tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2014-08-25 Vanessa Gil <vanessa.gil@artica.es> 

* godmode/groups/configure_group.php
	  include/functions_tags.php
	  operation/events/events.build_query.php
	  operation/events/events.build_table.php: Fixed ACL propagation + Tags. 
	Tickets #1079 and #1072.


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@10452 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
vgilc 2014-08-25 09:02:45 +00:00
parent e66f80f470
commit 5d4b94466e
5 changed files with 145 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pandora_console/ChangeLog
View File

@ -1,3 +1,11 @@
2014-08-25 Vanessa Gil <vanessa.gil@artica.es>
* godmode/groups/configure_group.php
include/functions_tags.php
operation/events/events.build_query.php
operation/events/events.build_table.php: Fixed ACL propagation + Tags.
Tickets #1079 and #1072.
2014-08-22 Alejandro Gallardo <alejandro.gallardo@artica.es>
* pandoradb.sql,

2
pandora_console/godmode/groups/configure_group.php
View File

@ -149,7 +149,7 @@ $table->data[3][0] = __('Alerts');
$table->data[3][1] = html_print_checkbox ('alerts_enabled', 1, ! $alerts_disabled, true);
$table->data[4][0] = __('Propagate ACL') . ui_print_help_tip (__("Propagate the same ACL security into the child subgroups."), true);
$table->data[4][1] = html_print_checkbox('propagate', 1, $propagate, true);
$table->data[4][1] = html_print_checkbox('propagate', 1, $propagate, true).ui_print_help_icon ("propagate_acl", true);
$table->data[5][0] = __('Custom ID');
$table->data[5][1] = html_print_input_text ('custom_id', $custom_id, '', 16, 255, true);

154
pandora_console/include/functions_tags.php
View File

@ -667,6 +667,20 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
elseif (!is_array($id_group)) {
$id_group = (array) $id_group;
}
$id_group_aux = array();
foreach ($id_group as $key=>$id) {
array_push($id_group_aux, $id);
$parent = db_get_value('parent','tgrupo','id_grupo',$id);
if ($parent !== 0) {
$propagate = db_get_value('propagate','tgrupo','id_grupo',$parent);
if ($propagate == 1) {
array_push($id_group_aux,$parent);
}
}
}
$id_group = $id_group_aux;
$acl_column = get_acl_column($access);
@ -868,11 +882,14 @@ function tags_get_acl_tags_event_condition($acltags) {
$condition .= "($group_condition AND \n($tags_condition))\n";
}
//Commented because ACLs propagation don't work
/*
if (!empty($condition)) {
// Juanma (08/05/2014) Fix : Also add events of other groups (taking care of propagate ACLs func!)
if (!empty($_groups_not_in))
$condition = sprintf("\n((%s) OR id_grupo NOT IN (%s))", $condition, rtrim($_groups_not_in, ','));
}
*/
return $condition;
}
@ -1017,33 +1034,30 @@ function tags_check_acl($id_user, $id_group, $access, $tags = array()) {
if (is_array($id_group)) {
foreach ($id_group as $group) {
if($group > 0) {
if(isset($acls[$group])) {
foreach($tags as $tag) {
$tag = tags_get_id($tag);
if(isset($acls[$group])) {
foreach($tags as $tag) {
$tag = tags_get_id($tag);
if(in_array($tag, $acls[$group])) {
return true;
}
}
}
else {
return false;
}
if(in_array($tag, $acls[$group])) {
return true;
}
}
}
else {
return false;
}
} else {
foreach($acls as $acl_tags) {
foreach($tags as $tag) {
$tag = tags_get_id($tag);
if(in_array($tag, $acl_tags)) {
return true;
}
}
}
}
}
foreach($acls as $acl_tags) {
foreach($tags as $tag) {
$tag = tags_get_id($tag);
if(in_array($tag, $acl_tags)) {
return true;
}
}
}
}
}
} else {
if($id_group > 0) {
if(isset($acls[$id_group])) {
@ -1073,4 +1087,96 @@ function tags_check_acl($id_user, $id_group, $access, $tags = array()) {
return false;
}
function tags_check_acl_event($id_user, $id_group, $access, $tags = array(),$p = false) {
global $config;
if($id_user === false) {
$id_user = $config['id_user'];
}
$acls = tags_get_acl_tags($id_user, $id_group, $access, 'data');
// If there are wrong parameters or fail ACL check, return false
if($acls === ERR_WRONG_PARAMETERS || $acls === ERR_ACL) {
return false;
}
// If there are not tags restrictions or tags passed, return true
if(empty($acls) || empty($tags)) {
return true;
}
# Fix: If user profile has more than one group, due to ACL propagation then id_group can be an array
if (is_array($id_group)) {
foreach ($id_group as $group) {
if($group > 0) {
if(isset($acls[$group])) {
foreach($tags as $tag) {
$tag = tags_get_id($tag);
if(in_array($tag, $acls[$group])) {
return true;
}
}
}
else {
//return false;
$return = false;
}
} else {
foreach($acls as $acl_tags) {
foreach($tags as $tag) {
$tag = tags_get_id($tag);
if(in_array($tag, $acl_tags)) {
return true;
}
}
}
}
}
} else {
if($id_group > 0) {
if(isset($acls[$id_group])) {
foreach($tags as $tag) {
$tag = tags_get_id($tag);
if(in_array($tag, $acls[$id_group])) {
return true;
}
}
}
else {
//return false;
$return = false;
}
}
else {
foreach($acls as $acl_tags) {
foreach($tags as $tag) {
$tag = tags_get_id($tag);
if(in_array($tag, $acl_tags)) {
return true;
}
}
}
}
}
//return false;
$return = false;
if ($return == false) {
$parent = db_get_value('parent','tgrupo','id_grupo',$id_group);
if ($parent !== 0) {
$propagate = db_get_value('propagate','tgrupo','id_grupo',$parent);
if ($propagate == 1) {
$acl_parent = tags_check_acl_event($id_user, $parent, $access, $tags,$p);
return $acl_parent;
}
}
}
}
?>

4
pandora_console/operation/events/events.build_query.php
View File

@ -188,7 +188,9 @@ else {
$tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER',
'event_condition', 'AND');
$sql_post .= $tags_acls_condition;
if (($tags_acls_condition != ERR_WRONG_PARAMETERS) && ($tags_acls_condition != ERR_ACL)&& ($tags_acls_condition != -110000)) {
$sql_post .= $tags_acls_condition;
}
// Metaconsole fitlers
if ($meta) {

6
pandora_console/operation/events/events.build_table.php
View File

@ -503,7 +503,7 @@ foreach ($result as $event) {
if(!$readonly) {
// Validate event
if (($event["estado"] != 1) && (tags_check_acl ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags']) == 1)) {
if (($event["estado"] != 1) && (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags'], true) == 1)) {
$data[$i] .= '<a href="javascript:validate_event_advanced('.$event["id_evento"].', 1)" id="validate-'.$event["id_evento"].'">';
$data[$i] .= html_print_image ("images/ok.png", true,
array ("title" => __('Validate event')));
@ -536,12 +536,12 @@ foreach ($result as $event) {
$i++;
if(!$readonly) {
if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags']) == 1) {
if (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EM", $event['clean_tags']) == 1) {
//Checkbox
// Class 'candeleted' must be the fist class to be parsed from javascript. Dont change
$data[$i] = html_print_checkbox_extended ("validate_ids[]", $event['id_evento'], false, false, false, 'class="candeleted chk_val"', true);
}
else if (tags_check_acl ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags']) == 1) {
else if (tags_check_acl_event ($config["id_user"], $event["id_grupo"], "EW", $event['clean_tags']) == 1) {
//Checkbox
$data[$i] = html_print_checkbox_extended ("validate_ids[]", $event['id_evento'], false, false, false, 'class="chk_val"', true);
}