Merge branch '1471-fallo-enlace-publico-dashboards' into 'develop'
Fixed public dashboard permissions See merge request artica/pandorafms!1004
This commit is contained in:
vgilc
commit
62ffb46763
|
|
@ -17,8 +17,25 @@
|
|||
if (is_ajax ()) {
|
||||
global $config;
|
||||
|
||||
// Login check
|
||||
check_login ();
|
||||
enterprise_include_once("include/functions_dashboard.php");
|
||||
|
||||
$public_hash = get_parameter('hash', 0);
|
||||
|
||||
// Try to authenticate by hash on public dashboards
|
||||
if ($public_hash != 0) {
|
||||
// Login check
|
||||
check_login();
|
||||
} else {
|
||||
$validate_hash = enterprise_hook(
|
||||
'dasboard_validate_public_hash',
|
||||
array($public_hash, 'tree_view')
|
||||
);
|
||||
if ($validate_hash === false || $validate_hash === ENTERPRISE_NOT_HOOK) {
|
||||
db_pandora_audit("Invalid public hash", "Trying to access report builder");
|
||||
require ("general/noaccess.php");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
require_once($config['homedir'] . "/include/class/Tree.class.php");
|
||||
enterprise_include_once("include/class/Tree.class.php");
|
||||
|
|
@ -36,6 +53,10 @@ if (is_ajax ()) {
|
|||
$rootID = get_parameter('rootID', -1);
|
||||
$serverID = get_parameter('serverID', false);
|
||||
$childrenMethod = get_parameter('childrenMethod', 'on_demand');
|
||||
$hash = get_parameter('hash', false);
|
||||
if ($hash !== false) {
|
||||
enterprise_hook('dasboard_validate_public_hash', array($hash, 'tree_view'));
|
||||
}
|
||||
|
||||
$default_filters = array(
|
||||
'searchAgent' => '',
|
||||
|
|
|
|||
|
|
@ -12,10 +12,30 @@
|
|||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU General Public License for more details.
|
||||
|
||||
// Login check
|
||||
global $config;
|
||||
|
||||
check_login ();
|
||||
enterprise_include_once ('include/functions_dashboard.php');
|
||||
require_once('include/functions_visual_map.php');
|
||||
enterprise_include_once('include/functions_visual_map.php');
|
||||
|
||||
$public_hash = get_parameter('hash', false);
|
||||
$id_visual_console = get_parameter('id_visual_console', null);
|
||||
|
||||
// Try to authenticate by hash on public dashboards
|
||||
if ($public_hash === false) {
|
||||
// Login check
|
||||
check_login();
|
||||
} else {
|
||||
$validate_hash = enterprise_hook(
|
||||
'dasboard_validate_public_hash',
|
||||
array($public_hash, $id_visual_console, 'visual_console')
|
||||
);
|
||||
if ($validate_hash === false || $validate_hash === ENTERPRISE_NOT_HOOK) {
|
||||
db_pandora_audit("Invalid public hash", "Trying to access report builder");
|
||||
require ("general/noaccess.php");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
// Fix: IW was the old ACL to check for report editing, now is RW
|
||||
if (! check_acl ($config['id_user'], 0, "VR")) {
|
||||
|
|
@ -29,12 +49,6 @@ if (! check_acl ($config['id_user'], 0, "VR")) {
|
|||
//Fix ajax to avoid include the file, 'functions_graph.php'.
|
||||
$ajax = true;
|
||||
|
||||
|
||||
require_once('include/functions_visual_map.php');
|
||||
enterprise_include_once('include/functions_visual_map.php');
|
||||
|
||||
$id_visual_console = get_parameter('id_visual_console', null);
|
||||
|
||||
$render_map = (bool)get_parameter('render_map', false);
|
||||
$graph_javascript = (bool)get_parameter('graph_javascript', false);
|
||||
|
||||
|
|
|
|||
|
|
@ -572,6 +572,12 @@ var TreeController = {
|
|||
});
|
||||
}
|
||||
}
|
||||
// Get hash and user.
|
||||
var public_hash = $("#hidden-publi_dash_tree_view_hash" ).val();
|
||||
if (typeof(public_hash) === 'undefined') public_hash = 0;
|
||||
var public_user = $("#hidden-publi_dash_tree_view_id_user" ).val();
|
||||
if (typeof(public_user) === 'undefined') public_user = 0;
|
||||
|
||||
if (typeof element.searchChildren != 'undefined' && element.searchChildren) {
|
||||
$node
|
||||
.removeClass("leaf-empty")
|
||||
|
|
@ -598,7 +604,9 @@ var TreeController = {
|
|||
rootID: element.rootID,
|
||||
serverID: element.serverID,
|
||||
rootType: element.rootType,
|
||||
filter: controller.filter
|
||||
filter: controller.filter,
|
||||
hash: public_hash,
|
||||
id_user: public_user
|
||||
},
|
||||
complete: function(xhr, textStatus) {
|
||||
$node.removeClass("leaf-loading");
|
||||
|
|
|
|||
|
|
@ -13,13 +13,29 @@
|
|||
// Load global variables
|
||||
global $config;
|
||||
|
||||
// Check user credentials
|
||||
check_login();
|
||||
|
||||
require_once ('include/functions_pandora_networkmap.php');
|
||||
enterprise_include_once('include/functions_policies.php');
|
||||
enterprise_include_once('include/functions_dashboard.php');
|
||||
require_once ('include/functions_modules.php');
|
||||
|
||||
$public_hash = get_parameter('hash', false);
|
||||
|
||||
// Try to authenticate by hash on public dashboards
|
||||
if ($public_hash === false) {
|
||||
// Login check
|
||||
check_login();
|
||||
} else {
|
||||
$validate_hash = enterprise_hook(
|
||||
'dasboard_validate_public_hash',
|
||||
array($public_hash, get_parameter('networkmap_id'), 'network_map')
|
||||
);
|
||||
if ($validate_hash === false || $validate_hash === ENTERPRISE_NOT_HOOK) {
|
||||
db_pandora_audit("Invalid public hash", "Trying to access report builder");
|
||||
require ("general/noaccess.php");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
//--------------INIT AJAX-----------------------------------------------
|
||||
if (is_ajax ()) {
|
||||
$update_refresh_state = (bool)get_parameter('update_refresh_state',false);
|
||||
|
|
|
|||
Loading…
Reference in New Issue