Merge branch 'ent-9085-13692-Fallo-permisos-en-creacion-edicion-de-List-of-Special-Days' into 'develop'
fixed permissions See merge request artica/pandorafms!4934
This commit is contained in:
Diego Muñoz-Reja
commit
3fe66d9a9b
|
|
@ -260,6 +260,8 @@ class CalendarManager
|
|||
*/
|
||||
public function deleteCalendar()
|
||||
{
|
||||
global $config;
|
||||
|
||||
$id = (int) get_parameter('id');
|
||||
try {
|
||||
$calendar = new Calendar($id);
|
||||
|
|
@ -278,6 +280,22 @@ class CalendarManager
|
|||
return;
|
||||
}
|
||||
|
||||
if (is_numeric($id) === true) {
|
||||
if ((bool) check_acl(
|
||||
$config['id_user'],
|
||||
$calendar->id_group(),
|
||||
'LM'
|
||||
) === false
|
||||
) {
|
||||
db_pandora_audit(
|
||||
AUDIT_LOG_ACL_VIOLATION,
|
||||
'Trying to access calendar delete'
|
||||
);
|
||||
include 'general/noaccess.php';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
// Remove.
|
||||
$calendar->delete();
|
||||
$this->message = \ui_print_success_message(
|
||||
|
|
@ -480,6 +498,35 @@ class CalendarManager
|
|||
$new = true;
|
||||
}
|
||||
|
||||
$group_id = null;
|
||||
|
||||
if ($new === true) {
|
||||
if (is_numeric(get_parameter('id_group')) === true) {
|
||||
$group_id = get_parameter('id_group');
|
||||
}
|
||||
} else {
|
||||
if (is_numeric($calendar->id_group()) === true) {
|
||||
$group_id = $calendar->id_group();
|
||||
}
|
||||
}
|
||||
|
||||
if (is_numeric($group_id) === true) {
|
||||
// Check for permissions before rendering edit view or performing save action.
|
||||
if ((bool) check_acl(
|
||||
$config['id_user'],
|
||||
$group_id,
|
||||
'LM'
|
||||
) === false
|
||||
) {
|
||||
db_pandora_audit(
|
||||
AUDIT_LOG_ACL_VIOLATION,
|
||||
'Trying to access calendar editor'
|
||||
);
|
||||
include 'general/noaccess.php';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$action = get_parameter('action');
|
||||
if ($action === 'save') {
|
||||
$success = false;
|
||||
|
|
@ -604,19 +651,23 @@ class CalendarManager
|
|||
$is_management_allowed = \is_management_allowed();
|
||||
|
||||
if ((bool) $data === true) {
|
||||
$manage = check_acl(
|
||||
$config['id_user'],
|
||||
0,
|
||||
'LM',
|
||||
true
|
||||
);
|
||||
$user_id = $config['id_user'];
|
||||
|
||||
$data = array_reduce(
|
||||
$data,
|
||||
function ($carry, $item) use ($manage, $is_management_allowed) {
|
||||
function ($carry, $item) use ($user_id, $is_management_allowed) {
|
||||
// phpcs:disable Squiz.NamingConventions.ValidVariableName.MemberNotCamelCaps
|
||||
// Transforms array of arrays $data into an array
|
||||
// of objects, making a post-process of certain fields.
|
||||
// Users must only be able to manage items that belong to their groups.
|
||||
// IMPORTANT: if user does not have permission over 'All' group, items belonging to such
|
||||
// group must be listed but they must not allow for edition.
|
||||
$manage = check_acl_restricted_all(
|
||||
$user_id,
|
||||
$item['id_group'],
|
||||
'LM'
|
||||
);
|
||||
|
||||
$tmp = (object) $item;
|
||||
|
||||
if ((bool) $manage === true) {
|
||||
|
|
|
|||
|
|
@ -2399,9 +2399,9 @@ function check_acl_one_of_groups($id_user, $groups, $access, $cache=true)
|
|||
* LM - Alert Management
|
||||
* PM - Pandora Management
|
||||
*
|
||||
* @param integer $id_user User id
|
||||
* @param integer $id_group Agents group id to check from
|
||||
* @param string $access Access privilege
|
||||
* @param integer $id_user User id.
|
||||
* @param integer $id_group Agents group id to check from.
|
||||
* @param string $access Access privilege.
|
||||
* @param boolean $onlyOneGroup Flag to check acl for specified group only (not to roots up, or check acl for 'All' group when $id_group is 0).
|
||||
*
|
||||
* @return boolean 1 if the user has privileges, 0 if not.
|
||||
|
|
@ -2409,7 +2409,7 @@ function check_acl_one_of_groups($id_user, $groups, $access, $cache=true)
|
|||
function check_acl_restricted_all($id_user, $id_group, $access, $onlyOneGroup=false)
|
||||
{
|
||||
if (empty($id_user)) {
|
||||
// User ID needs to be specified
|
||||
// User ID needs to be specified.
|
||||
trigger_error('Security error: check_acl got an empty string for user id', E_USER_WARNING);
|
||||
return 0;
|
||||
} else if (is_user_admin($id_user)) {
|
||||
|
|
|
|||
|
|
@ -186,6 +186,9 @@ class Calendar extends Entity
|
|||
$order_by = '';
|
||||
$pagination = '';
|
||||
|
||||
$user_groups = users_get_groups();
|
||||
$user_groups_ids = implode(',', array_keys($user_groups));
|
||||
|
||||
if (isset($filter['free_search']) === true
|
||||
&& empty($filter['free_search']) === false
|
||||
) {
|
||||
|
|
@ -196,6 +199,8 @@ class Calendar extends Entity
|
|||
);
|
||||
}
|
||||
|
||||
$sql_filters[] = ' AND id_group IN ('.$user_groups_ids.')';
|
||||
|
||||
if (isset($order) === true) {
|
||||
$dir = 'asc';
|
||||
if ($order === 'desc') {
|
||||
|
|
|
|||
|
|
@ -206,7 +206,7 @@ class SpecialDay extends Entity
|
|||
&& empty($filter['id_group']) === false
|
||||
) {
|
||||
$sql_filters[] = sprintf(
|
||||
' AND `talert_special_days`.`id_group` IN ("%s")',
|
||||
' AND `talert_special_days`.`id_group` IN (%s)',
|
||||
implode(',', $filter['id_group'])
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -73,6 +73,12 @@ if (empty($message) === false) {
|
|||
echo $message;
|
||||
}
|
||||
|
||||
$return_all_group = false;
|
||||
|
||||
if (users_can_manage_group_all('LM') === true) {
|
||||
$return_all_group = true;
|
||||
}
|
||||
|
||||
$inputs = [];
|
||||
|
||||
// Name.
|
||||
|
|
@ -91,7 +97,7 @@ $inputs[] = [
|
|||
'label' => __('Group'),
|
||||
'arguments' => [
|
||||
'type' => 'select_groups',
|
||||
'returnAllGroup' => true,
|
||||
'returnAllGroup' => $return_all_group,
|
||||
'name' => 'id_group',
|
||||
'selected' => $calendar->id_group(),
|
||||
'required' => true,
|
||||
|
|
|
|||
Loading…
Reference in New Issue