Merge branch 'ent-13591-sin-acceso-a-public-link-en-dashboards' into 'develop'

Ent 13591 sin acceso a public link en dashboards See merge request artica/pandorafms!7271
2024-04-25 06:29:37 +00:00 · 2024-04-25 06:29:37 +00:00 · 5f794a417b
parent c43387f9fe e3fe2b01a2
commit 5f794a417b
4 changed files with 41 additions and 1 deletions
--- a/pandora_console/include/lib/Dashboard/Manager.php
+++ b/pandora_console/include/lib/Dashboard/Manager.php
@ -411,6 +411,33 @@ class Manager implements PublicLogin
            $config['public_dashboard'] = true;
            $config['force_instant_logout'] = true;
            return true;
+        } else {
+            $dashboards = self::getDashboards();
+            $dashboards = array_reduce(
+                $dashboards,
+                function ($carry, $item) {
+                    $carry[$item['id']] = $item['name'];
+                    return $carry;
+                },
+                []
+            );
+
+            foreach ($dashboards as $key => $layout) {
+                $hash_compare = self::generatePublicHash($key);
+                if (hash_equals($hash, $hash_compare)) {
+                    // "Log" user in.
+                    if (session_status() !== PHP_SESSION_ACTIVE) {
+                        session_start();
+                    }
+
+                    $_SESSION['id_usuario'] = get_parameter('id_user');
+                    session_write_close();
+
+                    $config['public_dashboard'] = true;
+                    $config['force_instant_logout'] = true;
+                    return true;
+                }
+            }
        }

        // Remove id user from config array if authentication has failed.
--- a/pandora_console/include/lib/User.php
+++ b/pandora_console/include/lib/User.php
@ -230,7 +230,7 @@ class User extends Entity implements PublicLogin
        global $config;

        $str = $config['dbpass'];
-        $str .= $config['id_user'];
+        $str .= ($config['id_user'] ?? get_parameter('id_user'));
        $str .= $other_secret;
        return hash('sha256', $str);
    }
--- a/pandora_console/operation/dashboard/public_dashboard.php
+++ b/pandora_console/operation/dashboard/public_dashboard.php
@ -38,6 +38,13 @@ ob_start();
 // Fullscreen by default.
 $config['pure'] = get_parameter('pure', 1);

+$dashboardId = get_parameter('dashboardId', null);
+if ($dashboardId !== null) {
+    include 'general/noaccess.php';
+    return;
+}
+
+
 require_once 'dashboard.php';

 // Clean session to avoid direct access.
--- a/pandora_console/operation/visual_console/public_view.php
+++ b/pandora_console/operation/visual_console/public_view.php
@ -13,6 +13,12 @@
 // GNU General Public License for more details.
 require_once '../../include/config.php';

+$id_layout = get_parameter('id_layout', null);
+if ($id_layout !== null) {
+    include '../../general/noaccess.php';
+    return;
+}
+
 use PandoraFMS\User;

 // Set root on homedir, as defined in setup.