From 481addb51484fd939b7a997bcbc34d1b7b5ec03a Mon Sep 17 00:00:00 2001
From: Alejandro Gallardo Escobar <alex@artica.es>
Date: Tue, 24 Mar 2015 19:10:09 +0100
Subject: [PATCH] ACL improvements

---
 pandora_console/include/class/Tree.class.php  | 23 +++++++++++++++----
 pandora_console/include/functions_events.php  | 15 +++++++++++-
 .../operation/agentes/stat_win.php            | 11 +++++++--
 .../operation/agentes/status_monitor.php      | 17 +++++++++++++-
 4 files changed, 58 insertions(+), 8 deletions(-)

diff --git a/pandora_console/include/class/Tree.class.php b/pandora_console/include/class/Tree.class.php
index 4db33dce1b..36d6dcac8b 100644
--- a/pandora_console/include/class/Tree.class.php
+++ b/pandora_console/include/class/Tree.class.php
@@ -1307,12 +1307,27 @@ class Tree {
 		$module['serverTypeHTML'] = servers_show_type($module['server_type']);
 		
 		// Link to the Module graph
-		$group_id = (int) modules_get_agent_group($module['id']);
-		$module["showGraphs"] = 0;
 		
 		// ACL
-		if (!empty($group_id)) {
-			$module["showGraphs"] = (int) check_acl($config['id_user'], $group_id, "RR");
+		$group_id = (int) modules_get_agent_group($module['id']);
+		$acl_graphs = false;
+		$module["showGraphs"] = 0;
+		
+		// Avoid the check on the metaconsole. Too slow to show/hide an icon depending on the permissions
+		if (!empty($group_id) && !defined("METACONSOLE")) {
+			if ($this->strictACL) {
+				$acl_graphs = tags_check_acl_by_module($module['id'], $config['id_user'], 'RR') === true;
+			}
+			else {
+				$acl_graphs = check_acl($config['id_user'], $group_id, "RR");
+			}
+		}
+		else if (!empty($group_id)) {
+			$acl_graphs = true;
+		}
+		
+		if ($acl_graphs) {
+			$module["showGraphs"] = 1;
 		}
 		
 		if ($module["showGraphs"]) {
diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php
index 1525233c49..0529e5f9a8 100644
--- a/pandora_console/include/functions_events.php
+++ b/pandora_console/include/functions_events.php
@@ -2046,7 +2046,20 @@ function events_page_details ($event, $server = "") {
 		}
 		$table_details->data[] = $data;
 		
-		if (check_acl($config['id_user'], $agent['id_grupo'], "RR")) {
+		// ACL
+		$acl_graph = false;
+		$strict_user = (bool) db_get_value("strict_acl", "tusuario", "id_user", $config['id_user']);
+		
+		if (!empty($agent['id_grupo'])) {
+			if ($strict_user) {
+				$acl_graph = tags_check_acl_by_module($module["id_agente_modulo"], $config['id_user'], 'RR') === true;
+			}
+			else {
+				$acl_graph = check_acl($config['id_user'], $agent['id_grupo'], "RR");
+			}
+		}
+		
+		if ($acl_graph) {
 			$data = array();
 			$data[0] = '<div style="font-weight:normal; margin-left: 20px;">'.__('Graph').'</div>';
 			
diff --git a/pandora_console/operation/agentes/stat_win.php b/pandora_console/operation/agentes/stat_win.php
index 2e231cf992..9494b138c4 100644
--- a/pandora_console/operation/agentes/stat_win.php
+++ b/pandora_console/operation/agentes/stat_win.php
@@ -28,6 +28,7 @@ require_once ($config['homedir'] . '/include/functions_reporting.php');
 require_once ($config['homedir'] . '/include/functions_graph.php');
 require_once ($config['homedir'] . '/include/functions_modules.php');
 require_once ($config['homedir'] . '/include/functions_agents.php');
+require_once ($config['homedir'] . '/include/functions_tags.php');
 
 check_login ();
 
@@ -112,9 +113,15 @@ $label = base64_decode(get_parameter('label', ''));
 		// ACL
 		$permission = false;
 		$agent_group = (int) agents_get_agent_group($agent_id);
+		$strict_user = (bool) db_get_value("strict_acl", "tusuario", "id_user", $config['id_user']);
 		
-		if (!empty($agent_group) && check_acl($config['id_user'], $agent_group, "RR")) {
-			$permission = true;
+		if (!empty($agent_group)) {
+			if ($strict_user) {
+				$permission = tags_check_acl_by_module($id, $config['id_user'], 'RR') === true;
+			}
+			else {
+				$permission = check_acl($config['id_user'], $agent_group, "RR");
+			}
 		}
 		
 		if (!$permission) {
diff --git a/pandora_console/operation/agentes/status_monitor.php b/pandora_console/operation/agentes/status_monitor.php
index 8471636016..ce18fdb97c 100644
--- a/pandora_console/operation/agentes/status_monitor.php
+++ b/pandora_console/operation/agentes/status_monitor.php
@@ -1197,7 +1197,22 @@ foreach ($result as $row) {
 	
 	$data[7] = "";
 	
-	if ($row['history_data'] == 1 && check_acl($config['id_user'], $row['id_group'], "RR")) {
+	$acl_graphs = false;
+	
+	// Avoid the check on the metaconsole. Too slow to show/hide an icon depending on the permissions
+	if (!defined("METACONSOLE")) {
+		if ($strict_user) {
+			$acl_graphs = tags_check_acl_by_module($row['id_agente_modulo'], $config['id_user'], 'RR') === true;
+		}
+		else {
+			$acl_graphs = check_acl($config['id_user'], $row['id_group'], "RR");
+		}
+	}
+	else {
+		$acl_graphs = true;
+	}
+	
+	if ($row['history_data'] == 1 && $acl_graphs) {
 		
 		$graph_type = return_graphtype ($row["module_type"]);