tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2014-02-14 Juan Manuel Ramon <juanmanuel.ramon@artica.es> 

* include/functions_tags.php: Fixed several bugs with
        ACL propagation and ACL tags.

        * include/functions_graph.php: Implemented ACL tags in
        graph_event_module function.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@9438 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
juanmanuelr 2014-02-14 13:20:38 +00:00
parent 7e4210fc4a
commit 563391b808
3 changed files with 78 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pandora_console/ChangeLog
View File

@ -1,3 +1,11 @@
2014-02-14 Juan Manuel Ramon <juanmanuel.ramon@artica.es>
* include/functions_tags.php: Fixed several bugs with
ACL propagation and ACL tags.
* include/functions_graph.php: Implemented ACL tags in
graph_event_module function.
2014-02-12 Sergio Martin <sergio.martin@artica.es> 2014-02-12 Sergio Martin <sergio.martin@artica.es>
* mobile/operation/events.php: Fix order of the event * mobile/operation/events.php: Fix order of the event

8
pandora_console/include/functions_graph.php
View File

@ -1464,6 +1464,10 @@ function graph_event_module ($width = 300, $height = 200, $id_agent) {
global $config; global $config;
global $graphic_type; global $graphic_type;
// Fix: tag filters implemented! for tag functionality groups have to be all user_groups (propagate ACL funct!)
$groups = users_get_groups($config["id_user"]);
$tags_condition = tags_get_acl_tags($config['id_user'], array_keys($groups), 'ER', 'event_condition', 'AND');
$data = array (); $data = array ();
$max_items = 6; $max_items = 6;
switch ($config["dbtype"]) { switch ($config["dbtype"]) {
@ -1472,8 +1476,8 @@ function graph_event_module ($width = 300, $height = 200, $id_agent) {
$sql = sprintf ('SELECT COUNT(id_evento) AS count_number, $sql = sprintf ('SELECT COUNT(id_evento) AS count_number,
id_agentmodule id_agentmodule
FROM tevento FROM tevento
WHERE tevento.id_agente = %d WHERE tevento.id_agente = %d %s
GROUP BY id_agentmodule ORDER BY count_number DESC LIMIT %d', $id_agent, $max_items); GROUP BY id_agentmodule ORDER BY count_number DESC LIMIT %d', $id_agent, $tags_condition, $max_items);
break; break;
case "oracle": case "oracle":
$sql = sprintf ('SELECT COUNT(id_evento) AS count_number, $sql = sprintf ('SELECT COUNT(id_evento) AS count_number,

51
pandora_console/include/functions_tags.php
View File

@ -780,8 +780,10 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') {
$condition .= ' ( '; $condition .= ' ( ';
// Group condition (The module belongs to an agent of the group X) // Group condition (The module belongs to an agent of the group X)
if (!array_key_exists(0, array_keys($acltags))) { // Fix: Now group and tag is checked at the same time, before only tag was checked due to a bad condition
$group_condition = sprintf('%sid_agente IN (SELECT id_agente FROM tagente WHERE id_grupo = %d)', $modules_table, $group_id); if (!array_key_exists(0, $acltags)) {
// Fix: get all groups recursively (Acl proc func!)
$group_condition = sprintf('%sid_agente IN (SELECT id_agente FROM tagente WHERE id_grupo IN (%s))', $modules_table, implode(',', array_values(groups_get_id_recursive($group_id))));
} }
else { else {
//Avoid the user profiles with all group access. //Avoid the user profiles with all group access.
@ -823,9 +825,15 @@ function tags_get_acl_tags_event_condition($acltags) {
// Get all tags of the system // Get all tags of the system
$all_tags = tags_get_all_tags(false); $all_tags = tags_get_all_tags(false);
// Fix : Will have all groups retrieved (also propagated ones)
$_groups_not_in = '';
foreach ($acltags as $group_id => $group_tags) { foreach ($acltags as $group_id => $group_tags) {
// Group condition (The module belongs to an agent of the group X) // Group condition (The module belongs to an agent of the group X)
$group_condition = sprintf('id_grupo = %d',$group_id); // Fix : Get all groups (children also, Propagate ACL func!)
$group_condition = sprintf('id_grupo IN (%s)', implode(',', array_values(groups_get_id_recursive($group_id))));
$_groups_not_in .= implode(',', array_values(groups_get_id_recursive($group_id))) . ',';
// Tags condition (The module has at least one of the restricted tags) // Tags condition (The module has at least one of the restricted tags)
$tags_condition = ''; $tags_condition = '';
@ -862,7 +870,9 @@ function tags_get_acl_tags_event_condition($acltags) {
} }
if (!empty($condition)) { if (!empty($condition)) {
$condition = sprintf("\n((%s) OR id_grupo NOT IN (%s))", $condition, implode(',',array_keys($acltags))); // Fix : Also add events of other groups (taking care of propagate ACLs func!)
if (!empty($_groups_not_in))
$condition = sprintf("\n((%s) OR id_grupo NOT IN (%s))", $condition, rtrim($_groups_not_in, ','));
} }
return $condition; return $condition;
@ -1004,6 +1014,38 @@ function tags_check_acl($id_user, $id_group, $access, $tags = array()) {
return true; return true;
} }
# Fix: If user profile has more than one group, due to ACL propagation then id_group can be an array
if (is_array($id_group)) {
foreach ($id_group as $group) {
if($group > 0) {
if(isset($acls[$group])) {
foreach($tags as $tag) {
$tag = tags_get_id($tag);
if(in_array($tag, $acls[$group])) {
return true;
}
}
}
else {
return false;
}
} else {
foreach($acls as $acl_tags) {
foreach($tags as $tag) {
$tag = tags_get_id($tag);
if(in_array($tag, $acl_tags)) {
return true;
}
}
}
}
}
} else {
if($id_group > 0) { if($id_group > 0) {
if(isset($acls[$id_group])) { if(isset($acls[$id_group])) {
foreach($tags as $tag) { foreach($tags as $tag) {
@ -1028,6 +1070,7 @@ function tags_check_acl($id_user, $id_group, $access, $tags = array()) {
} }
} }
} }
}
return false; return false;
} }