diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index f41cc2e160..be5a589234 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,26 @@ +2011-11-24 Sergio Martin + + * include/functions_api.php + include/functions.php + include/functions_agents.php + operation/search_modules.php + operation/agentes/status_monitor.php + operation/agentes/estado_ultimopaquete.php + operation/agentes/alerts_status.php + operation/agentes/estado_generalagente.php + operation/agentes/estado_agente.php + operation/agentes/estado_monitores.php + operation/agentes/ver_agente.php + operation/search_agents.php + operation/search_alerts.php + godmode/agentes/module_manager.php + godmode/agentes/modificar_agente.php + godmode/agentes/configurar_agente.php + godmode/alerts/alert_list.list.php + godmode/users/configure_user.php: Reconstruct policy acl + system to allow in enterprise version get extra access for + a user in a policy + 2011-11-24 Sergio Martin * include/help/en/help_integria_url.php diff --git a/pandora_console/godmode/agentes/configurar_agente.php b/pandora_console/godmode/agentes/configurar_agente.php index bc8aa24889..fe86ada233 100644 --- a/pandora_console/godmode/agentes/configurar_agente.php +++ b/pandora_console/godmode/agentes/configurar_agente.php @@ -18,6 +18,7 @@ global $config; enterprise_include ('godmode/agentes/configurar_agente.php'); +enterprise_include ('include/functions_policies.php'); enterprise_include ('include/functions_modules.php'); include_once($config['homedir'] . "/include/functions_agents.php"); @@ -29,7 +30,13 @@ $group = 0; if ($id_agente) $group = agents_get_agent_group ($id_agente); -if (! check_acl ($config["id_user"], $group, "AW", $id_agente)) { +$is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente)); + +if($is_extra === ENTERPRISE_NOT_HOOK) { + $is_extra = false; +} + +if (! check_acl ($config["id_user"], $group, "AW", $id_agente) && !$is_extra) { db_pandora_audit("ACL Violation", "Trying to access agent manager"); require ("general/noaccess.php"); @@ -531,7 +538,12 @@ if ($update_agent) { // if modified some agent paramenter if ($id_agente) { //This has been done in the beginning of the page, but if an agent was created, this id might change $id_grupo = agents_get_agent_group ($id_agente); - if (check_acl ($config["id_user"], $id_grupo, "AW") != 1) { + $is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente)); + + if($is_extra === ENTERPRISE_NOT_HOOK) { + $is_extra = false; + } + if (!check_acl ($config["id_user"], $id_grupo, "AW") && !$is_extra) { db_pandora_audit("ACL Violation","Trying to admin an agent without access"); require ("general/noaccess.php"); exit; @@ -571,7 +583,13 @@ $edit_module = (bool) get_parameter ('edit_module'); if ($update_module || $create_module) { $id_grupo = agents_get_agent_group ($id_agente); - if (! check_acl ($config["id_user"], $id_grupo, "AW")) { + $is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente)); + + if($is_extra === ENTERPRISE_NOT_HOOK) { + $is_extra = false; + } + + if (!check_acl ($config["id_user"], $id_grupo, "AW") && !$is_extra) { db_pandora_audit("ACL Violation", "Trying to create a module without admin rights"); require ("general/noaccess.php"); diff --git a/pandora_console/godmode/agentes/modificar_agente.php b/pandora_console/godmode/agentes/modificar_agente.php index c75e271782..e4a97781b8 100644 --- a/pandora_console/godmode/agentes/modificar_agente.php +++ b/pandora_console/godmode/agentes/modificar_agente.php @@ -41,12 +41,6 @@ enterprise_include_once('include/functions_policies.php'); require_once ('include/functions_agents.php'); require_once ('include/functions_users.php'); -//Add enterprise function to add other enterprise ACL. -$enterprise_acl = false; -if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) { - $enterprise_acl = true; -} - $search = get_parameter ("search", ""); $agent_to_delete = (int)get_parameter('borrar_agente'); @@ -195,7 +189,7 @@ if ($search != ""){ $search_sql = " AND ( nombre COLLATE utf8_general_ci LIKE '%$search%' OR direccion LIKE '%$search%') "; } -// Show only selected groups +// Show only selected groups if ($ag_group > 0) { $sql = sprintf ('SELECT COUNT(*) FROM tagente @@ -242,27 +236,30 @@ if ($ag_group > 0) { } } else { + $sql_extra = enterprise_hook('policies_get_agents_sql_condition'); + if($sql_extra === ENTERPRISE_NOT_HOOK) { + $sql_extra = ''; + } + else if($sql_extra != '') { + $sql_extra = sprintf('OR %s', $sql_extra); + } + // Admin user get ANY group, even if they doesnt exist - if (check_acl ($config['id_user'], 0, "PM")) { - $subquery_enterprise = ''; - if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) { - $subquery_enterprise = subquery_acl_enterprise(); - } - - $sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE 1=1 %s %s', $search_sql, $subquery_enterprise); + if (check_acl ($config['id_user'], 0, "PM")) { + $sql = sprintf ('SELECT COUNT(*) FROM tagente WHERE (1=1 %s) %s', $search_sql, $sql_extra); $total_agents = db_get_sql ($sql); switch ($config["dbtype"]) { case "mysql": $sql = sprintf ('SELECT * - FROM tagente WHERE 1=1 %s %s - ORDER BY %s %s LIMIT %d, %d', $search_sql, $subquery_enterprise, $order['field'], + FROM tagente WHERE (1=1 %s) %s + ORDER BY %s %s LIMIT %d, %d', $search_sql, $sql_extra, $order['field'], $order['order'], $offset, $config["block_size"]); break; case "postgresql": $sql = sprintf ('SELECT * - FROM tagente WHERE 1=1 %s %s - ORDER BY %s %s LIMIT %d OFFSET %d', $search_sql, $subquery_enterprise, $order['field'], + FROM tagente WHERE (1=1 %s) %s + ORDER BY %s %s LIMIT %d OFFSET %d', $search_sql, $sql_extra, $order['field'], $order['order'], $config["block_size"], $offset); break; case "oracle": @@ -270,62 +267,55 @@ else { $set['limit'] = $config["block_size"]; $set['offset'] = $offset; $sql = sprintf ('SELECT * - FROM tagente WHERE 1=1 %s %s - ORDER BY %s %s', $search_sql, $subquery_enterprise, $order['field'], $order['order']); + FROM tagente WHERE (1=1 %s) %s + ORDER BY %s %s', $search_sql, $sql_extra, $order['field'], $order['order']); $sql = oracle_recode_query ($sql, $set); break; } } else { - if (!$enterprise_acl) { - $sql = sprintf ('SELECT COUNT(*) - FROM tagente - WHERE id_grupo IN (%s) - %s', - implode (',', array_keys (users_get_groups ())), - $search_sql); - - $total_agents = db_get_sql ($sql); - - switch ($config["dbtype"]) { - case "mysql": - $sql = sprintf ('SELECT * - FROM tagente - WHERE id_grupo IN (%s) - %s - ORDER BY %s %s LIMIT %d, %d', - implode (',', array_keys (users_get_groups ())), - $search_sql, $order['field'], $order['order'], $offset, $config["block_size"]); - break; - case "postgresql": - $sql = sprintf ('SELECT * - FROM tagente - WHERE id_grupo IN (%s) - %s - ORDER BY %s %s LIMIT %d OFFSET %d', - implode (',', array_keys (users_get_groups ())), - $search_sql, $order['field'], $order['order'], $config["block_size"], $offset); - break; - case "oracle": - $set = array (); - $set['limit'] = $config["block_size"]; - $set['offset'] = $offset; - $sql = sprintf ('SELECT * - FROM tagente - WHERE id_grupo IN (%s) - %s - ORDER BY %s %s', - implode (',', array_keys (users_get_groups ())), - $search_sql, $order['field'], $order['order']); - $sql = oracle_recode_query ($sql, $set); - break; - } - } - else { - $total_agents = enterprise_count_agents_manage_agents($search_sql); + $sql = sprintf ('SELECT COUNT(*) + FROM tagente + WHERE (id_grupo IN (%s) + %s) %s', + implode (',', array_keys (users_get_groups ())), + $search_sql, $sql_extra); - $sql = enterprise_sql_manage_agents($search_sql, $order, $offset); - } + $total_agents = db_get_sql ($sql); + + switch ($config["dbtype"]) { + case "mysql": + $sql = sprintf ('SELECT * + FROM tagente + WHERE (id_grupo IN (%s) + %s) %s + ORDER BY %s %s LIMIT %d, %d', + implode (',', array_keys (users_get_groups ())), + $search_sql, $sql_extra, $order['field'], $order['order'], $offset, $config["block_size"]); + break; + case "postgresql": + $sql = sprintf ('SELECT * + FROM tagente + WHERE (id_grupo IN (%s) + %s) %s + ORDER BY %s %s LIMIT %d OFFSET %d', + implode (',', array_keys (users_get_groups ())), + $search_sql, $sql_extra, $order['field'], $order['order'], $config["block_size"], $offset); + break; + case "oracle": + $set = array (); + $set['limit'] = $config["block_size"]; + $set['offset'] = $offset; + $sql = sprintf ('SELECT * + FROM tagente + WHERE (id_grupo IN (%s) + %s) %s + ORDER BY %s %s', + implode (',', array_keys (users_get_groups ())), + $search_sql, $order['field'], $order['order']); + $sql = oracle_recode_query ($sql, $set); + break; + } } } @@ -366,7 +356,12 @@ if ($agents !== false) { $iterator = 0; foreach ($agents as $agent) { $id_grupo = $agent["id_grupo"]; - if (! check_acl ($config["id_user"], $id_grupo, "AW", $agent['id_agente'])) + $is_extra = enterprise_hook('policies_is_agent_extra_policy', array($agent["id_agente"])); + + if($is_extra === ENTERPRISE_NOT_HOOK) { + $is_extra = false; + } + if (! check_acl ($config["id_user"], $id_grupo, "AW", $agent['id_agente']) && !$is_extra) continue; if ($color == 1) { diff --git a/pandora_console/godmode/agentes/module_manager.php b/pandora_console/godmode/agentes/module_manager.php index a29a427c94..bfb5534c0f 100644 --- a/pandora_console/godmode/agentes/module_manager.php +++ b/pandora_console/godmode/agentes/module_manager.php @@ -254,43 +254,68 @@ switch ($sortField) { break; } +// Get the enterprise acl sql condition +$extra_sql = enterprise_hook('policies_get_modules_sql_condition', array($id_agente)); + +if($extra_sql == ENTERPRISE_NOT_HOOK) { + $extra_sql = ''; +}else if ($extra_sql != '') { + $extra_sql .= ' OR '; +} + +// Build the order sql +if(!empty($order)) { + $order_sql = ' ORDER BY '; +} +$first = true; +foreach($order as $ord) { + if($first) { + $first = false; + } + else { + $order_sql .= ','; + } + + $order_sql .= $ord['field'].' '.$ord['order']; +} + +// Get limit and offset parameters +$limit = (int) $config["block_size"]; +$offset = (int) get_parameter ('offset'); + +$params = implode(',', array ('id_agente_modulo', 'id_tipo_modulo', 'descripcion', 'nombre', + 'max', 'min', 'module_interval', 'id_modulo', 'id_module_group', + 'disabled','max_warning', 'min_warning', 'str_warning', + 'max_critical', 'min_critical', 'str_critical')); + +$where = sprintf("id_policy_module = 0 AND delete_pending = 0 AND id_agente = %s", $id_agente); switch ($config["dbtype"]) { + case "postgresql": + $limit_sql = " LIMIT $limit OFFSET $offset "; case "mysql": - case "postgresql": - $modules = db_get_all_rows_filter ('tagente_modulo', - array ('delete_pending' => 0, - 'id_agente' => $id_agente, - 'order' => $order, - 'offset' => (int) get_parameter ('offset'), - 'limit' => (int) $config['block_size']), - array ('id_agente_modulo', 'id_tipo_modulo', 'descripcion', 'nombre', - 'max', 'min', 'module_interval', 'id_modulo', 'id_module_group', - 'disabled','max_warning', 'min_warning', 'str_warning', - 'max_critical', 'min_critical', 'str_critical')); + if(!isset($limit_sql)) { + $limit_sql = " LIMIT $offset, $limit "; + } + $sql = sprintf("SELECT %s total FROM tagente_modulo WHERE %s (%s) %s %s", + $params, $extra_sql, $where, $order_sql, $limit_sql); + + $modules = db_get_all_rows_sql($sql); break; - case "oracle": + case "oracle": $set = array(); - $set['limit'] = (int) $config["block_size"]; - $set['offset'] = (int) get_parameter ('offset'); - $sql = db_get_all_rows_filter('tagente_modulo', - array ('delete_pending' => 0, - 'id_agente' => $id_agente, - 'order' => $order), - array ('id_agente_modulo', 'id_tipo_modulo', 'descripcion', 'dbms_lob.substr(nombre,4000,1) nombre', - 'max', 'min', 'module_interval', 'id_modulo', 'id_module_group', - 'disabled','max_warning', 'min_warning', 'str_warning', - 'max_critical', 'min_critical', 'str_critical'), 'AND', false, true); + $set['limit'] = $limit; + $set['offset'] = $offset; + $sql = sprintf("SELECT %s total FROM tagente_modulo WHERE %s (%s) %s", + $params, $extra_sql, $where, $order_sql); $modules = oracle_recode_query ($sql, $set, 'AND', false); break; } - -$total_modules = db_get_all_rows_filter ('tagente_modulo', - array ('delete_pending' => 0, - 'id_agente' => $id_agente, - 'order' => $order), - array ('count(*) total')); -$total_modules = isset ($total_modules[0]['total']) ? $total_modules[0]['total'] : 0; +$sql_total_modules = sprintf("SELECT count(*) FROM tagente_modulo WHERE %s (%s)", $extra_sql, $where); + +$total_modules = db_get_value_sql($sql_total_modules); + +$total_modules = isset ($total_modules) ? $total_modules : 0; if ($modules === false) { echo "
".__('No available data to show')."
"; @@ -320,7 +345,6 @@ $table->head[5] = __('Description'); $table->head[6] = __('Warn'); - $table->head[7] = __('Action'); $table->rowstyle = array(); @@ -347,9 +371,15 @@ foreach($tempRows as $row) { } foreach ($modules as $module) { - if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) { - if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue; - } + $is_extra = enterprise_hook('policies_is_module_extra_policy', array($module["id_agente_modulo"])); + + if($is_extra === ENTERPRISE_NOT_HOOK) { + $is_extra = false; + } + + if (! check_acl ($config["id_user"], $group, "AW", $id_agente) && !$is_extra) { + continue; + } $type = $module["id_tipo_modulo"]; $id_module = $module["id_modulo"]; diff --git a/pandora_console/godmode/alerts/alert_list.list.php b/pandora_console/godmode/alerts/alert_list.list.php index cc21199ad6..4318168eb2 100644 --- a/pandora_console/godmode/alerts/alert_list.list.php +++ b/pandora_console/godmode/alerts/alert_list.list.php @@ -366,10 +366,6 @@ $rowPair = true; $iterator = 0; foreach ($simple_alerts as $alert) { - if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) { - if (!alert_in_acl_enterprise($alert['id'])) continue; - } - if ($alert['disabled']) { $table->rowstyle[$iterator] = 'font-style: italic; color: #aaaaaa;'; $table->style[$iterator][1] = 'font-style: italic; color: #aaaaaa;'; diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php index eae4b418d0..b457683208 100644 --- a/pandora_console/godmode/users/configure_user.php +++ b/pandora_console/godmode/users/configure_user.php @@ -78,12 +78,13 @@ if ($config['user_can_update_info']) { $new_user = (bool) get_parameter ('new_user'); $create_user = (bool) get_parameter ('create_user'); $add_profile = (bool) get_parameter ('add_profile'); +$add_profile_policy = (bool) get_parameter ('add_profile_policy'); $delete_profile = (bool) get_parameter ('delete_profile'); $update_user = (bool) get_parameter ('update_user'); $status = get_parameter ('status', -1); // Reset status var if current action is not update_user -if ($new_user || $create_user || $add_profile || $delete_profile || $update_user){ +if ($new_user || $create_user || $add_profile || $add_profile_policy || $delete_profile || $update_user){ $status = -1; } @@ -271,15 +272,37 @@ if ($add_profile) { "Added profile for user ".io_safe_input($id2), false, false, 'Profile: ' . $profile2 . ' Group: ' . $group2); $return = profile_create_user_profile($id2, $profile2, $group2); - if ($enterprise_include) { - add_enterprise_db_data_user_profile_form($return); - } - ui_print_result_message ($return, __('Profile added successfully'), __('Profile cannot be added')); } +if ($add_profile_policy && $enterprise_include) { + $id2 = (string) get_parameter ('id'); + $profile2 = (int) get_parameter ('assign_profile'); + $id_policy = (int) get_parameter ('policy'); + + if($id_policy != 0) { + $return = policies_create_user_policy_profile($id2, $profile2, $id_policy); + } + else { + $return = false; + } + + if($return === false) { + db_pandora_audit("User management", + "Added extra policy profile for user ".io_safe_input($id2), false, false, ' Policy: ' . $id_policy); + } + else { + db_pandora_audit("User management", + "Problem adding extra policy profile for user ".io_safe_input($id2), false, false, ' Policy: ' . $id_policy); + } + + ui_print_result_message ($return, + __('Extra policy profile added successfully'), + __('Extra policy profile cannot be added')); +} + if ($delete_profile) { $id2 = (string) get_parameter ('id_user'); $id_up = (int) get_parameter ('id_user_profile'); @@ -425,9 +448,11 @@ $table->head[1] = __('Group'); $table->head[2] = __('Action'); $table->align[2] = 'center'; +/* if ($enterprise_include) { add_enterprise_column_user_profile_form($table); } +*/ $result = db_get_all_rows_field_filter ("tusuario_perfil", "id_usuario", $id); if ($result === false) { @@ -435,6 +460,10 @@ if ($result === false) { } foreach ($result as $profile) { + if($profile["id_grupo"] == -1) { + continue; + } + $data = array (); $data[0] = ''.profile_get_name ($profile['id_perfil']).''; @@ -446,14 +475,9 @@ foreach ($result as $profile) { $data[2] .= html_print_input_image ('del', 'images/cross.png', 1, '', true); $data[2] .= ''; - if ($enterprise_include) { - add_data_enterprise_column_user_profile_form($data, $profile['id_up']); - } - array_push ($table->data, $data); } -if (!$enterprise_include) { $data = array (); $data[0] = '
'; @@ -475,19 +499,15 @@ if (!$enterprise_include) { $data[2] .= html_print_input_hidden ('id', $id, true); $data[2] .= html_print_input_hidden ('add_profile', 1, true); $data[2] .= '
'; -} -else { - add_row_enterprise_form_user_profile_form($data, $own_info, $id); -} array_push ($table->data, $data); html_print_table ($table); -echo ''; + unset ($table); if ($enterprise_include) { - add_script_enterprise_profile_form(); + policies_profile_form($id); } ?> diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index 62aea1437a..928c643409 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -1370,6 +1370,7 @@ function check_acl($id_user, $id_group, $access, $id_agent = 0) { $parents_id = array(); } + // TODO: To reduce this querys in one adding the group condition if necessary (only one line is different) //Joined multiple queries into one. That saves on the query overhead and query cache. if ($id_group == 0) { $query = sprintf("SELECT tperfil.incident_view, tperfil.incident_edit, @@ -1438,12 +1439,7 @@ function check_acl($id_user, $id_group, $access, $id_agent = 0) { } if ($result >= 1) { - if ($id_agent != 0) { - if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) { - return check_acl_policy($id_user, $id_agent); - } - } - else return 1; + return 1; } return 0; diff --git a/pandora_console/include/functions_agents.php b/pandora_console/include/functions_agents.php index 68fc86adc6..e8b3bb678a 100644 --- a/pandora_console/include/functions_agents.php +++ b/pandora_console/include/functions_agents.php @@ -192,34 +192,24 @@ function agents_get_alerts_simple ($id_agent = false, $filter = '', $options = f $selectText = 'COUNT(talert_template_modules.id) AS count'; } - switch ($config["dbtype"]) { - case "mysql": - case "postgresql": - $sql = sprintf ("SELECT %s - FROM talert_template_modules - INNER JOIN tagente_modulo AS t2 - ON talert_template_modules.id_agent_module = t2.id_agente_modulo - INNER JOIN tagente AS t3 - ON t2.id_agente = t3.id_agente - INNER JOIN talert_templates AS t4 - ON talert_template_modules.id_alert_template = t4.id - WHERE id_agent_module in (%s) %s %s %s", - $selectText, $subQuery, $where, $filter, $orderbyText); - break; - case "oracle": - $sql = sprintf ("SELECT %s - FROM talert_template_modules - INNER JOIN tagente_modulo t2 - ON talert_template_modules.id_agent_module = t2.id_agente_modulo - INNER JOIN tagente t3 - ON t2.id_agente = t3.id_agente - INNER JOIN talert_templates t4 - ON talert_template_modules.id_alert_template = t4.id - WHERE id_agent_module in (%s) %s %s %s", - $selectText, $subQuery, $where, $filter, $orderbyText); - break; + $extra_sql = enterprise_hook('policies_get_modules_sql_condition', array(reset($id_agent), 't3.')); + if ($extra_sql === ENTERPRISE_NOT_HOOK) { + $extra_sql = ''; + }else if ($extra_sql != '') { + $extra_sql .= ' OR '; } - + + $sql = sprintf ("SELECT %s + FROM talert_template_modules + INNER JOIN tagente_modulo t2 + ON talert_template_modules.id_agent_module = t2.id_agente_modulo + INNER JOIN tagente t3 + ON t2.id_agente = t3.id_agente + INNER JOIN talert_templates t4 + ON talert_template_modules.id_alert_template = t4.id + WHERE (%s id_agent_module in (%s)) %s %s %s", + $selectText, $extra_sql, $subQuery, $where, $filter, $orderbyText); + $alerts = db_get_all_rows_sql ($sql); if ($alerts === false) @@ -321,12 +311,6 @@ function agents_get_alerts_compound ($id_agent = false, $filter = '', $options = */ function agents_get_agents ($filter = false, $fields = false, $access = 'AR', $order = array('field' => 'nombre', 'order' => 'ASC')) { global $config; - - //Add enterprise function to add other enterprise ACL. - $enterprise_include = false; - if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) { - $enterprise_include = true; - } if (! is_array ($filter)) { $filter = array (); @@ -369,17 +353,58 @@ function agents_get_agents ($filter = false, $fields = false, $access = 'AR', $o $fields[1] = "nombre"; } - $filter['order'] = $order['field'] . ' ' . $order['order']; - - if ($enterprise_include) { - $ids = get_id_agents_user_profile_policy(); - - if (!empty($filter['id_agente'])) { - $filter['id_agente'] = array_intersect($filter['id_agente'], $ids); + if(isset($order['field'])) { + if(!isset($order['order'])) { + $order['order'] = 'ASC'; } + $order = 'ORDER BY '.$order['field'] . ' ' . $order['order']; } - return db_get_all_rows_filter ('tagente', $filter, $fields); + unset($filter['order']); + + if(isset($filter['offset'])) { + $offset = $filter['offset']; + unset($filter['offset']); + } + + if(isset($filter['limit'])) { + $limit = $filter['limit']; + unset($filter['limit']); + } + + $where = db_format_array_where_clause_sql ($filter, 'AND', ' WHERE (').')'; + + $sql_extra = enterprise_hook('policies_get_agents_sql_condition'); + + if($sql_extra != ENTERPRISE_NOT_HOOK) { + $where = sprintf('%s OR %s', $where, $sql_extra); + } + + $sql = sprintf('SELECT %s FROM tagente %s %s', implode(',',$fields), $where, $order); + + switch ($config["dbtype"]) { + case "mysql": + case "postgresql": + if(isset($offset) && isset($limit)) { + $limit_sql = " LIMIT $offset, $limit "; + } + $sql = sprintf("%s %s", $sql, $limit_sql); + + $agents = db_get_all_rows_sql($sql); + break; + case "oracle": + $set = array(); + if(isset($offset) && isset($limit)) { + $set['limit'] = $limit; + $set['offset'] = $offset; + } + + $agents = oracle_recode_query ($sql, $set, 'AND', false); + break; + } + + return $agents; + return db_get_all_rows_sql($sql); } /** @@ -745,7 +770,6 @@ function agents_common_modules ($id_agent, $filter = false, $indexed = true, $ge function agents_get_group_agents ($id_group = 0, $search = false, $case = "lower", $noACL = false, $childGroups = false) { global $config; - if (!$noACL) { $id_group = groups_safe_acl($config["id_user"], $id_group, "AR"); @@ -768,13 +792,13 @@ function agents_get_group_agents ($id_group = 0, $search = false, $case = "lower } if (is_array($id_group)) { - $search_sql = sprintf ('WHERE id_grupo IN (%s)', implode (",", $id_group)); + $search_sql = sprintf ('id_grupo IN (%s)', implode (",", $id_group)); } else if ($id_group == 0) { //All group - $search_sql = 'WHERE 1 = 1'; + $search_sql = '1 = 1'; } else { - $search_sql = sprintf ('WHERE id_grupo = %d', $id_group); + $search_sql = sprintf ('id_grupo = %d', $id_group); } @@ -831,27 +855,27 @@ function agents_get_group_agents ($id_group = 0, $search = false, $case = "lower $search_sql .= ' AND disabled = 0'; } - //Add enterprise function to add other enterprise ACL. - if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) { - $operator = 'AND'; - - if (empty($search_sql)) - $operator = ''; - $search_sql .= subquery_acl_enterprise($operator); + enterprise_include_once ('include/functions_policies.php'); + + $extra_sql = enterprise_hook('policies_get_agents_sql_condition'); + if ($extra_sql === ENTERPRISE_NOT_HOOK) { + $extra_sql = ''; + }else if ($extra_sql != '') { + $extra_sql .= ' OR '; } switch ($config["dbtype"]) { case "mysql": case "postgresql": - $sql = sprintf ("SELECT id_agente, nombre FROM tagente %s ORDER BY nombre", $search_sql); + $sql = sprintf ("SELECT id_agente, nombre FROM tagente WHERE %s (%s) ORDER BY nombre", $extra_sql, $search_sql); break; case "oracle": - $sql = sprintf ("SELECT id_agente, nombre FROM tagente %s ORDER BY dbms_lob.substr(nombre,4000,1)", $search_sql); + $sql = sprintf ("SELECT id_agente, nombre FROM tagente WHERE %s (%s) ORDER BY dbms_lob.substr(nombre,4000,1)", $extra_sql, $search_sql); break; } $result = db_get_all_rows_sql ($sql); - + if ($result === false) return array (); //Return an empty array @@ -902,11 +926,6 @@ function agents_get_group_agents ($id_group = 0, $search = false, $case = "lower function agents_get_modules ($id_agent = null, $details = false, $filter = false, $indexed = true, $get_not_init_modules = true) { global $config; - $subquery_enterprise = ''; - if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) { - $subquery_enterprise = subquery_acl_enterprise(); - } - if ($id_agent === null) { //Extract the agents of group user. $groups = users_get_groups(false, 'AR', false); @@ -933,6 +952,13 @@ function agents_get_modules ($id_agent = null, $details = false, $filter = false $id_agent = safe_int ($id_agent, 1); + $extra_sql = enterprise_hook('policies_get_modules_sql_condition', (array)$id_agent); + if ($extra_sql === ENTERPRISE_NOT_HOOK) { + $extra_sql = ''; + }else if ($extra_sql != '') { + $extra_sql .= ' OR '; + } + $userGroups = users_get_groups($config['id_user'], 'AR', false); if(empty($userGroups)) { @@ -941,7 +967,7 @@ function agents_get_modules ($id_agent = null, $details = false, $filter = false $id_userGroups = array_keys($userGroups); - $where = " WHERE ( + $where = "( 1 = ( SELECT is_admin FROM tusuario @@ -1072,31 +1098,33 @@ function agents_get_modules ($id_agent = null, $details = false, $filter = false else $details = io_safe_input ($details); } + + $where .= " AND id_policy_module = 0 "; + switch ($config["dbtype"]) { case "mysql": case "postgresql": $sql = sprintf ('SELECT %s%s - FROM tagente_modulo - %s %s + FROM tagente_modulo WHERE + %s (%s) ORDER BY nombre', ($details != '*' && $indexed) ? 'id_agente_modulo,' : '', io_safe_output(implode (",", (array) $details)), - $where, - $subquery_enterprise); + $extra_sql, + $where); break; case "oracle": $sql = sprintf ('SELECT %s%s - FROM tagente_modulo - %s %s + FROM tagente_modulo WHERE + %s (%s) ORDER BY dbms_lob.substr(nombre, 4000, 1)', ($details != '*' && $indexed) ? 'id_agente_modulo,' : '', io_safe_output(implode (",", (array) $details)), - $where, - $subquery_enterprise); + $extra_sql, + $where); break; } - - + $result = db_get_all_rows_sql ($sql); if (empty ($result)) { diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 2c52ff01d2..20ac4abd7e 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -145,7 +145,6 @@ function array_apply_io_safe_output($item) { */ function isInACL($ip) { global $config; - //If set * in the list ACL return true if(in_array('*', $config['list_ACL_IPs_for_API'])) return true; diff --git a/pandora_console/operation/agentes/alerts_status.php b/pandora_console/operation/agentes/alerts_status.php index d773b39cf2..bf34318695 100644 --- a/pandora_console/operation/agentes/alerts_status.php +++ b/pandora_console/operation/agentes/alerts_status.php @@ -55,7 +55,13 @@ if ($idAgent != 0) { $id_group = agents_get_agent_group ($idAgent); - if (check_acl ($config["id_user"], $id_group, "AR") == 0) { + $is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente)); + + if($is_extra === ENTERPRISE_NOT_HOOK) { + $is_extra = false; + } + + if (!check_acl ($config["id_user"], $id_group, "AR") && !$is_extra) { db_pandora_audit("ACL Violation","Trying to access alert view"); require ("general/noaccess.php"); exit; @@ -370,10 +376,6 @@ $table->data = array (); $rowPair = true; $iterator = 0; foreach ($alerts['alerts_simple'] as $alert) { - if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) { - if (!alert_in_acl_enterprise($alert['id'])) continue; - } - if ($rowPair) $table->rowclass[$iterator] = 'rowPair'; else diff --git a/pandora_console/operation/agentes/estado_agente.php b/pandora_console/operation/agentes/estado_agente.php index 1ef3bf21a6..04b9b15668 100644 --- a/pandora_console/operation/agentes/estado_agente.php +++ b/pandora_console/operation/agentes/estado_agente.php @@ -270,6 +270,7 @@ else { $total_agents = 0; $agents = false; + if (! empty ($agent_names)) { $total_agents = agents_get_agents(array ('id_agente' => array_keys ($agent_names), 'order' => 'nombre ASC', diff --git a/pandora_console/operation/agentes/estado_generalagente.php b/pandora_console/operation/agentes/estado_generalagente.php index 139254540a..e39a60db62 100644 --- a/pandora_console/operation/agentes/estado_generalagente.php +++ b/pandora_console/operation/agentes/estado_generalagente.php @@ -37,7 +37,13 @@ if ($agent === false) { return; } -if (! check_acl ($config["id_user"], $agent["id_grupo"], "AR")) { +$is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente)); + +if($is_extra === ENTERPRISE_NOT_HOOK) { + $is_extra = false; +} + +if (! check_acl ($config["id_user"], $agent["id_grupo"], "AR") && !$is_extra) { db_pandora_audit("ACL Violation", "Trying to access Agent General Information"); require_once ("general/noaccess.php"); diff --git a/pandora_console/operation/agentes/estado_monitores.php b/pandora_console/operation/agentes/estado_monitores.php index b02fc2e65b..2232b26fb8 100644 --- a/pandora_console/operation/agentes/estado_monitores.php +++ b/pandora_console/operation/agentes/estado_monitores.php @@ -238,10 +238,6 @@ $table->align = array("left","left","center","left","left","center"); $last_modulegroup = 0; $rowIndex = 0; foreach ($modules as $module) { - if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) { - if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue; - } - //The code add the row of 1 cell with title of group for to be more organice the list. if ($module["id_module_group"] != $last_modulegroup) diff --git a/pandora_console/operation/agentes/estado_ultimopaquete.php b/pandora_console/operation/agentes/estado_ultimopaquete.php index e6c14de93e..391180960d 100644 --- a/pandora_console/operation/agentes/estado_ultimopaquete.php +++ b/pandora_console/operation/agentes/estado_ultimopaquete.php @@ -20,7 +20,7 @@ check_login(); if (isset($_GET["id_agente"])){ $id_agente = $_GET["id_agente"]; } - + include_once($config['homedir'] . "/include/functions_modules.php"); // View last data packet @@ -174,22 +174,73 @@ switch ($sortField) { break; } -$modules = db_get_all_rows_filter ('tagente_modulo, tagente_estado', - array ('tagente_modulo.id_agente_modulo = tagente_estado.id_agente_modulo', - 'disabled' => 0, - 'tagente_estado.utimestamp != 0', - 'tagente_modulo.id_agente = '.$id_agente, - 'order' => $order, - 'offset' => (int) get_parameter ('offset'), - 'limit' => (int) $config['block_size'])); - -$total_modules = db_get_all_rows_filter ('tagente_modulo', - array ('delete_pending' => 0, - 'id_agente' => $id_agente, - 'order' => $order), - array ('count(*) total')); +// Get the enterprise acl sql condition +$extra_sql = enterprise_hook('policies_get_modules_sql_condition', array($id_agente)); + +if($extra_sql == ENTERPRISE_NOT_HOOK) { + $extra_sql = ''; +} +else if ($extra_sql != '') { + $extra_sql .= ' OR '; +} -$total_modules = isset ($total_modules[0]['total']) ? $total_modules[0]['total'] : 0; +// Build the order sql +if(!empty($order)) { + $order_sql = ' ORDER BY '; +} +$first = true; +foreach($order as $ord) { + if($first) { + $first = false; + } + else { + $order_sql .= ','; + } + + $order_sql .= $ord['field'].' '.$ord['order']; +} + +// Get limit and offset parameters +$limit = (int) $config["block_size"]; +$offset = (int) get_parameter ('offset'); + +$params = implode(',', array ('*')); +$is_extra_sql = (int)$is_extra; + +$where = sprintf("(tagente_modulo.id_policy_module = 0 AND disabled = 0 AND tagente_estado.utimestamp !=0 AND tagente_modulo.id_agente = %s AND delete_pending = 0)", $id_agente); + +$basic_where = " tagente_modulo.id_agente_modulo = tagente_estado.id_agente_modulo AND "; + +switch ($config["dbtype"]) { + case "postgresql": + $limit_sql = " LIMIT $limit OFFSET $offset "; + case "mysql": + if(!isset($limit_sql)) { + $limit_sql = " LIMIT $offset, $limit "; + } + + $order[] = array('field' => 'tagente_modulo.nombre', 'order' => 'ASC'); + + $sql = sprintf("SELECT %s FROM tagente_modulo, tagente_estado WHERE %s (%s %s) %s %s", + $params, $basic_where, $extra_sql, $where, $order_sql, $limit_sql); + $modules = db_get_all_rows_sql($sql); + break; + case "oracle": + $order[] = array('field' => 'dbms_lob.substr(tagente_modulo.nombre,4000,1)', 'order' => 'ASC'); + + $set = array(); + $set['limit'] = $limit; + $set['offset'] = $offset; + $sql = sprintf("SELECT %s FROM tagente_modulo, tagente_estado WHERE %s (%s %s) %s", + $params, $basic_where, $extra_sql, $where, $order_sql); + $modules = oracle_recode_query ($sql, $set, 'AND', false); + break; +} + +$sql_total_modules = sprintf("SELECT count(*) FROM tagente_modulo, tagente_estado WHERE %s (%s %s)", $basic_where, $extra_sql, $where); + +$total_modules = db_get_value_sql($sql_total_modules); +$total_modules = isset ($total_modules) ? $total_modules : 0; if ($modules === false) { echo "
".__('This agent doesn\'t have any module')."
"; @@ -233,11 +284,6 @@ $texto=''; $last_modulegroup = 0; $color = 1; $write = check_acl ($config['id_user'], $agent['id_grupo'], "AW"); foreach ($modules as $module) { - if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) { - if (!module_in_acl_enterprise($module['id_agente_modulo'])) continue; - } - - // Calculate table line color if ($color == 1){ $tdcolor = "datos"; diff --git a/pandora_console/operation/agentes/status_monitor.php b/pandora_console/operation/agentes/status_monitor.php index 2959417db6..04871e417e 100644 --- a/pandora_console/operation/agentes/status_monitor.php +++ b/pandora_console/operation/agentes/status_monitor.php @@ -28,20 +28,16 @@ if (! check_acl ($config['id_user'], 0, "AR") && ! check_acl ($config['id_user'] return; } -require_once($config['homedir'] . "/include/functions_agents.php"); -require_once($config['homedir'] . "/include/functions_modules.php"); +require_once($config['homedir'] . '/include/functions_agents.php'); +require_once($config['homedir'] . '/include/functions_modules.php'); require_once($config['homedir'] . '/include/functions_users.php'); +enterprise_include_once ('include/functions_policies.php'); -$isFunctionPolicies = enterprise_include_once ('include/functions_policies.php'); - -//Add the subquery for the ACL enterprise -if (ENTERPRISE_NOT_HOOK !== $isFunctionPolicies) { - $subquery_enterprise = subquery_acl_enterprise(); - $subquery_enterprise2 = subquery_acl_enterprise('AND', 'tagente.id_agente'); -} -else { - $subquery_enterprise = ''; - $subquery_enterprise2 = ''; +$extra_sql = enterprise_hook('policies_get_agents_sql_condition'); +if ($extra_sql === ENTERPRISE_NOT_HOOK) { + $extra_sql = ''; +}else if ($extra_sql != '') { + $extra_sql .= ' OR '; } ui_print_page_header ("Monitor detail", "images/brick.png", false); @@ -112,12 +108,14 @@ switch ($config["dbtype"]) { $sql = ' SELECT distinct(nombre) FROM tagente_modulo - WHERE nombre <> \'delete_pending\' ' . $subquery_enterprise . ' AND id_agente IN + WHERE nombre <> \'delete_pending\' AND id_agente IN ( SELECT id_agente FROM tagente WHERE'; + $sql .= $extra_sql.'('; + if ($flag_is_admin || $flag_all_group) { $sql .= ' 1 = 1 '; } @@ -130,7 +128,7 @@ switch ($config["dbtype"]) { } } - $sql .= ')'; + $sql .= '))'; break; case "oracle": $profiles = db_get_all_rows_sql('SELECT id_grupo @@ -154,12 +152,14 @@ switch ($config["dbtype"]) { $sql = ' SELECT distinct dbms_lob.substr(nombre,4000,1) as nombre FROM tagente_modulo - WHERE dbms_lob.substr(nombre,4000,1) <> \'delete_pending\' ' . $subquery_enterprise . ' AND id_agente IN + WHERE dbms_lob.substr(nombre,4000,1) <> \'delete_pending\' AND id_agente IN ( SELECT id_agente FROM tagente WHERE'; + $sql .= $extra_sql.'('; + if ($flag_is_admin || $flag_all_group) { $sql .= ' 1 = 1 '; } @@ -172,7 +172,7 @@ switch ($config["dbtype"]) { } } - $sql .= ')'; + $sql .= '))'; break; } @@ -195,10 +195,10 @@ echo ""; // Begin Build SQL sentences $sql = " FROM tagente, tagente_modulo, tagente_estado - WHERE tagente.id_agente = tagente_modulo.id_agente + WHERE $sql_extra (tagente.id_agente = tagente_modulo.id_agente AND tagente_modulo.disabled = 0 AND tagente.disabled = 0 - AND tagente_estado.id_agente_modulo = tagente_modulo.id_agente_modulo" . $subquery_enterprise2 ; + AND tagente_estado.id_agente_modulo = tagente_modulo.id_agente_modulo"; // Agent group selector if ($ag_group > 0 && check_acl ($config["id_user"], $ag_group, "AR")) { @@ -245,7 +245,7 @@ elseif ($status == 5) { //Not init $sql .= " AND tagente_estado.utimestamp = 0 AND tagente_modulo.id_tipo_modulo NOT IN (21,22,23,100)"; } -$sql .= " ORDER BY tagente.id_grupo, tagente.nombre"; +$sql .= ") ORDER BY tagente.id_grupo, tagente.nombre"; // Build final SQL sentences $count = db_get_sql ("SELECT COUNT(tagente_modulo.id_agente_modulo)".$sql); diff --git a/pandora_console/operation/agentes/ver_agente.php b/pandora_console/operation/agentes/ver_agente.php index 84da058a94..3d63723cdf 100644 --- a/pandora_console/operation/agentes/ver_agente.php +++ b/pandora_console/operation/agentes/ver_agente.php @@ -17,10 +17,10 @@ // Load global vars global $config; -require_once ("include/functions_gis.php"); -require_once($config['homedir'] . "/include/functions_agents.php"); -require_once($config['homedir'] . "/include/functions_groups.php"); -require_once($config['homedir'] . "/include/functions_modules.php"); +require_once ('include/functions_gis.php'); +require_once($config['homedir'] . '/include/functions_agents.php'); +require_once($config['homedir'] . '/include/functions_groups.php'); +require_once($config['homedir'] . '/include/functions_modules.php'); require_once($config['homedir'] . '/include/functions_users.php'); enterprise_include_once ('include/functions_metaconsole.php'); @@ -443,7 +443,14 @@ if (empty ($id_agente)) { $agent = db_get_row ('tagente', 'id_agente', $id_agente); // get group for this id_agente $id_grupo = $agent['id_grupo']; -if (! check_acl ($config['id_user'], $id_grupo, "AR", $id_agente)) { + +$is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente)); + +if($is_extra === ENTERPRISE_NOT_HOOK) { + $is_extra = false; +} + +if (! check_acl ($config['id_user'], $id_grupo, "AR", $id_agente) && !$is_extra) { db_pandora_audit("ACL Violation", "Trying to access (read) to agent ".agents_get_name($id_agente)); include ("general/noaccess.php"); @@ -481,7 +488,7 @@ $tab = get_parameter ("tab", "main"); $managetab = ""; -if (check_acl ($config['id_user'],$id_grupo, "AW")) { +if (check_acl ($config['id_user'],$id_grupo, "AW") || $is_extra) { $managetab['text'] ='' . html_print_image("images/setup.png", true, array ("title" => __('Manage'))) . ''; @@ -705,13 +712,13 @@ switch ($tab) { require ("alerts_status.php"); break; case "inventory": - enterprise_include ('operation/agentes/agent_inventory.php'); + enterprise_include ("operation/agentes/agent_inventory.php"); break; case "collection": - enterprise_include ('operation/agentes/collection_view.php'); + enterprise_include ("operation/agentes/collection_view.php"); break; - case 'policy': - enterprise_include ('operation/agentes/policy_view.php'); + case "policy": + enterprise_include ("operation/agentes/policy_view.php"); break; case "graphs"; require("operation/agentes/graphs.php"); diff --git a/pandora_console/operation/search_agents.php b/pandora_console/operation/search_agents.php index 15664c67ca..1398018be1 100755 --- a/pandora_console/operation/search_agents.php +++ b/pandora_console/operation/search_agents.php @@ -16,10 +16,14 @@ global $config; +enterprise_include_once('include/functions_policies.php'); require_once ($config['homedir'].'/include/functions_users.php'); -$subquery_enterprise = ''; -if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) { - $subquery_enterprise = subquery_acl_enterprise(); + +$extra_sql = enterprise_hook('policies_get_agents_sql_condition'); +if ($extra_sql === ENTERPRISE_NOT_HOOK) { + $extra_sql = ''; +}else if ($extra_sql != '') { + $extra_sql .= ' OR '; } $searchAgents = check_acl($config['id_user'], 0, "AR"); @@ -130,8 +134,9 @@ if ($searchAgents) { ) OR t1.id_grupo IN ( " . implode(',', $id_userGroups) . " - ) - OR 0 IN ( + ) OR " . + $extra_sql . + " 0 IN ( SELECT id_grupo FROM tusuario_perfil WHERE id_usuario = '" . $config['id_user'] . "' @@ -145,7 +150,7 @@ if ($searchAgents) { t1.nombre COLLATE utf8_general_ci LIKE '%%" . $stringSearchSQL . "%%' OR t2.nombre COLLATE utf8_general_ci LIKE '%%" . $stringSearchSQL . "%%' ) - " . $subquery_enterprise; + "; break; case "postgresql": case "oracle": @@ -161,8 +166,9 @@ if ($searchAgents) { ) OR t1.id_grupo IN ( " . implode(',', $id_userGroups) . " - ) - OR 0 IN ( + ) OR " . + $extra_sql . + " 0 IN ( SELECT id_grupo FROM tusuario_perfil WHERE id_usuario = '" . $config['id_user'] . "' @@ -176,10 +182,10 @@ if ($searchAgents) { t1.nombre LIKE '%%" . $stringSearchSQL . "%%' OR t2.nombre LIKE '%%" . $stringSearchSQL . "%%' ) - " . $subquery_enterprise; + "; break; } - + $select = "SELECT t1.id_agente, t1.ultimo_contacto, t1.nombre, t1.id_os, t1.intervalo, t1.id_grupo, t1.disabled"; $limit = " ORDER BY " . $order['field'] . " " . $order['order'] . diff --git a/pandora_console/operation/search_alerts.php b/pandora_console/operation/search_alerts.php index 6467694d9c..1aac98ef0e 100755 --- a/pandora_console/operation/search_alerts.php +++ b/pandora_console/operation/search_alerts.php @@ -17,13 +17,16 @@ global $config; include_once('include/functions_alerts.php'); +enterprise_include_once('include/functions_policies.php') include_once($config['homedir'] . "/include/functions_agents.php"); include_once($config['homedir'] . "/include/functions_modules.php"); -$subquery_enterprise = ''; -if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) { - $subquery_enterprise = subquery_acl_enterprise(); -} +$extra_sql = enterprise_hook('policies_get_agents_sql_condition'); +if ($extra_sql === ENTERPRISE_NOT_HOOK) { + $extra_sql = ''; +}else if ($extra_sql != '') { + $extra_sql .= ' OR '; +} $searchAlerts = check_acl($config['id_user'], 0, "AR"); @@ -132,7 +135,7 @@ if($searchAlerts) { WHERE id_agente IN ( SELECT id_agente FROM tagente - WHERE nombre LIKE "%' . $stringSearchSQL . '%" ' . $subquery_enterprise . ')) + WHERE nombre LIKE "%' . $stringSearchSQL . '%" ' . $extra_sql . ')) )'; break; case "postgresql": @@ -163,7 +166,7 @@ if($searchAlerts) { WHERE id_agente IN ( SELECT id_agente FROM tagente - WHERE nombre LIKE \'%' . $stringSearchSQL . '%\' ' . $subquery_enterprise . ')) + WHERE nombre LIKE \'%' . $stringSearchSQL . '%\' ' . $extra_sql . ')) )'; break; } diff --git a/pandora_console/operation/search_modules.php b/pandora_console/operation/search_modules.php index adff02dbfa..f14e5488e7 100644 --- a/pandora_console/operation/search_modules.php +++ b/pandora_console/operation/search_modules.php @@ -16,11 +16,15 @@ global $config; +enterprise_include_once('include/functions_policies.php'); include_once($config['homedir'] . "/include/functions_modules.php"); include_once($config['homedir'] . '/include/functions_users.php'); -$subquery_enterprise = ''; -if (ENTERPRISE_NOT_HOOK !== enterprise_include_once('include/functions_policies.php')) { - $subquery_enterprise = subquery_acl_enterprise('', 't1.id_agente', 'AND'); + +$extra_sql = enterprise_hook('policies_get_agents_sql_condition', array('t2.')); +if ($extra_sql === ENTERPRISE_NOT_HOOK) { + $extra_sql = ''; +}else if ($extra_sql != '') { + $extra_sql .= ' OR '; } $searchModules = check_acl($config['id_user'], 0, "AR"); @@ -77,7 +81,7 @@ if ($searchModules) { ON t3.id_grupo = t2.id_grupo INNER JOIN tagente_estado AS t4 ON t4.id_agente_modulo = t1.id_agente_modulo - WHERE ' . $subquery_enterprise . ' (t2.id_grupo IN (' . implode(',', $id_userGroups) . ') + WHERE ('.$extra_sql.'t2.id_grupo IN (' . implode(',', $id_userGroups) . ') OR 0 IN ( SELECT id_grupo FROM tusuario_perfil @@ -100,7 +104,7 @@ if ($searchModules) { ON t3.id_grupo = t2.id_grupo INNER JOIN tagente_estado AS t4 ON t4.id_agente_modulo = t1.id_agente_modulo - WHERE ' . $subquery_enterprise . ' (t2.id_grupo IN (' . implode(',', $id_userGroups) . ') + WHERE ('.$extra_sql.'t2.id_grupo IN (' . implode(',', $id_userGroups) . ') OR 0 IN ( SELECT id_grupo FROM tusuario_perfil