = ''; - } - - return $acltags; // End of the function - } - // Create a new element for every group with the tags - else { - foreach ($user_groups_ids as $group_id) { - $tags_and_groups_aux[] = array( - 'id_grupo' => $group_id, - 'tags' => $data['tags'] - ); - } - } - } - // Specific group - else { - $tags_and_groups_aux[] = $data; - } - } - $tags_and_groups = $tags_and_groups_aux; - unset($tags_and_groups_aux); - - - foreach ($tags_and_groups as $group_tag) { - __add_acltags($acltags, $group_tag['id_grupo'], $group_tag['tags']); - } - - - return $acltags; + + return $return; } /** diff --git a/pandora_console/include/functions_users.php b/pandora_console/include/functions_users.php index 9f47135084..f4ddf90750 100755 --- a/pandora_console/include/functions_users.php +++ b/pandora_console/include/functions_users.php @@ -139,7 +139,7 @@ function users_get_groups_for_select($id_user, $privilege = "AR", $returnAllGro return $fields; } -function get_group_ancestors($group_id,$groups, $debug = 0) { +function get_group_ancestors($group_id, $groups) { if (!isset($groups[$group_id])) { return null; @@ -155,7 +155,7 @@ function get_group_ancestors($group_id,$groups, $debug = 0) { return 0; } - $r = get_group_ancestors($parent, $groups, $debug); + $r = get_group_ancestors($parent, $groups); if (is_array($r)) { $r = array_merge(array($parent), $r); @@ -206,9 +206,26 @@ function groups_combine_acl($acl_group_a, $acl_group_b){ "vconsole_view" => 1, "vconsole_edit" => 1, "vconsole_management" => 1, + "tags" => 1, ); foreach ($acl_list as $acl => $aux) { + + if($acl == "tags") { + // Mix tags + + if (isset($acl_group_a[$acl]) && ($acl_group_a[$acl] != "")) { + if (isset($acl_group_b[$acl]) && ($acl_group_b[$acl] != "")) { + if ($acl_group_b[$acl] != ($acl_group_a[$acl])) { + $acl_group_b[$acl] = $acl_group_a[$acl] . "," . $acl_group_b[$acl]; + } + } + else { + $acl_group_b[$acl] = $acl_group_a[$acl]; + } + } + continue; + } // propagate ACL $acl_group_b[$acl] = $acl_group_a[$acl] || $acl_group_b[$acl]; } diff --git a/pandora_console/operation/agentes/estado_agente.php b/pandora_console/operation/agentes/estado_agente.php index fac79d3e0b..83a0ade08a 100644 --- a/pandora_console/operation/agentes/estado_agente.php +++ b/pandora_console/operation/agentes/estado_agente.php @@ -465,7 +465,7 @@ if ($strict_user) { $fields = array ('tagente.id_agente','tagente.id_grupo','tagente.id_os','tagente.ultimo_contacto','tagente.intervalo','tagente.comentarios description','tagente.quiet', 'tagente.normal_count','tagente.warning_count','tagente.critical_count','tagente.unknown_count','tagente.notinit_count','tagente.total_count','tagente.fired_count', 'tagente.nombre', 'tagente.alias'); - $acltags = tags_get_user_module_and_tags ($config['id_user'], $access, $strict_user); + $acltags = tags_get_user_groups_and_tags ($config['id_user'], $access, $strict_user); $total_agents = tags_get_all_user_agents (false, $config['id_user'], $acltags, $count_filter, $fields, false, $strict_user, true); $total_agents = count($total_agents); diff --git a/pandora_console/operation/agentes/tactical.php b/pandora_console/operation/agentes/tactical.php index 5c73d6d363..7c41cf8565 100755 --- a/pandora_console/operation/agentes/tactical.php +++ b/pandora_console/operation/agentes/tactical.php @@ -178,7 +178,7 @@ echo 'width = '100%'; $all_parents = array(); diff --git a/pandora_console/godmode/menu.php b/pandora_console/godmode/menu.php index aab312158d..11f510349a 100644 --- a/pandora_console/godmode/menu.php +++ b/pandora_console/godmode/menu.php @@ -354,7 +354,7 @@ if (is_array ($config['extensions'])) { $sub2[$extmenu["sec2"]]["refr"] = 0; } else { - if (array_key_exists('fatherId',$extmenu)) { + if (is_array($extmenu) && array_key_exists('fatherId',$extmenu)) { if (strlen($extmenu['fatherId']) > 0) { if (array_key_exists('subfatherId',$extmenu)) { if (strlen($extmenu['subfatherId']) > 0) { diff --git a/pandora_console/godmode/netflow/nf_edit.php b/pandora_console/godmode/netflow/nf_edit.php index f3ffc36bcc..6ee7258e33 100644 --- a/pandora_console/godmode/netflow/nf_edit.php +++ b/pandora_console/godmode/netflow/nf_edit.php @@ -111,6 +111,7 @@ $filters = db_get_all_rows_sql($sql); if ($filters === false) $filters = array (); +$table = new stdClass(); $table->width = '100%'; $table->class = 'databox data'; diff --git a/pandora_console/godmode/users/user_list.php b/pandora_console/godmode/users/user_list.php index 2a10e8c7b8..13cdba54c1 100644 --- a/pandora_console/godmode/users/user_list.php +++ b/pandora_console/godmode/users/user_list.php @@ -248,8 +248,7 @@ else { } -$table = null; - +$table = new stdClass(); $table->cellpadding = 0; $table->cellspacing = 0; $table->width = '100%'; diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index 6392adda37..e6861aa956 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -445,9 +445,8 @@ function process_user_login_remote ($login, $pass, $api = false) { * @return bool True is the user is admin */ function is_user_admin ($id_user) { - $is_admin = (bool) db_get_value ('is_admin', 'tusuario', 'id_user', $id_user); - - return $is_admin; + require_once(__DIR__ . "/../functions_users.php"); + return users_is_admin($id_user); } @@ -531,7 +530,15 @@ function get_user_email ($user) { * @return mixed An array of users */ function get_user_info ($user) { - return db_get_row ("tusuario", "id_user", get_user_id ($user)); + static $cache_user_info = array(); + if (array_key_exists($user, $cache_user_info)){ + return $cache_user_info[$user]; + } + else{ + $return = db_get_row ("tusuario", "id_user", get_user_id ($user)); + $cache_user_info[$user] = $return; + return $return; + } } /** diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index 3caa79ad05..6e937e547b 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -1809,85 +1809,26 @@ function check_acl($id_user, $id_group, $access, $onlyOneGroup = false) { $id_group = (int) $id_group; } - $three_eyes_crow_groups = db_get_all_rows_sql("SELECT tperfil.*, tusuario_perfil.id_perfil FROM tperfil, tusuario_perfil WHERE tusuario_perfil.id_usuario = '" . - $id_user . "' AND tusuario_perfil.id_grupo = 0 AND tusuario_perfil.id_perfil = tperfil.id_perfil"); + if ($id_group != 0 || $onlyOneGroup === true) { + $groups_list_acl = users_get_groups ($id_user, 'AR', false, true, null); + } + else{ + $groups_list_acl = get_users_acl($id_user); + } - if ($three_eyes_crow_groups && !empty($three_eyes_crow_groups)) { - $acl_column = get_acl_column($access); - - foreach ($three_eyes_crow_groups as $three_eyes_crow_group) { - if (isset($three_eyes_crow_group[$acl_column]) && $three_eyes_crow_group[$acl_column] == 1) { + if(is_array($groups_list_acl)){ + if(isset($groups_list_acl[$id_group])){ + $access = get_acl_column($access); + if(isset($groups_list_acl[$id_group][$access]) + && $groups_list_acl[$id_group][$access] > 0){ return 1; } + else{ + return 0; + } } } - $parents_id = array($id_group); - if ($id_group != 0 && $onlyOneGroup !== true) { - $group = db_get_row_filter('tgrupo', array('id_grupo' => $id_group)); - $parents = groups_get_parents($group['parent'], true); - - foreach ($parents as $parent) { - $parents_id[] = $parent['id_grupo']; - } - } - - // TODO: To reduce this querys in one adding the group condition if necessary (only one line is different) - //Joined multiple queries into one. That saves on the query overhead and query cache. - if ($id_group == 0 && $onlyOneGroup !== true) { - $query = sprintf("SELECT tperfil.incident_view, tperfil.incident_edit, - tperfil.incident_management, tperfil.agent_view, - tperfil.agent_edit, tperfil.alert_edit, - tperfil.alert_management, tperfil.pandora_management, - tperfil.db_management, tperfil.user_management, - tperfil.report_view, tperfil.report_edit, - tperfil.report_management, tperfil.event_view, - tperfil.event_edit, tperfil.event_management, - tperfil.agent_disable, - tperfil.map_view, tperfil.map_edit, tperfil.map_management, - tperfil.vconsole_view, tperfil.vconsole_edit, tperfil.vconsole_management - FROM tusuario_perfil, tperfil - WHERE tusuario_perfil.id_perfil = tperfil.id_perfil - AND tusuario_perfil.id_usuario = '%s'", $id_user); - //GroupID = 0 and onlyOneGroup = false, group id doesnt matter (use with caution!) - } - else { - $query = sprintf("SELECT tperfil.incident_view, tperfil.incident_edit, - tperfil.incident_management, tperfil.agent_view, - tperfil.agent_edit, tperfil.alert_edit, - tperfil.alert_management, tperfil.pandora_management, - tperfil.db_management, tperfil.user_management, - tperfil.report_view, tperfil.report_edit, - tperfil.report_management, tperfil.event_view, - tperfil.event_edit, tperfil.event_management, - tperfil.agent_disable, - tperfil.map_view, tperfil.map_edit, tperfil.map_management, - tperfil.vconsole_view, tperfil.vconsole_edit, tperfil.vconsole_management - FROM tusuario_perfil, tperfil - WHERE tusuario_perfil.id_perfil = tperfil.id_perfil - AND tusuario_perfil.id_usuario = '%s' - AND (tusuario_perfil.id_grupo IN (%s) - OR tusuario_perfil.id_grupo = 0)", $id_user, implode(', ', $parents_id)); - } - - $rowdup = db_get_all_rows_sql ($query); - - if (empty ($rowdup)) - return 0; - - $result = 0; - $acl_column = get_acl_column($access); - foreach ($rowdup as $row) { - // For each profile for this pair of group and user do... - if (isset($row[$acl_column])) { - $result += $row[$acl_column]; - } - } - - if ($result >= 1) { - return 1; - } - return 0; } @@ -1975,6 +1916,51 @@ function get_acl_column($access) { } } +function get_users_acl($id_user){ + static $users_acl_cache = array(); + + + if (is_array($users_acl_cache[$id_user])) { + $rowdup = $users_acl_cache[$id_user]; + } + else { + $query = sprintf("SELECT sum(tperfil.incident_view) as incident_view, + sum(tperfil.incident_edit) as incident_edit, + sum(tperfil.incident_management) as incident_management, + sum(tperfil.agent_view) as agent_view, + sum(tperfil.agent_edit) as agent_edit, + sum(tperfil.alert_edit) as alert_edit, + sum(tperfil.alert_management) as alert_management, + sum(tperfil.pandora_management) as pandora_management, + sum(tperfil.db_management) as db_management, + sum(tperfil.user_management) as user_management, + sum(tperfil.report_view) as report_view, + sum(tperfil.report_edit) as report_edit, + sum(tperfil.report_management) as report_management, + sum(tperfil.event_view) as event_view, + sum(tperfil.event_edit) as event_edit, + sum(tperfil.event_management) as event_management, + sum(tperfil.agent_disable) as agent_disable, + sum(tperfil.map_view) as map_view, + sum(tperfil.map_edit) as map_edit, + sum(tperfil.map_management) as map_management, + sum(tperfil.vconsole_view) as vconsole_view, + sum(tperfil.vconsole_edit) as vconsole_edit, + sum(tperfil.vconsole_management) as vconsole_management + FROM tusuario_perfil, tperfil + WHERE tusuario_perfil.id_perfil = tperfil.id_perfil + AND tusuario_perfil.id_usuario = '%s'", $id_user); + + $rowdup = db_get_all_rows_sql ($query); + $users_acl_cache[$id_user] = $rowdup; + } + + if (empty ($rowdup) || !$rowdup) + return 0; + + return $rowdup; +} + /** * Get the name of a plugin * diff --git a/pandora_console/include/functions_agents.php b/pandora_console/include/functions_agents.php index 9c38157300..7587bb76b1 100644 --- a/pandora_console/include/functions_agents.php +++ b/pandora_console/include/functions_agents.php @@ -2601,7 +2601,9 @@ function select_modules_for_agent_group($id_group, $id_agents, } if ($selection == 1 || (count($id_agents) == 1)) { - $modules = db_get_all_rows_sql("SELECT DISTINCT nombre, id_agente_modulo FROM tagente_modulo WHERE 1 = 1" . $filter_agent . $filter_group); + $modules = db_get_all_rows_sql("SELECT DISTINCT nombre, id_agente_modulo + FROM tagente_modulo + WHERE 1 = 1" . $filter_agent . $filter_group); if (empty($modules)) $modules = array(); @@ -2614,13 +2616,15 @@ function select_modules_for_agent_group($id_group, $id_agents, } } else { - $modules = db_get_all_rows_sql("SELECT nombre, id_agente_modulo FROM tagente_modulo WHERE 1 = 1" . $filter_agent . $filter_group); + $modules = db_get_all_rows_sql("SELECT nombre, id_agente_modulo + FROM tagente_modulo + WHERE 1 = 1" . $filter_agent . $filter_group); if (empty($modules)) $modules = array(); foreach ($modules as $m) { $is_in_all_agents = true; - $module_name = modules_get_agentmodule_name($m['id_agente_modulo']); + $module_name = $m['nombre']; foreach ($id_agents as $a) { $module_in_agent = db_get_value_filter('id_agente_modulo', 'tagente_modulo', array('id_agente' => $a, 'nombre' => $module_name)); diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php index 47b6e80658..c3d7b7b2b4 100755 --- a/pandora_console/include/functions_io.php +++ b/pandora_console/include/functions_io.php @@ -372,8 +372,16 @@ function io_unsafe_string ($string) { */ function __ ($string /*, variable arguments */) { global $l10n; + global $config; + static $extensions_cache = array(); - $extensions = extensions_get_extensions(); + if (array_key_exists($config["id_user"], $extensions_cache)) { + $extensions = $extensions_cache[$config["id_user"]]; + } + else { + $extensions = extensions_get_extensions(); + $extensions_cache[$config["id_user"]] = $extensions; + } if (empty($extensions)) $extensions = array(); diff --git a/pandora_console/include/functions_tags.php b/pandora_console/include/functions_tags.php index 9a6c614fc4..622814ef7f 100644 --- a/pandora_console/include/functions_tags.php +++ b/pandora_console/include/functions_tags.php @@ -2405,7 +2405,6 @@ function tags_get_user_groups_and_tags ($id_user = false, $access = 'AR', $stric $return = array(); foreach ($acls as $acl) { $return[$acl["id_grupo"]] = $acl["tags"]; - } return $return; diff --git a/pandora_console/include/functions_users.php b/pandora_console/include/functions_users.php index f4ddf90750..c9fc558467 100755 --- a/pandora_console/include/functions_users.php +++ b/pandora_console/include/functions_users.php @@ -250,6 +250,10 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup $id_groups = null, $keys_field = 'id_grupo', $cache = true) { static $group_cache = array(); + // Added users_group_cache to avoid unnecessary proccess on massive calls... + static $users_group_cache = array(); + $users_group_cache_key = $id_user . "|" . $privilege . "|" . $returnAllGroup . "|" . $returnAllColumns; + if (empty ($id_user)) { global $config; @@ -277,10 +281,17 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup WHERE (tgrupo.id_grupo = tusuario_perfil.id_grupo OR tusuario_perfil.id_grupo = 0) AND tusuario_perfil.id_perfil = tperfil.id_perfil AND tusuario_perfil.id_usuario = '%s' ORDER BY nombre", $id_user); - $forest_acl = db_get_all_rows_sql ($query); + $raw_forest = db_get_all_rows_sql ($query); - foreach ($forest_acl as $g) { - $forest_acl[$g["id_grupo"]] = $g; + foreach ($raw_forest as $g) { + // XXX, following code must be remade (TAG) + if (!isset($forest_acl[$g["id_grupo"]] )) { + $forest_acl[$g["id_grupo"]] = $g; + } + else { + $forest_acl[$g["id_grupo"]]["tags"] .= "," . $g["tags"]; + } + } $groups = array(); @@ -334,10 +345,16 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup } $acl_column = get_acl_column($privilege); + + if (array_key_exists($users_group_cache_key, $users_group_cache)) { + return $users_group_cache[$users_group_cache_key]; + } + + foreach ($forest_acl as $group) { # Check the specific permission column. acl_column is undefined for admins. - if (defined($group[$acl_column]) && $group[$acl_column] != '1') { + if (isset($group[$acl_column]) && $group[$acl_column] != '1') { continue; } @@ -349,6 +366,8 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup } } + $users_group_cache[$users_group_cache_key] = $user_groups; + return $user_groups; } @@ -1006,15 +1025,23 @@ function users_get_last_type_message() { function users_is_admin($id_user = false) { global $config; - + + if (!isset($config["is_admin"])) { + $config["is_admin"] = array(); + } + if ($id_user === false) { $id_user = $config['id_user']; } - $is_admin = (bool)db_get_value('is_admin', + if (isset($config["is_admin"][$id_user])) { + return $config["is_admin"][$id_user]; + } + + $config["is_admin"][$id_user] = (bool)db_get_value('is_admin', 'tusuario', 'id_user', $id_user); - return $is_admin; + return $config["is_admin"][$id_user]; } function users_is_last_system_message() {