diff --git a/pandora_console/extensions/matrix_events/ajax.php b/pandora_console/extensions/matrix_events/ajax.php index fc05d45f19..0dd7706784 100644 --- a/pandora_console/extensions/matrix_events/ajax.php +++ b/pandora_console/extensions/matrix_events/ajax.php @@ -30,7 +30,7 @@ if (is_ajax()) { require_once ('include/functions_tags.php'); $limit = (int) get_parameter("limit", 5); - + // TODO revision tag $tags_condition = tags_get_acl_tags($config['id_user'], 0, 'ER', 'event_condition', 'AND'); $filter = "estado<>1 $tags_condition"; diff --git a/pandora_console/godmode/agentes/module_manager.php b/pandora_console/godmode/agentes/module_manager.php index b475e29e2b..7debadbcfa 100644 --- a/pandora_console/godmode/agentes/module_manager.php +++ b/pandora_console/godmode/agentes/module_manager.php @@ -451,7 +451,7 @@ $where = sprintf("delete_pending = 0 AND id_agente = %s", $id_agente); $search_string_entities = io_safe_input($search_string); $basic_where = sprintf("(nombre LIKE '%%%s%%' OR nombre LIKE '%%%s%%' OR descripcion LIKE '%%%s%%' OR descripcion LIKE '%%%s%%') AND", $search_string, $search_string_entities, $search_string, $search_string_entities); - +// TODO revision tag $where_tags = tags_get_acl_tags($config['id_user'], 0, 'AR', 'module_condition', 'AND', 'tagente_modulo'); $paginate_module = false; diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php index 7a367e8da0..5874ccc511 100644 --- a/pandora_console/include/ajax/events.php +++ b/pandora_console/include/ajax/events.php @@ -555,7 +555,7 @@ if ($table_events) { // Fix: for tag functionality groups have to be all user_groups (propagate ACL funct!) $groups = users_get_groups($config["id_user"]); - + // TODO revision tag $tags_condition = tags_get_acl_tags($config['id_user'], array_keys($groups), 'ER', 'event_condition', 'AND'); echo '
'; diff --git a/pandora_console/include/ajax/module.php b/pandora_console/include/ajax/module.php index 7f59e1f5d3..24fd4c9c78 100755 --- a/pandora_console/include/ajax/module.php +++ b/pandora_console/include/ajax/module.php @@ -551,6 +551,7 @@ if ($list_modules) { $groups = users_get_groups($config["id_user"], $access); if($cluster_list != 1){ + // TODO revision tag $tags_sql = tags_get_acl_tags($config['id_user'], array_keys($groups), $access, 'module_condition', 'AND', 'tagente_modulo', false, array(), true); diff --git a/pandora_console/include/functions_agents.php b/pandora_console/include/functions_agents.php index 45c72b2b83..ddb16d479b 100644 --- a/pandora_console/include/functions_agents.php +++ b/pandora_console/include/functions_agents.php @@ -1240,6 +1240,7 @@ function agents_get_modules ($id_agent = null, $details = false, //$where .= " AND id_policy_module = 0 "; if (tags_has_user_acl_tags($config['id_user'])){ + // TODO revision tag $where_tags = tags_get_acl_tags($config['id_user'], $id_groups, 'AR', 'module_condition', 'AND', 'tagente_modulo', false, array(), true); diff --git a/pandora_console/include/functions_alerts.php b/pandora_console/include/functions_alerts.php index 84419f5ab4..6d121d0f46 100644 --- a/pandora_console/include/functions_alerts.php +++ b/pandora_console/include/functions_alerts.php @@ -1814,6 +1814,7 @@ function get_group_alerts($id_group, $filter = '', $options = false, $groups = users_get_groups($config["id_user"]); if ($idGroup !== 0) { + // TODO revision tag $where_tags = tags_get_acl_tags($config['id_user'], $idGroup, 'AR', 'module_condition', 'AND', 'tagente_modulo', true, array(), true); } else { $where_tags = tags_get_acl_tags($config['id_user'], array_keys($groups), 'AR', 'module_condition', 'AND', 'tagente_modulo', true, array(), true); diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php index f6b6da21cc..bfdc9e6238 100644 --- a/pandora_console/include/functions_events.php +++ b/pandora_console/include/functions_events.php @@ -3554,7 +3554,7 @@ function events_sql_events_grouped_agents($id_agent, $server_id = -1, else { $group_array = array_keys($groups); } - + // TODO revision tag $tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER', 'event_condition', 'AND', '', $meta, array(), true); //FORCE CHECK SQL "(TAG = tag1 AND id_grupo = 1)" diff --git a/pandora_console/include/functions_graph.php b/pandora_console/include/functions_graph.php index e8fa13df9f..53246a05f8 100644 --- a/pandora_console/include/functions_graph.php +++ b/pandora_console/include/functions_graph.php @@ -2471,6 +2471,7 @@ function graph_event_module ($width = 300, $height = 200, $id_agent) { // Fix: tag filters implemented! for tag functionality groups have to be all user_groups (propagate ACL funct!) $groups = users_get_groups($config["id_user"]); + // TODO revision tag $tags_condition = tags_get_acl_tags($config['id_user'], array_keys($groups), 'ER', 'event_condition', 'AND'); $data = array (); @@ -3350,6 +3351,7 @@ function grafico_eventos_grupo ($width = 300, $height = 200, $url = "", $meta = } // Add tags condition to filter + // TODO revision tag $tags_condition = tags_get_acl_tags($config['id_user'], 0, 'ER', 'event_condition', 'AND'); //This will give the distinct id_agente, give the id_grupo that goes @@ -3501,6 +3503,7 @@ function grafico_eventos_total($filter = "", $width = 320, $height = 200, $noWat $filter = str_replace ( "\\" , "", $filter); // Add tags condition to filter + // TODO revision tag $tags_condition = tags_get_acl_tags($config['id_user'], 0, 'ER', 'event_condition', 'AND'); $filter .= $tags_condition; diff --git a/pandora_console/include/functions_tags.php b/pandora_console/include/functions_tags.php index 9f06b23a53..b68c94dcd2 100644 --- a/pandora_console/include/functions_tags.php +++ b/pandora_console/include/functions_tags.php @@ -690,7 +690,7 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', case 'module_condition': // Return the condition of the tags for tagente_modulo table - $condition = tags_get_acl_tags_module_condition($acltags, + $condition = tags_get_acl_tags_module_condition_old($acltags, $query_table); if (!empty($condition)) { return " $query_prefix " . $condition; @@ -757,68 +757,54 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') { * @return string SQL condition for tagente_module */ function tags_get_acl_tags_module_condition_old($acltags, $modules_table = '') { - if (!empty($modules_table)) { + if (!empty($modules_table)) $modules_table .= '.'; - } - + $condition = ''; - - // Fix: Wrap SQL expression with "()" to avoid bad SQL sintax that makes Pandora retrieve all modules without taking care of id_agent => id_agent = X AND (sql_tag_expression) - $i = 0; + $group_conditions = array(); + + // The acltags array contains the groups with the acl propagation applied + // after the changes done into the 'tags_get_user_groups_and_tags' function. foreach ($acltags as $group_id => $group_tags) { - if ($condition != '') { - $condition .= ' OR '; + $tag_join = ''; + if (!empty($group_tags)) { + $tag_join = sprintf('INNER JOIN ttag_module ttmc + ON tamc.id_agente_modulo = ttmc.id_agente_modulo + AND ttmc.id_tag IN (%s)', + is_array($group_tags) ? implode(',', $group_tags) : $group_tags); } - - // Fix: Wrap SQL expression with "()" to avoid bad SQL sintax that makes Pandora retrieve all modules without taking care of id_agent => id_agent = X AND (sql_tag_expression) - if ($i == 0) - $condition .= ' ( ' . "\n"; - - // Group condition (The module belongs to an agent of the group X) - // Juanma (08/05/2014) Fix: Now group and tag is checked at the same time, before only tag was checked due to a bad condition - if (!array_key_exists(0, $acltags)) { - // Juanma (08/05/2014) Fix: get all groups recursively (Acl proc func!) - $group_condition = sprintf('%sid_agente IN (SELECT id_agente FROM tagente WHERE id_grupo IN (%s))', $modules_table, implode(',', array_values(groups_get_id_recursive($group_id)))); + // FIXME: Not properly way to increse performance + if(enterprise_hook('agents_is_using_secondary_groups')){ + $agent_condition = sprintf('SELECT tamc.id_agente_modulo + FROM tagente_modulo tamc + %s + INNER JOIN tagente tac + ON tamc.id_agente = tac.id_agente + LEFT JOIN tagent_secondary_group tasg + ON tasg.id_agent = tac.id_agente + WHERE (tac.id_grupo = %d OR tasg.id_group = %d)', + $tag_join, $group_id, $group_id); } - else { - //Avoid the user profiles with all group access. - $group_condition = " 1 = 1 "; + else{ + $agent_condition = sprintf('SELECT tamc.id_agente_modulo + FROM tagente_modulo tamc + %s + INNER JOIN tagente tac + ON tamc.id_agente = tac.id_agente + AND tac.id_grupo = %d', + $tag_join, $group_id); } - - //When the acl is only group without tags - if (empty($group_tags)) { - $condition .= "($group_condition)\n"; - } - else { - if (is_array($group_tags)) { - $group_tags_query = implode(',',$group_tags); - } else { - $group_tags_query = $group_tags; - } - // Tags condition (The module has at least one of the restricted tags) - $tags_condition = sprintf('%sid_agente_modulo IN (SELECT id_agente_modulo FROM ttag_module WHERE id_tag IN (%s))', $modules_table, $group_tags_query); - - $condition .= - " ( \n" . - " $group_condition \n" . - " AND \n" . - " $tags_condition \n" . - " )\n"; - } - + + $sql_condition = sprintf('(%sid_agente_modulo IN (%s))', $modules_table, $agent_condition); + + $group_conditions[] = $sql_condition; + $i++; } - - // Fix: Wrap SQL expression with "()" to avoid bad SQL sintax that makes Pandora retrieve all modules without taking care of id_agent => id_agent = X AND (sql_tag_expression) - if (!empty($acltags)) - $condition .= ' ) '; - - //Avoid the user profiles with all group access. - //if (!empty($condition)) { - if (!empty($condition) && - !array_key_exists(0, array_keys($acltags))) { - $condition = sprintf("\n((%s) OR %sid_agente NOT IN (SELECT id_agente FROM tagente WHERE id_grupo IN (%s)))", $condition, $modules_table, implode(',',array_keys($acltags))); - } + + if (!empty($group_conditions)) + $condition = implode(' OR ', $group_conditions); + $condition = !empty($condition) ? "($condition)" : ''; return $condition; } @@ -1042,6 +1028,7 @@ function tags_get_user_tags($id_user = false, $access = 'AR', $return_tag_any = } // Get the tags of the required access flag for each group + // TODO revision tag $tags = tags_get_acl_tags($id_user, 0, $access, 'data'); // If there are wrong parameters or fail ACL check, return false if ($tags_user === ERR_WRONG_PARAMETERS || $tags_user === ERR_ACL) { @@ -1130,6 +1117,7 @@ function tags_get_tags_for_module_search($id_user = false, $access = 'AR') { return false; } // Get the tags of the required access flag for each group + // TODO revision tag $tags = tags_get_acl_tags($id_user, 0, $access, 'data'); // If there are wrong parameters or fail ACL check, return false if ($tags_user === ERR_WRONG_PARAMETERS || $tags_user === ERR_ACL) { @@ -1213,7 +1201,7 @@ function tags_check_acl($id_user, $id_group, $access, $tags = array(), $flag_id_ $id_group[] = $parent['id_grupo']; } } - + // TODO revision tag $acls = tags_get_acl_tags($id_user, $id_group, $access, 'data'); // If there are wrong parameters or fail ACL check, return false @@ -1319,7 +1307,7 @@ function tags_check_acl_event($id_user, $id_group, $access, $tags = array(),$p = if($id_user === false) { $id_user = $config['id_user']; } - + // TODO revision tag $acls = tags_get_acl_tags($id_user, $id_group, $access, 'data'); // If there are wrong parameters or fail ACL check, return false @@ -1424,7 +1412,7 @@ function tags_checks_event_acl($id_user, $id_group, $access, $tags = array(), $c if (users_is_admin($id_user)) { return true; } - + // TODO revision tag $tags_user = tags_get_acl_tags($id_user, $id_group, $access, 'data', '', '', true, $childrens_ids, true); // If there are wrong parameters or fail ACL check, return false if ($tags_user === ERR_WRONG_PARAMETERS || $tags_user === ERR_ACL) { diff --git a/pandora_console/mobile/operation/modules.php b/pandora_console/mobile/operation/modules.php index 8971334eea..5b86254209 100644 --- a/pandora_console/mobile/operation/modules.php +++ b/pandora_console/mobile/operation/modules.php @@ -302,6 +302,7 @@ class Modules { // Part SQL for the Tag + // TODO revision tag $sql_conditions_tags = tags_get_acl_tags($user->getIdUser(), $user->getIdGroups($this->acl), $this->acl, 'module_condition', 'AND', 'tagente_modulo'); diff --git a/pandora_console/operation/agentes/estado_generalagente.php b/pandora_console/operation/agentes/estado_generalagente.php index 6dbb229c8b..73277400a5 100755 --- a/pandora_console/operation/agentes/estado_generalagente.php +++ b/pandora_console/operation/agentes/estado_generalagente.php @@ -550,6 +550,7 @@ if (!empty($network_interfaces)) { else { $group_array = $user_groups_ids; } + // TODO revision tag $acl_tags = tags_get_acl_tags($config['id_user'], $group_array, 'ER', 'event_condition', 'AND', '', true, array(), true); diff --git a/pandora_console/operation/events/events.build_query.php b/pandora_console/operation/events/events.build_query.php index 936d933143..69411d647a 100755 --- a/pandora_console/operation/events/events.build_query.php +++ b/pandora_console/operation/events/events.build_query.php @@ -310,6 +310,7 @@ if ($id_group > 0 && in_array ($id_group, array_keys ($groups))) { else { $group_array = array_keys($groups); } +// TODO revision tag if (check_acl ($id_user, 0, "ER")) $tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER', 'event_condition', 'AND', '', $meta, array(), true); //FORCE CHECK SQL "(TAG = tag1 AND id_grupo = 1)"