tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Tags performance] Fixed check acl tags by module and removed unused code

This commit is contained in:
Fermin 2018-10-08 17:19:46 +02:00
parent 099f01a4ba
commit 441458843f
3 changed files with 20 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pandora_console/include/functions_events.php
View File

@ -2240,13 +2240,8 @@ function events_page_details ($event, $server = "") {
$strict_user = (bool) db_get_value("strict_acl", "tusuario", "id_user", $config['id_user']); $strict_user = (bool) db_get_value("strict_acl", "tusuario", "id_user", $config['id_user']);
if (!empty($agent['id_grupo'])) { if (!empty($agent['id_grupo'])) {
if ($strict_user) {
$acl_graph = tags_check_acl_by_module($module["id_agente_modulo"], $config['id_user'], 'RR') === true;
}
else {
$acl_graph = check_acl($config['id_user'], $agent['id_grupo'], "RR"); $acl_graph = check_acl($config['id_user'], $agent['id_grupo'], "RR");
} }
}
if ($acl_graph) { if ($acl_graph) {
$data = array(); $data = array();

151
pandora_console/include/functions_tags.php
View File

@ -1111,149 +1111,24 @@ function tags_check_acl_by_module($id_module = 0, $id_user = false,
$access = 'AW') { $access = 'AW') {
global $config; global $config;
$return = false; if (empty($id_module)) return false;
if (!empty($id_module)) {
$tags = tags_get_module_tags($id_module);
$groups = modules_get_agent_groups($id_module);
if ($id_user === false) { if ($id_user === false) {
$id_user = $config["id_user"]; $id_user = $config["id_user"];
} }
$tags = tags_get_module_tags($id_module);
$groups = modules_get_agent_groups($id_module);
$user_groups = users_get_groups($id_user, $acces, false, true);
$acl_column = get_acl_column($access);
foreach ($groups as $group) { foreach ($groups as $group) {
if (tags_check_acl($id_user, $group, $access, $tags, true)) { // If user has not permission for this group,go to next group
return true; if (!isset($user_groups[$group])) continue;
} // No tags means user can see all tags for this group
} if (!isset($user_groups[$group]["tags"][$acl_column])) return true;
} // Check acl
$intersection = array_intersect($tags, $user_groups[$group]["tags"][$acl_column]);
return $return; if(!empty($intersection)) return true;
}
/**
* Check the ACLs with tags
*
* @param string ID of the user (with false the user will be taked from config)
* @param string id of the group (0 means for at least one)
* @param string access flag (AR,AW...)
* @param mixed tags to be checked (array() means for at least one)
*
* @return bool true if the acl check has success, false otherwise
*/
function tags_check_acl($id_user, $id_group, $access, $tags = array(), $flag_id_tag = false) {
global $config;
if ($id_user === false) {
$id_user = $config['id_user'];
}
// Get parents to check in propagate ACL cases
if (!is_array($id_group) && $id_group != 0) {
$id_group = array($id_group);
$group = db_get_row_filter('tgrupo',
array('id_grupo' => $id_group));
$parents = groups_get_parents($group['parent'], true);
foreach ($parents as $parent) {
$id_group[] = $parent['id_grupo'];
}
}
$acls = tags_get_acl_tags($id_user, $id_group, $access, 'data');
// If there are wrong parameters or fail ACL check, return false
if ($acls === ERR_WRONG_PARAMETERS || $acls === ERR_ACL) {
return false;
}
// If there are not tags restrictions or tags passed, check the group access
if (empty($acls) || empty($tags)) {
if (!is_array($id_group))
$group_id_array = array($id_group);
foreach ($id_group as $group) {
if (check_acl($id_user, $group, $access))
return true;
}
}
# Fix: If user profile has more than one group, due to ACL propagation then id_group can be an array
if (is_array($id_group)) {
foreach ($id_group as $group) {
if ($group > 0) {
if (array_key_exists(0, $acls)) {
//There is a All group
foreach ($tags as $tag) {
if (in_array($tag, $acls[0])) {
return true;
}
else {
return false;
}
}
}
else if (isset($acls[$group])) {
foreach ($tags as $tag) {
if (!$flag_id_tag)
$tag = tags_get_id($tag);
if (in_array($tag, $acls[$group])) {
return true;
} else if (empty($acls[$group])) {
return true;
}
}
}
else {
return false;
}
}
else {
foreach ($acls as $acl_tags) {
foreach ($tags as $tag) {
if (!$flag_id_tag)
$tag = tags_get_id($tag);
if (in_array($tag, $acl_tags)) {
return true;
}
}
}
}
}
}
else {
if ($id_group > 0) {
if (isset($acls[$id_group])) {
foreach ($tags as $tag) {
if (!$flag_id_tag)
$tag = tags_get_id($tag);
if (in_array($tag, $acls[$id_group])) {
return true;
}
}
}
else {
return false;
}
}
else {
foreach ($acls as $acl_tags) {
foreach ($tags as $tag) {
if (!$flag_id_tag)
$tag = tags_get_id($tag);
if (in_array($tag, $acl_tags)) {
return true;
}
}
}
}
} }
return false; return false;

9
pandora_console/include/functions_treeview.php
View File

@ -745,16 +745,7 @@ function treeview_printTable($id_agente, $server_data = array(), $no_head = fals
foreach ($network_interfaces as $interface_name => $interface) { foreach ($network_interfaces as $interface_name => $interface) {
if (!empty($interface['traffic'])) { if (!empty($interface['traffic'])) {
$permission = false;
if ($strict_user) {
if (tags_check_acl_by_module($interface['traffic']['in'], $config['id_user'], 'RR') === true
&& tags_check_acl_by_module($interface['traffic']['out'], $config['id_user'], 'RR') === true)
$permission = true;
}
else {
$permission = check_acl($config['id_user'], $agent["id_grupo"], "RR"); $permission = check_acl($config['id_user'], $agent["id_grupo"], "RR");
}
if ($permission) { if ($permission) {
$params = array( $params = array(