From 539efb31516410073caf20a682b8a455a863f4aa Mon Sep 17 00:00:00 2001 From: vgilc Date: Mon, 25 Aug 2014 09:02:45 +0000 Subject: [PATCH] 2014-08-25 Vanessa Gil * godmode/groups/configure_group.php include/functions_tags.php operation/events/events.build_query.php operation/events/events.build_table.php: Fixed ACL propagation + Tags. Tickets #1079 and #1072. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@10452 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 8 + .../godmode/groups/configure_group.php | 2 +- pandora_console/include/functions_tags.php | 154 +++++++++++++++--- .../operation/events/events.build_query.php | 4 +- .../operation/events/events.build_table.php | 6 +- 5 files changed, 145 insertions(+), 29 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 20f926901b..7ea22bb3fe 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,11 @@ +2014-08-25 Vanessa Gil + + * godmode/groups/configure_group.php + include/functions_tags.php + operation/events/events.build_query.php + operation/events/events.build_table.php: Fixed ACL propagation + Tags. + Tickets #1079 and #1072. + 2014-08-22 Alejandro Gallardo * pandoradb.sql, diff --git a/pandora_console/godmode/groups/configure_group.php b/pandora_console/godmode/groups/configure_group.php index c3693f0a00..2f661f1e33 100644 --- a/pandora_console/godmode/groups/configure_group.php +++ b/pandora_console/godmode/groups/configure_group.php @@ -149,7 +149,7 @@ $table->data[3][0] = __('Alerts'); $table->data[3][1] = html_print_checkbox ('alerts_enabled', 1, ! $alerts_disabled, true); $table->data[4][0] = __('Propagate ACL') . ui_print_help_tip (__("Propagate the same ACL security into the child subgroups."), true); -$table->data[4][1] = html_print_checkbox('propagate', 1, $propagate, true); +$table->data[4][1] = html_print_checkbox('propagate', 1, $propagate, true).ui_print_help_icon ("propagate_acl", true); $table->data[5][0] = __('Custom ID'); $table->data[5][1] = html_print_input_text ('custom_id', $custom_id, '', 16, 255, true); diff --git a/pandora_console/include/functions_tags.php b/pandora_console/include/functions_tags.php index 52acc2ecfe..d9cddc57b4 100644 --- a/pandora_console/include/functions_tags.php +++ b/pandora_console/include/functions_tags.php @@ -667,6 +667,20 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = ' elseif (!is_array($id_group)) { $id_group = (array) $id_group; } + + $id_group_aux = array(); + foreach ($id_group as $key=>$id) { + array_push($id_group_aux, $id); + $parent = db_get_value('parent','tgrupo','id_grupo',$id); + + if ($parent !== 0) { + $propagate = db_get_value('propagate','tgrupo','id_grupo',$parent); + if ($propagate == 1) { + array_push($id_group_aux,$parent); + } + } + } + $id_group = $id_group_aux; $acl_column = get_acl_column($access); @@ -868,11 +882,14 @@ function tags_get_acl_tags_event_condition($acltags) { $condition .= "($group_condition AND \n($tags_condition))\n"; } + //Commented because ACLs propagation don't work +/* if (!empty($condition)) { // Juanma (08/05/2014) Fix : Also add events of other groups (taking care of propagate ACLs func!) if (!empty($_groups_not_in)) $condition = sprintf("\n((%s) OR id_grupo NOT IN (%s))", $condition, rtrim($_groups_not_in, ',')); } +*/ return $condition; } @@ -1017,33 +1034,30 @@ function tags_check_acl($id_user, $id_group, $access, $tags = array()) { if (is_array($id_group)) { foreach ($id_group as $group) { - if($group > 0) { - if(isset($acls[$group])) { - foreach($tags as $tag) { - $tag = tags_get_id($tag); + if(isset($acls[$group])) { + foreach($tags as $tag) { + $tag = tags_get_id($tag); - if(in_array($tag, $acls[$group])) { - return true; - } - } - } - else { - return false; - } + if(in_array($tag, $acls[$group])) { + return true; + } + } + } + else { + return false; + } } else { - foreach($acls as $acl_tags) { - foreach($tags as $tag) { - $tag = tags_get_id($tag); - if(in_array($tag, $acl_tags)) { - return true; - } - } - } - } - - } - + foreach($acls as $acl_tags) { + foreach($tags as $tag) { + $tag = tags_get_id($tag); + if(in_array($tag, $acl_tags)) { + return true; + } + } + } + } + } } else { if($id_group > 0) { if(isset($acls[$id_group])) { @@ -1073,4 +1087,96 @@ function tags_check_acl($id_user, $id_group, $access, $tags = array()) { return false; } + +function tags_check_acl_event($id_user, $id_group, $access, $tags = array(),$p = false) { + global $config; + + if($id_user === false) { + $id_user = $config['id_user']; + } + + $acls = tags_get_acl_tags($id_user, $id_group, $access, 'data'); + + // If there are wrong parameters or fail ACL check, return false + if($acls === ERR_WRONG_PARAMETERS || $acls === ERR_ACL) { + return false; + } + + // If there are not tags restrictions or tags passed, return true + if(empty($acls) || empty($tags)) { + return true; + } + + # Fix: If user profile has more than one group, due to ACL propagation then id_group can be an array + if (is_array($id_group)) { + + foreach ($id_group as $group) { + if($group > 0) { + if(isset($acls[$group])) { + foreach($tags as $tag) { + $tag = tags_get_id($tag); + if(in_array($tag, $acls[$group])) { + return true; + } + } + } + else { + //return false; + $return = false; + } + } else { + foreach($acls as $acl_tags) { + foreach($tags as $tag) { + $tag = tags_get_id($tag); + if(in_array($tag, $acl_tags)) { + return true; + } + } + } + } + + } + + } else { + if($id_group > 0) { + if(isset($acls[$id_group])) { + foreach($tags as $tag) { + $tag = tags_get_id($tag); + + if(in_array($tag, $acls[$id_group])) { + return true; + } + } + } + else { + //return false; + $return = false; + } + } + else { + foreach($acls as $acl_tags) { + foreach($tags as $tag) { + $tag = tags_get_id($tag); + if(in_array($tag, $acl_tags)) { + return true; + } + } + } + } + } + //return false; + $return = false; + + if ($return == false) { + $parent = db_get_value('parent','tgrupo','id_grupo',$id_group); + + if ($parent !== 0) { + $propagate = db_get_value('propagate','tgrupo','id_grupo',$parent); + if ($propagate == 1) { + $acl_parent = tags_check_acl_event($id_user, $parent, $access, $tags,$p); + return $acl_parent; + } + } + } +} ?> diff --git a/pandora_console/operation/events/events.build_query.php b/pandora_console/operation/events/events.build_query.php index 14d96cf8df..5bdc878177 100755 --- a/pandora_console/operation/events/events.build_query.php +++ b/pandora_console/operation/events/events.build_query.php @@ -188,7 +188,9 @@ else { $tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER', 'event_condition', 'AND'); -$sql_post .= $tags_acls_condition; +if (($tags_acls_condition != ERR_WRONG_PARAMETERS) && ($tags_acls_condition != ERR_ACL)&& ($tags_acls_condition != -110000)) { + $sql_post .= $tags_acls_condition; +} // Metaconsole fitlers if ($meta) { diff --git a/pandora_console/operation/events/events.build_table.php b/pandora_console/operation/events/events.build_table.php index b7816c07b7..8275162d0e 100644 --- a/pandora_console/operation/events/events.build_table.php +++ b/pandora_console/operation/events/events.build_table.php @@ -503,7 +503,7 @@ foreach ($result as $event) { if(!$readonly) { // Validate event - if (($event["estado"] != 1) && (tags_check_acl ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags']) == 1)) { + if (($event["estado"] != 1) && (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'], true) == 1)) { $data[$i] .= ''; $data[$i] .= html_print_image ("images/ok.png", true, array ("title" => __('Validate event'))); @@ -536,12 +536,12 @@ foreach ($result as $event) { $i++; if(!$readonly) { - if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags']) == 1) { + if (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags']) == 1) { //Checkbox // Class 'candeleted' must be the fist class to be parsed from javascript. Dont change $data[$i] = html_print_checkbox_extended ("validate_ids[]", $event['id_evento'], false, false, false, 'class="candeleted chk_val"', true); } - else if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags']) == 1) { + else if (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags']) == 1) { //Checkbox $data[$i] = html_print_checkbox_extended ("validate_ids[]", $event['id_evento'], false, false, false, 'class="chk_val"', true); }