From 6a7dd0de9bf8d2e0a5d5be1b8d4b8d5b292a5000 Mon Sep 17 00:00:00 2001 From: daniel Date: Fri, 9 Feb 2024 10:53:32 +0100 Subject: [PATCH] new api 2.0 --- .../Validations/EventFilterValidation.php | 42 ++++++++++++++-- .../Events/Validations/EventValidation.php | 48 ++++++++++++++----- .../Controllers/CreateGroupController.php | 2 + .../Repositories/GroupRepositoryMySQL.php | 17 +++++-- .../Shared/Services/ValidateAclSystem.php | 15 +++++- 5 files changed, 102 insertions(+), 22 deletions(-) diff --git a/pandora_console/include/lib/Modules/Events/Filters/Validations/EventFilterValidation.php b/pandora_console/include/lib/Modules/Events/Filters/Validations/EventFilterValidation.php index 4775ea5f98..29177465db 100644 --- a/pandora_console/include/lib/Modules/Events/Filters/Validations/EventFilterValidation.php +++ b/pandora_console/include/lib/Modules/Events/Filters/Validations/EventFilterValidation.php @@ -2,12 +2,14 @@ namespace PandoraFMS\Modules\Events\Filters\Validations; +use PandoraFMS\Agent; +use PandoraFMS\Module; +use PandoraFMS\Modules\Events\Enums\EventSeverityEnum; use PandoraFMS\Modules\Events\Filters\Entities\EventFilter; use PandoraFMS\Modules\Events\Filters\Enums\EventFilterAlertEnum; use PandoraFMS\Modules\Events\Filters\Enums\EventFilterGroupByEnum; use PandoraFMS\Modules\Events\Filters\Enums\EventFilterStatusEnum; use PandoraFMS\Modules\Events\Filters\Services\ExistNameEventFilterService; -use PandoraFMS\Modules\Events\Enums\EventSeverityEnum; use PandoraFMS\Modules\Groups\Services\GetGroupService; use PandoraFMS\Modules\Shared\Exceptions\BadRequestException; use PandoraFMS\Modules\Tags\Services\GetTagService; @@ -114,7 +116,10 @@ final class EventFilterValidation } if (empty($eventFilter->getIdAgentModule()) === false) { - $this->validateAgentModule($eventFilter->getIdAgentModule()); + $this->validateAgentModule( + $eventFilter->getIdAgentModule(), + $eventFilter->getIdAgent() + ); } if (empty($eventFilter->getServerId()) === false) { @@ -146,11 +151,42 @@ final class EventFilterValidation protected function validateAgent(int $idAgent): void { // TODO: create new service for this. + try { + new Agent($idAgent); + } catch (\Exception $e) { + throw new BadRequestException( + __('Invalid id agent, %s', $e->getMessage()) + ); + } } - protected function validateAgentModule(int $idAgentModule): void + protected function validateAgentModule(int $idAgentModule, ?int $idAgent = 0): void { // TODO: create new service for this. + try { + if(empty($idAgent) === false) { + $agent = new Agent($idAgent); + $existModule = $agent->searchModules( + ['id_agente_modulo' => $idAgentModule], + 1 + ); + + if (empty($existModule) === true) { + throw new BadRequestException( + __( + 'Id agent module not exist in agent %s', + io_safe_output($agent->alias()) + ) + ); + } + } else { + new Module($idAgentModule); + } + } catch (\Exception $e) { + throw new BadRequestException( + __('Invalid id agent module, %s', $e->getMessage()) + ); + } } protected function validateNodes(array $nodes): void diff --git a/pandora_console/include/lib/Modules/Events/Validations/EventValidation.php b/pandora_console/include/lib/Modules/Events/Validations/EventValidation.php index a1873381f0..5a686dd821 100644 --- a/pandora_console/include/lib/Modules/Events/Validations/EventValidation.php +++ b/pandora_console/include/lib/Modules/Events/Validations/EventValidation.php @@ -2,12 +2,14 @@ namespace PandoraFMS\Modules\Events\Validations; -use PandoraFMS\Modules\Shared\Services\Config; +use PandoraFMS\Agent; +use PandoraFMS\Module; use PandoraFMS\Modules\Events\Entities\Event; use PandoraFMS\Modules\Events\Enums\EventSeverityEnum; use PandoraFMS\Modules\Events\Enums\EventStatusEnum; use PandoraFMS\Modules\Groups\Services\GetGroupService; use PandoraFMS\Modules\Shared\Exceptions\BadRequestException; +use PandoraFMS\Modules\Shared\Services\Config; use PandoraFMS\Modules\Shared\Services\Timestamp; use PandoraFMS\Modules\Shared\Services\ValidateAclSystem; use PandoraFMS\Modules\Users\Services\GetUserService; @@ -51,7 +53,7 @@ final class EventValidation } if (empty($event->getIdAgentModule()) === false) { - $this->validateAgentModule($event->getIdAgentModule()); + $this->validateAgentModule($event->getIdAgentModule(), $event->getIdAgent()); } if ($event->getIdUser() === null) { @@ -114,21 +116,43 @@ final class EventValidation protected function validateAgent(int $idAgent): void { - $filter = ['id_agente' => $idAgent]; - if(\is_metaconsole() === true) { - $agent = \agents_get_meta_agents($filter); - } else { - $agent = \agents_get_agents($filter); - } - - if (! (bool) $agent) { - throw new BadRequestException(__('Invalid id agent')); + // TODO: create new service for this. + try { + new Agent($idAgent); + } catch (\Exception $e) { + throw new BadRequestException( + __('Invalid id agent, %s', $e->getMessage()) + ); } } - protected function validateAgentModule(int $idAgentModule): void + protected function validateAgentModule(int $idAgentModule, ?int $idAgent = 0): void { // TODO: create new service for this. + try { + if(empty($idAgent) === false) { + $agent = new Agent($idAgent); + $existModule = $agent->searchModules( + ['id_agente_modulo' => $idAgentModule], + 1 + ); + + if (empty($existModule) === true) { + throw new BadRequestException( + __( + 'Id agent module not exist in agent %s', + io_safe_output($agent->alias()) + ) + ); + } + } else { + new Module($idAgentModule); + } + } catch (\Exception $e) { + throw new BadRequestException( + __('Invalid id agent module, %s', $e->getMessage()) + ); + } } protected function validateAlert(int $idAlert): void diff --git a/pandora_console/include/lib/Modules/Groups/Controllers/CreateGroupController.php b/pandora_console/include/lib/Modules/Groups/Controllers/CreateGroupController.php index bfefba32f7..70ddf3d891 100644 --- a/pandora_console/include/lib/Modules/Groups/Controllers/CreateGroupController.php +++ b/pandora_console/include/lib/Modules/Groups/Controllers/CreateGroupController.php @@ -42,6 +42,8 @@ final class CreateGroupController extends Controller $this->acl->validate(0, 'UM', ' tried to manage user for groups'); + $this->acl->validateUserCanManageAll('PM'); + $this->management->isManagementAllowed('Group', true); $result = $this->createGroupAction->__invoke($group); diff --git a/pandora_console/include/lib/Modules/Groups/Repositories/GroupRepositoryMySQL.php b/pandora_console/include/lib/Modules/Groups/Repositories/GroupRepositoryMySQL.php index e93b1f4b68..59ee52a072 100644 --- a/pandora_console/include/lib/Modules/Groups/Repositories/GroupRepositoryMySQL.php +++ b/pandora_console/include/lib/Modules/Groups/Repositories/GroupRepositoryMySQL.php @@ -118,12 +118,17 @@ class GroupRepositoryMySQL extends RepositoryMySQL implements GroupRepository // Check ACL for user list. if (users_can_manage_group_all('AR') === false) { $user_groups_acl = users_get_groups(false, 'AR', false); - if (empty($user_groups_acl) === false) { - $filters .= sprintf( - ' AND tgrupo.id_grupo IN (%s)', - implode(',', array_keys($user_groups_acl)) - ); + // Si no tiene ningun grupo y no es administrador, + // se fuerza a que busque en el grupo 0, que no existe, + // ya que no tendra accesoa a ningun grupo. + if (empty($user_groups_acl) === true) { + $user_groups_acl = [0]; } + + $filters .= sprintf( + ' AND tgrupo.id_grupo IN (%s)', + implode(',', array_keys($user_groups_acl)) + ); } if ($count === false) { @@ -159,6 +164,8 @@ class GroupRepositoryMySQL extends RepositoryMySQL implements GroupRepository $pagination ); + hd($sql, true); + return $sql; } } diff --git a/pandora_console/include/lib/Modules/Shared/Services/ValidateAclSystem.php b/pandora_console/include/lib/Modules/Shared/Services/ValidateAclSystem.php index c798afa0c1..b5229bb09f 100644 --- a/pandora_console/include/lib/Modules/Shared/Services/ValidateAclSystem.php +++ b/pandora_console/include/lib/Modules/Shared/Services/ValidateAclSystem.php @@ -81,13 +81,24 @@ class ValidateAclSystem } } - public function validateUserAdmin( - ): void { + public function validateUserAdmin(): void + { if ((bool) \users_is_admin() === false) { throw new ForbiddenACLException(__('ACL Forbidden only administrator access')); } } + public function validateUserCanManageAll($acl = 'PM'): void + { + if ((bool) \users_is_admin() === false + && (bool) \users_can_manage_group_all($acl) === false + ) { + throw new ForbiddenACLException( + __('ACL Forbidden only administrator access or pandora manage all groups') + ); + } + } + public function validateUserProfile( int $idProfile ): void {