Fixed some general and ACL errors and improved some pieces of code

Downtime editor. Some of the ACL checks added are: -Permission check on downtime before adding an agent -Permission check on agent before adding an agent -Permission check on downtime before deleting an agent -Permission check on agent before deleting an agent -Permission check on downtime before creating or updating the downtime -Removed the ACL check for every result item (it is done before, into the query) -Permission check on the query for the agents added to the downtime Downtime editor ajax. Some of the ACL checks added are: -Permission check on downtime before retrieving the modules -Permission check on agent before retrieving the modules -Permission check on downtime before deleting the modules -Permission check on agent before deleting the modules -Permission check on downtime before adding the modules -Permission check on agent before adding the modules
2015-07-16 13:53:57 +02:00 · 2015-07-16 13:53:57 +02:00 · 4d43033d46
parent cbd4b60aca
commit 4d43033d46
2 changed files with 293 additions and 160 deletions
--- a/pandora_console/godmode/agentes/planned_downtime.editor.php
+++ b/pandora_console/godmode/agentes/planned_downtime.editor.php
@ -25,7 +25,8 @@ if (! check_acl ($config['id_user'], 0, "AW")) {
 	return;
 }
-$config["past_planned_downtimes"] = isset($config["past_planned_downtimes"]) ? $config["past_planned_downtimes"] : 1;
+// Default
 set_unless_defined ($config["past_planned_downtimes"], 1);
 require_once ('include/functions_users.php');
@ -81,43 +82,59 @@ $id_agent 				= (int) get_parameter ('id_agent');
 $insert_downtime_agent 	= (int) get_parameter ('insert_downtime_agent');
 $delete_downtime_agent 	= (int) get_parameter ('delete_downtime_agent');
 // User groups with AW permission for ACL checks
 $user_groups_aw = array_keys(users_get_groups($config['id_user'], 'AW'));
 // INSERT A NEW DOWNTIME_AGENT ASSOCIATION
 if ($insert_downtime_agent === 1) {
 	// Check AW permission on downtime
 	$downtime_group = db_get_value('id_group', 'tplanned_downtime', 'id', $id_downtime);
 	if ($downtime_group === false || !in_array($downtime_group, $user_groups_aw)) {
 		db_pandora_audit("ACL Violation",
 			"Trying to access downtime scheduler");
 		require ("general/noaccess.php");
 		return;
 	}
 	$agents = (array) get_parameter ('id_agents');
 	$module_names = (array) get_parameter ('module');
-	$all_modules = false;
+	$all_modules = (empty($module_names) || in_array(0, $module_names));
 	if (empty($module_names)) {
 		$all_modules = true;
 	}
 	else {
 		//It is empty.
 		if ($module_names[0] == "0")
 			$all_modules = true;
 	}
-	$executed = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime);
+	// 'Is running' check
-	if ($executed == 1) {
+	$is_running = (bool) db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime);
 	if ($is_running) {
 		ui_print_error_message(__("This elements cannot be modified while the downtime is being executed"));
 	}
 	else {
-		$num_agents = count($agents);
+		foreach ($agents as $agent_id) {
-		for ($a = 0; $a < $num_agents; $a++) {
+			
-			$id_agente_dt = $agents[$a];
+			// Check AW permission on agent
 			$agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $agent_id);
 			if ($agent_group === false || !in_array($agent_group, $user_groups_aw)) {
 				continue;
 			}
 			$values = array(
 					'id_downtime' => $id_downtime,
-					'id_agent' => $id_agente_dt,
+					'id_agent' => $agent_id,
 					'all_modules' => $all_modules
 				);
 			$result = db_process_sql_insert('tplanned_downtime_agents', $values);
 			if ($result && !$all_modules) {
 				foreach ($module_names as $module_name) {
-					$module = modules_get_agentmodule_id($module_name, $id_agente_dt);
+					$module = modules_get_agentmodule_id($module_name, $agent_id);
 					if (empty($module))
 						continue;
 					$values = array(
 							'id_downtime' => $id_downtime,
-							'id_agent' => $id_agente_dt,
+							'id_agent' => $agent_id,
 							'id_agent_module' => $module["id_agente_modulo"]
 						);
 					$result = db_process_sql_insert('tplanned_downtime_modules', $values);
@ -138,8 +155,29 @@ if ($delete_downtime_agent === 1) {
 	$id_da = (int) get_parameter ('id_downtime_agent');
-	$executed = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime);
+	// Check AW permission on downtime
-	if ($executed == 1) {
+	$downtime_group = db_get_value('id_group', 'tplanned_downtime', 'id', $id_downtime);
 	if ($downtime_group === false || !in_array($downtime_group, $user_groups_aw)) {
 		db_pandora_audit("ACL Violation",
 			"Trying to access downtime scheduler");
 		require ("general/noaccess.php");
 		return;
 	}
 	// Check AW permission on agent
 	$agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $id_agent);
 	if ($agent_group === false || !in_array($agent_group, $user_groups_aw)) {
 		db_pandora_audit("ACL Violation",
 			"Trying to access downtime scheduler");
 		require ("general/noaccess.php");
 		return;
 	}
 	// 'Is running' check
 	$is_running = (bool) db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime);
 	if ($is_running) {
 		ui_print_error_message(__("This elements cannot be modified while the downtime is being executed"));
 	}
 	else {
@ -158,11 +196,11 @@ if ($delete_downtime_agent === 1) {
 // UPDATE OR CREATE A DOWNTIME (MAIN DATA, NOT AGENT ASSOCIATION)
 if ($create_downtime || $update_downtime) {
-	$check = db_get_value ('name', 'tplanned_downtime', 'name', $name);
+	$check = (bool) db_get_value ('name', 'tplanned_downtime', 'name', $name);
 	$datetime_from = strtotime ($once_date_from . ' ' . $once_time_from);
 	$datetime_to = strtotime ($once_date_to . ' ' . $once_time_to);
-	$now = strtotime(date(DATE_FORMAT). ' ' . date(TIME_FORMAT));
+	$now = time();
 	if ($type_execution == 'once' && !$config["past_planned_downtimes"] && $datetime_from < $now) {
 		ui_print_error_message(__('Not created. Error inserting data. Start time must be higher than the current time' ));
@ -184,6 +222,15 @@ if ($create_downtime || $update_downtime) {
 	else {
 		$sql = '';
 		if ($create_downtime) {
 			// Check AW permission on new downtime
 			if (!in_array($id_group, $user_groups_aw)) {
 				db_pandora_audit("ACL Violation",
 					"Trying to access downtime scheduler");
 				require ("general/noaccess.php");
 				return;
 			}
 			if (trim(io_safe_output($name)) != '') {
 				if (!$check) {
 					$values = array(
@ -228,20 +275,41 @@ if ($create_downtime || $update_downtime) {
 			}
 		}
 		else if ($update_downtime) {
-			$has_been_executed = db_get_value ('executed', 'tplanned_downtime', 'name', $name);
+			$old_downtime = db_get_row('tplanned_downtime', 'id', $id_downtime);
 			// Check AW permission on OLD downtime
 			if (empty($old_downtime) || !in_array($old_downtime['id_group'], $user_groups_aw)) {
 				db_pandora_audit("ACL Violation",
 					"Trying to access downtime scheduler");
 				require ("general/noaccess.php");
 				return;
 			}
 			// Check AW permission on NEW downtime group
 			if (!in_array($id_group, $user_groups_aw)) {
 				db_pandora_audit("ACL Violation",
 					"Trying to access downtime scheduler");
 				require ("general/noaccess.php");
 				return;
 			}
 			// 'Is running' check
 			$is_running = (bool) $old_downtime['executed'];
 			$values = array();
 			if (trim(io_safe_output($name)) == '') {
 				ui_print_error_message(__('Planned downtime must have a name'));
 			}
-			else if ($has_been_executed == 1 && $type_execution == 'once') {
+			// When running only certain items can be modified for the 'once' type
 			else if ($is_running && $type_execution == 'once') {
 				$values = array(
 					'description' => $description,
 					'date_to' => $datetime_to,
 					'id_user' => $config['id_user']
 				);
 			}
-			else if ($has_been_executed == 1) {
+			else if ($is_running) {
-				ui_print_error_message(__('No updates. Planned Downtime has been executed'));
+				ui_print_error_message(__('Cannot be modified while the downtime is being executed'));
 			}
 			else {
 				$values = array(
@ -354,11 +422,16 @@ if ($id_downtime > 0) {
 			break;
 	}
 	$groupsAW = users_get_groups($config['id_user'], 'AW', true, false, null, 'id_grupo');
 	$groupsAW = array_keys($groupsAW);
 	$result = db_get_row_sql ($sql);
 	// Permission check for the downtime with the AW user groups
 	if (empty($result) || !in_array($result['id_group'], $user_groups_aw) ){
 		db_pandora_audit("ACL Violation",
 		"Trying to access downtime scheduler");
 		require ("general/noaccess.php");
 		return;
 	}
 	$name 					= (string) $result["name"];
 	$id_group 				= (int) $result['id_group'];
@ -386,18 +459,11 @@ if ($id_downtime > 0) {
 	$saturday 				= (bool) $result['saturday'];
 	$sunday 				= (bool) $result['sunday'];
-	$executed 				= (bool) $result['executed'];
+	$running 				= (bool) $result['executed'];
 	if ( !in_array($id_group, $groupsAW) ){
 		db_pandora_audit("ACL Violation",
 		"Trying to access downtime scheduler");
 		require ("general/noaccess.php");
 		return;
 	}
 }
-// when the planned down time is in execution, only action to postpone on once type is enabled and the other are disabled.
+// when the planned downtime is in execution, only action to postpone on once type is enabled and the other are disabled.
-$disabled_in_execution = $executed ? 1 : 0;
+$disabled_in_execution = (int) $running;
 $table = new StdClass();
 $table->class = 'databox filters';
@ -564,42 +630,42 @@ if ($id_downtime > 0) {
 	// Show available agents to include into downtime
 	echo '<h4>' . __('Available agents') . ':</h4>';
-	$filter_group = get_parameter("filter_group", 0);
+	$filter_group = (int) get_parameter("filter_group", 0);
-	$groupsAW = users_get_groups($config['id_user'], 'AW', true, false, null, 'id_grupo');
+	// User AW groups to str for the filter
-	$groupsAW = array_keys($groupsAW);
+	$id_groups_str = implode(",", $user_groups_aw);
 	$id_groups_list = implode(",", $groupsAW);
-	if (empty($id_groups_list)){
+	if (empty($id_groups_str)) {
-		$id_groups_list = -1;
+		// Restrictive filter on error. This will filter all the downtimes
 		$id_groups_str = '-1';
 	}
 	$filter_cond = '';
 	if ($filter_group > 0)
 		$filter_cond = " AND id_grupo = $filter_group ";
-	$sql = sprintf ("SELECT tagente.id_agente, tagente.nombre,
+	$sql = sprintf("SELECT tagente.id_agente, tagente.nombre
 						tagente.id_grupo
 					FROM tagente
 					WHERE tagente.id_agente NOT IN (
 							SELECT tagente.id_agente
 							FROM tagente, tplanned_downtime_agents
 							WHERE tplanned_downtime_agents.id_agent = tagente.id_agente
 								AND tplanned_downtime_agents.id_downtime = %d
-						) AND disabled = 0 $filter_cond
+						) AND disabled = 0 %s
 						AND tagente.id_grupo IN (%s)
-					ORDER by tagente.nombre", $id_downtime, $id_groups_list);
+					ORDER BY tagente.nombre", $id_downtime, $filter_cond, $id_groups_str);
-	$downtimes = db_get_all_rows_sql ($sql);
+	$agents = db_get_all_rows_sql ($sql);
-	$data = array ();
+	if (empty($agents))
-	if ($downtimes) {
+		$agents = array();
-		foreach ($downtimes as $downtime) {
+	
-			if (check_acl ($config["id_user"], $downtime['id_grupo'], "AW")) {
+	$agent_ids = extract_column($agents, 'id_agente');
-				$data[$downtime['id_agente']] = $downtime['nombre'];
+	$agent_names = extract_column($agents, 'nombre');
-			}
+	// item[<id>] = <name>;
-		}
+	$agents = array_combine($agent_ids, $agent_names);
-	}
+	if ($agents === false)
 		$agents = array();
 	$disabled_add_button = false;
-	if (empty($data) || $disabled_in_execution) {
+	if (empty($agents) || $disabled_in_execution) {
 		$disabled_add_button = true;
 	}
@ -613,7 +679,7 @@ if ($id_downtime > 0) {
 	echo "<form method=post action='index.php?sec=estado&sec2=godmode/agentes/planned_downtime.editor&insert_downtime_agent=1&id_downtime=$id_downtime'>";
-	echo html_print_select ($data, "id_agents[]", '', '', '', 0, false, true, true, '', false, 'width: 180px;');
+	echo html_print_select ($agents, "id_agents[]", '', '', '', 0, false, true, true, '', false, 'width: 180px;');
 	echo '<h4>' . __('Available modules:') . 
 		ui_print_help_tip (__('Only for type Quiet for downtimes.'), true) . '</h4>';
@ -631,17 +697,20 @@ if ($id_downtime > 0) {
 	//Start Overview of existing planned downtime
 	echo '<h4>'.__('Agents planned for this downtime').':</h4>';
-	$sql = sprintf ("SELECT tagente.nombre, tplanned_downtime_agents.id,
+	// User the $id_groups_str built before
-						tagente.id_os, tagente.id_agente, tagente.id_grupo,
+	$sql = sprintf("SELECT ta.nombre, tpda.id,
-						tagente.ultimo_contacto, tplanned_downtime_agents.all_modules
+						ta.id_os, ta.id_agente, ta.id_grupo,
-					FROM tagente, tplanned_downtime_agents
+						ta.ultimo_contacto, tpda.all_modules
-					WHERE tplanned_downtime_agents.id_agent = tagente.id_agente
+					FROM tagente ta
-						AND tplanned_downtime_agents.id_downtime = %d ", $id_downtime);
+					INNER JOIN tplanned_downtime_agents tpda
 						ON ta.id_agente = tpda.id_agent
 							AND tpda.id_downtime = %d
 					WHERE ta.id_grupo IN (%s)",
 					$id_downtime, $id_groups_str);
 	$downtimes_agents = db_get_all_rows_sql ($sql);
-	$downtimes = db_get_all_rows_sql ($sql);
+	if (empty($downtimes_agents)) {
-	if ($downtimes === false) {
+		echo '<div class="nf">' . __('There are no agents') . '</div>';
 		echo '<div class="nf">' .
 			__('There are no scheduled downtimes') . '</div>';
 	}
 	else {
 		$table = new stdClass();
@ -656,24 +725,24 @@ if ($id_downtime > 0) {
 		$table->head[3] = __('Last contact');
 		$table->head['count_modules'] = __('Modules');
-		if (!$executed) {
+		if (!$running) {
 			$table->head[5] = __('Actions');
 			$table->align[5] = "center";
 			$table->size[5] = "5%";
 		}
-		foreach ($downtimes as $downtime) {
+		foreach ($downtimes_agents as $downtime_agent) {
 			$data = array ();
-			$data[0] = $downtime['nombre'];
+			$data[0] = $downtime_agent['nombre'];
 			$data[1] = db_get_sql ("SELECT nombre
 									FROM tgrupo
-									WHERE id_grupo = " . $downtime["id_grupo"]);
+									WHERE id_grupo = " . $downtime_agent["id_grupo"]);
-			$data[2] = ui_print_os_icon($downtime["id_os"], true, true);
+			$data[2] = ui_print_os_icon($downtime_agent["id_os"], true, true);
-			$data[3] = $downtime["ultimo_contacto"];
+			$data[3] = $downtime_agent["ultimo_contacto"];
 			if ($type_downtime == 'disable_agents_alerts') {
 				$data['count_modules'] = __("All alerts");
@ -682,7 +751,7 @@ if ($id_downtime > 0) {
 				$data['count_modules'] = __("Entire agent");
 			}
 			else {
-				if ($downtime["all_modules"]) {
+				if ($downtime_agent["all_modules"]) {
 					$data['count_modules'] = __("All modules");
 				}
 				else {
@ -690,19 +759,19 @@ if ($id_downtime > 0) {
 				}
 			}
-			if (!$executed) {
+			if (!$running) {
 				$data[5] = '';
 				if ($type_downtime != 'disable_agents_alerts' && $type_downtime != 'disable_agents') {
-					$data[5] = '<a href="javascript:show_editor_module(' . $downtime["id_agente"] . ');">' .
+					$data[5] = '<a href="javascript:show_editor_module(' . $downtime_agent["id_agente"] . ');">' .
 						html_print_image("images/config.png", true, array("border" => '0', "alt" => __('Delete'))) . "</a>";
 				}
-				$data[5] .= '<a href="index.php?sec=estado&amp;sec2=godmode/agentes/planned_downtime.editor&id_agent=' . $downtime["id_agente"] . 
+				$data[5] .= '<a href="index.php?sec=estado&amp;sec2=godmode/agentes/planned_downtime.editor&id_agent=' . $downtime_agent["id_agente"] . 
-					'&delete_downtime_agent=1&id_downtime_agent=' . $downtime["id"] . '&id_downtime=' . $id_downtime . '">' .
+					'&delete_downtime_agent=1&id_downtime_agent=' . $downtime_agent["id"] . '&id_downtime=' . $id_downtime . '">' .
 					html_print_image("images/cross.png", true, array("border" => '0', "alt" => __('Delete'))) . "</a>";
 			}
-			$table->data['agent_' . $downtime["id_agente"]] = $data;
+			$table->data['agent_' . $downtime_agent["id_agente"]] = $data;
 		}
 		html_print_table ($table);
 	}
--- a/pandora_console/include/ajax/planned_downtime.ajax.php
+++ b/pandora_console/include/ajax/planned_downtime.ajax.php
@ -17,49 +17,75 @@
 include_once($config['homedir'] . "/include/functions_io.php");
 include_once($config['homedir'] . "/include/functions_db.php");
 include_once($config['homedir'] . "/include/functions_modules.php");
 include_once($config['homedir'] . "/include/functions_groups.php");
 ob_clean();
 $get_modules_downtime = 		(bool)get_parameter('get_modules_downtime', 0);
 $delete_module_from_downtime = 	(bool)get_parameter('delete_module_from_downtime', 0);
 $add_module_into_downtime = 	(bool)get_parameter('add_module_into_downtime', 0);
 // User groups with AW permission for ACL checks
 $user_groups_aw = array_keys(users_get_groups($config['id_user'], 'AW'));
 if ($get_modules_downtime) {
 	$return = array();
 	$return['correct'] = 1;
 	$return['in_agent'] = array();
 	$return['in_downtime'] = array();
-	$id_agent = (int)get_parameter('id_agent', 0);
+	$id_agent = 	(int) get_parameter('id_agent', 0);
-	$id_downtime = (int)get_parameter('id_downtime', 0);
+	$id_downtime = 	(int) get_parameter('id_downtime', 0);
-	$none_value = (bool)get_parameter('none_value', false);
+	$none_value = 	(bool) get_parameter('none_value', false);
-	$rows = db_get_all_rows_filter('tplanned_downtime_modules',
+	// Check AW permission on downtime
-		array('id_agent' => $id_agent, 'id_downtime' => $id_downtime));
+	$downtime_group = db_get_value('id_group', 'tplanned_downtime', 'id', $id_downtime);
-	if (empty($rows))
+	
-		$rows = array();
+	if ($downtime_group === false || !in_array($downtime_group, $user_groups_aw)) {
-	$id_modules_downtime = array();
+		$return['correct'] = 0;
-	foreach ($rows as $row) {
+		echo json_encode($return);
-		$id_modules_downtime[$row['id_agent_module']] = true;
+		return;
 	}
-	$modules = db_get_all_rows_filter('tagente_modulo', array('id_agente' => $id_agent));
+	// Check AW permission on agent
 	$agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $id_agent);
 	if ($agent_group === false || !in_array($agent_group, $user_groups_aw)) {
 		$return['correct'] = 0;
 		echo json_encode($return);
 		return;
 	}
 	$filter = array(
 			'id_agent' => $id_agent,
 			'id_downtime' => $id_downtime
 		);
 	$downtime_modules = db_get_all_rows_filter('tplanned_downtime_modules', $filter);
 	if (empty($downtime_modules))
 		$downtime_modules = array();
 	$downtime_module_ids = extract_column($downtime_modules, 'id_agent_module');
 	$downtime_modules = array_fill_keys($downtime_module_ids, true);
 	$filter = array(
 			'id_agente' => $id_agent
 		);
 	$modules = db_get_all_rows_filter('tagente_modulo', $filter);
 	if (empty($modules))
 		$modules = array();
-	foreach ($modules as $module) {
+	$module_ids = extract_column($modules, 'id_agente_modulo');
-		if (empty($id_modules_downtime[$module['id_agente_modulo']])) {
+	$module_names = extract_column($modules, 'nombre');
-			$return['in_agent'][$module['id_agente_modulo']] = io_safe_output($module['nombre']);
+	$modules = array_combine($module_ids, $module_names);
 		}
 		else {
 			$return['in_downtime'][$module['id_agente_modulo']] = io_safe_output($module['nombre']);
 		}
 	}
-	if ($none_value) {
+	$return['in_downtime'] = array_intersect_key($modules, $downtime_modules);
 	$return['in_agent'] = array_diff($modules, $return['in_downtime']);
 	if ($none_value)
 		$return['in_agent'][0] = __('None');
 	}
 	echo json_encode($return);
-	exit;
+	return;
 }
 if ($delete_module_from_downtime) {
@ -68,45 +94,65 @@ if ($delete_module_from_downtime) {
 	$return['all_modules'] = 0;
 	$return['id_agent'] = 0;
-	$id_module = (int)get_parameter('id_module', 0);
+	$id_module = 	(int) get_parameter('id_module', 0);
-	$id_downtime = (int)get_parameter('id_downtime', 0);
+	$id_downtime = 	(int) get_parameter('id_downtime', 0);
 	$id_agent = db_get_value('id_agente', 'tagente_modulo', 'id_agente_modulo', $id_module);
-	$executed = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime);
+	// Check AW permission on downtime
-	if ($executed) {
+	$downtime_group = db_get_value('id_group', 'tplanned_downtime', 'id', $id_downtime);
-		$return['executed'] = 1;
+	
 	if ($downtime_group === false || !in_array($downtime_group, $user_groups_aw)) {
 		$return['correct'] = 0;
 		echo json_encode($return);
-		exit;
+		return;
 	}
-	$row = db_get_row_filter('tplanned_downtime_modules',
+	// Check AW permission on agent
-		array('id_agent_module' => $id_module,
+	$agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $id_agent);
 			'id_downtime' => $id_downtime));
 	$return['id_agent'] = $row['id_agent'];
-	$result = db_process_sql_delete('tplanned_downtime_modules',
+	if ($id_agent === false || $agent_group === false || !in_array($agent_group, $user_groups_aw)) {
-		array('id_downtime' => $id_downtime,
+		$return['correct'] = 0;
-			'id_agent_module' => $id_module));
+		echo json_encode($return);
 		return;
 	}
 	$is_running = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime);
 	if ($is_running) {
 		$return['executed'] = 1;
 		echo json_encode($return);
 		return;
 	}
 	$return['id_agent'] = $id_agent;
 	$filter = array(
 			'id_agent_module' => $id_module,
 			'id_downtime' => $id_downtime
 		);
 	$result = db_process_sql_delete('tplanned_downtime_modules', $filter);
 	if ($result) {
-		$rows = db_get_all_rows_filter('tplanned_downtime_modules',
+		db_clean_cache();
-			array('id_downtime' => $id_downtime,
+		
-				'id_agent' => $row['id_agent']));
+		$filter = array(
 				'id_agent' => $id_agent,
 				'id_downtime' => $id_downtime
 			);
 		$rows = db_get_all_rows_filter('tplanned_downtime_modules', $filter);
 		if (empty($rows)) {
-			db_process_sql_update('tplanned_downtime_agents',
+			$values = array('all_modules' => 1);
-				array('all_modules' => 1),
+			db_process_sql_update('tplanned_downtime_agents', $values, $filter);
 				array('id_agent' => $row['id_agent'],
 					'id_downtime' => $id_downtime));
 			$return['all_modules'] = 1;
-			$return['id_agent'] = $row['id_agent'];
+			$return['id_agent'] = $id_agent;
 		}
 		$return['correct'] = 1;
 	}
 	echo json_encode($return);
-	exit;
+	return;
 }
 if ($add_module_into_downtime) {
@ -114,15 +160,33 @@ if ($add_module_into_downtime) {
 	$return['correct'] = 0;
 	$return['name'] = '';
-	$id_agent = (int)get_parameter('id_agent', 0);
+	$id_agent = 	(int) get_parameter('id_agent', 0);
-	$id_module = (int)get_parameter('id_module', 0);
+	$id_module = 	(int) get_parameter('id_module', 0);
-	$id_downtime = (int)get_parameter('id_downtime', 0);
+	$id_downtime = 	(int) get_parameter('id_downtime', 0);
-	$executed = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime);
+	// Check AW permission on downtime
-	if ($executed) {
+	$downtime_group = db_get_value('id_group', 'tplanned_downtime', 'id', $id_downtime);
 	if ($downtime_group === false || !in_array($downtime_group, $user_groups_aw)) {
 		$return['correct'] = 0;
 		echo json_encode($return);
 		return;
 	}
 	// Check AW permission on agent
 	$agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $id_agent);
 	if ($agent_group === false || !in_array($agent_group, $user_groups_aw)) {
 		$return['correct'] = 0;
 		echo json_encode($return);
 		return;
 	}
 	$is_running = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime);
 	if ($is_running) {
 		$return['executed'] = 1;
 		echo json_encode($return);
-		exit;
+		return;
 	}
 	$values = array();
@ -144,7 +208,7 @@ if ($add_module_into_downtime) {
 	}
 	echo json_encode($return);
-	exit;
+	return;
 }
 ?>