From 44d8b977cbc8948867eb1573ea57a6d1d178a2a8 Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Wed, 19 Jun 2019 16:52:14 +0200 Subject: [PATCH] event advanced filter fixes --- pandora_console/include/ajax/events.php | 24 +++++--- pandora_console/include/functions_events.php | 56 +++++++++++------ pandora_console/include/functions_groups.php | 47 ++++++++++++++ pandora_console/operation/events/events.php | 64 ++++++++++---------- 4 files changed, 131 insertions(+), 60 deletions(-) diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php index ce173898b2..12f86c4852 100644 --- a/pandora_console/include/ajax/events.php +++ b/pandora_console/include/ajax/events.php @@ -1079,29 +1079,37 @@ if ($get_extended_event) { } // Check ACLs. + $access = false; if (is_user_admin($config['id_user'])) { // Do nothing if you're admin, you get full access. - $__ignored_line = 0; + $access = true; } else if ($config['id_user'] == $event['owner_user']) { // Do nothing if you're the owner user, you get access. - $__ignored_line = 0; + $access = true; } else if ($event['id_grupo'] == 0) { // If the event has access to all groups, you get access. - $__ignored_line = 0; + $access = true; } else { // Get your groups. $groups = users_get_groups($config['id_user'], 'ER'); if (in_array($event['id_grupo'], array_keys($groups))) { // If event group is among the groups of the user, you get access. - $__ignored_line = 0; - } else { - // If all the access types fail, abort. - echo 'Access denied'; - return false; + $access = true; + } else if ($event['id_agente'] + && agents_check_access_agent($event['id_agente'], 'ER') + ) { + // Secondary group, indirect access. + $access = true; } } + if (!$access) { + // If all the access types fail, abort. + echo 'Access denied'; + return false; + } + // Print group_rep in a hidden field to recover it from javascript. html_print_input_hidden('group_rep', (int) $group_rep); diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php index 9339322a7d..da2efa1bd1 100644 --- a/pandora_console/include/functions_events.php +++ b/pandora_console/include/functions_events.php @@ -641,32 +641,37 @@ function events_get_all( } } - if (isset($filter['id_group_filter']) && $filter['id_group_filter'] > 0) { + $groups = $filter['id_group_filter']; + if (isset($groups) && $groups > 0) { $propagate = db_get_value( 'propagate', 'tgrupo', 'id_grupo', - $filter['id_group_filter'] + $groups ); if (!$propagate) { $sql_filters[] = sprintf( - ' AND te.id_grupo = %d ', - $filter['id_group_filter'] + ' AND (te.id_grupo = %d OR tasg.id_group = %d)', + $groups ); } else { - $groups = [ $filter['id_group_filter'] ]; - $childrens = groups_get_childrens($id_group, null, true); - if (!empty($childrens)) { - foreach ($childrens as $child) { - $groups[] = (int) $child['id_grupo']; + $children = groups_get_children($groups); + $_groups = []; + if (!empty($children)) { + foreach ($children as $child) { + $_groups[] = (int) $child['id_grupo']; } + + $groups = $_groups; + } else { + $groups = [ $groups ]; } - $filter['id_group_filter'] = $groups; $sql_filters[] = sprintf( - ' AND id_group IN (%s) ', - join(',', $filter['id_group_filter']) + ' AND (te.id_grupo IN (%s) OR tasg.id_group IN (%s)', + join(',', array_keys($groups)), + join(',', array_keys($groups)) ); } } @@ -702,8 +707,6 @@ function events_get_all( } } - $sg_active = enterprise_hook('agents_is_using_secondary_groups'); - if (!$user_is_admin) { $ER_groups = users_get_groups($config['id_user'], 'ER', false); $EM_groups = users_get_groups($config['id_user'], 'EM', false, true); @@ -713,7 +716,8 @@ function events_get_all( if (!$user_is_admin && !users_can_manage_group_all('ER')) { // Get groups where user have ER grants. $sql_filters[] = sprintf( - ' AND te.id_grupo IN ( %s )', + ' AND (te.id_grupo IN ( %s ) OR tasg.id_group IN (%s))', + join(', ', array_keys($ER_groups)), join(', ', array_keys($ER_groups)) ); } @@ -1036,12 +1040,24 @@ function events_get_all( $tgrupo_join = 'LEFT'; $tgrupo_join_filters = []; - if (isset($filter['id_group_filter']) && $filter['id_group_filter'] > 0) { + if (isset($groups) + && (is_array($groups) + || $groups > 0) + ) { $tgrupo_join = 'INNER'; - $tgrupo_join_filters[] = sprintf( - ' AND tg.id_grupo = %s', - $filter['id_group_filter'] - ); + if (is_array($groups)) { + $tgrupo_join_filters[] = sprintf( + ' AND (tg.id_grupo IN (%s) OR tasg.id_group IN (%s))', + join(', ', array_keys($groups)), + join(', ', array_keys($groups)) + ); + } else { + $tgrupo_join_filters[] = sprintf( + ' AND (tg.id_grupo = %s OR tasg.id_group = %s)', + $groups, + $groups + ); + } } // Secondary groups. diff --git a/pandora_console/include/functions_groups.php b/pandora_console/include/functions_groups.php index 8fe37c0e48..0e88d86004 100644 --- a/pandora_console/include/functions_groups.php +++ b/pandora_console/include/functions_groups.php @@ -298,6 +298,53 @@ function groups_get_childrens_ids($parent, $groups=null) /** + * Return a array of id_group of children of given parent. + * + * @param integer $parent The id_grupo parent to search its children. + * @param array $ignorePropagate Ignore propagate. + */ +function groups_get_children($parent, $ignorePropagate=false) +{ + static $groups; + + if (empty($groups)) { + $groups = db_get_all_rows_in_table('tgrupo'); + $groups = array_reduce( + $groups, + function ($carry, $item) { + $carry[$item['id_grupo']] = $item; + return $carry; + } + ); + } + + $return = []; + foreach ($groups as $key => $g) { + if ($g['id_grupo'] == 0) { + continue; + } + + if ($ignorePropagate || $parent == 0 || $groups[$parent]['propagate']) { + if ($g['parent'] == $parent) { + $return += [$g['id_grupo'] => $g]; + if ($g['propagate'] || $ignorePropagate) { + $return += groups_get_children( + $g['id_grupo'], + $ignorePropagate + ) + ); + } + } + } + } + + return $return; +} + + +/** + * XXX: This is not working. Expects 'propagate' on CHILD not on PARENT!!! + * * Return a array of id_group of childrens (to branches down) * * @param integer $parent The id_group parent to search the childrens. diff --git a/pandora_console/operation/events/events.php b/pandora_console/operation/events/events.php index 88621b7711..95ac221164 100644 --- a/pandora_console/operation/events/events.php +++ b/pandora_console/operation/events/events.php @@ -1591,38 +1591,6 @@ function process_datatables_item(item) { module_status = '
' + text + "
"; - - /* Agent name link */ - if (item.id_agente > 0) { - item.agent_name = '' + item.agent_name + ''; - } else { - item.agent_name = ''; - } - - /* Agent ID link */ - if (item.id_agente > 0) { - - item.id_agente = '' + item.id_agente + ''; - - item.id_agente = '' + item.agent_name + ''; - - } else { - item.id_agente = ''; - } - - /* Group name */ - if (item.id_grupo == "0") { - item.id_grupo = ""; - } else { - item.id_grupo = item.group_name; - } - /* Options */ // Show more. item.options = '' +item.id_agente+'">' + item.agent_name + ''; + } else { + item.agent_name = ''; + } + + /* Agent ID link */ + if (item.id_agente > 0) { + + item.id_agente = '' + item.id_agente + ''; + + item.id_agente = '' + item.agent_name + ''; + + } else { + item.id_agente = ''; + } + item.estado = '
'; item.estado += img; item.estado += '
'; @@ -1719,6 +1712,13 @@ function process_datatables_item(item) { // Add event severity format to itself. item.evento = evn; + /* Group name */ + if (item.id_grupo == "0") { + item.id_grupo = ""; + } else { + item.id_grupo = item.group_name; + } + } /* Datatables auxiliary functions ends */