Fixed several bugs with acl tags.

2014-12-03 10:27:27 +01:00 · 2014-12-03 10:27:27 +01:00 · 7806cee6fd
parent 1587428f57
commit 7806cee6fd
4 changed files with 149 additions and 141 deletions
--- a/pandora_console/include/ajax/events.php
+++ b/pandora_console/include/ajax/events.php
@ -224,7 +224,7 @@ if ($get_extended_event) {
 	$childrens_ids = json_decode($childrens_ids);
 	
 	if ($meta) {
-		$event = events_meta_get_event($event_id, false, $history);
+		$event = events_meta_get_event($event_id, false, $history, "ER");
 	}
 	else {
 		$event = events_get_event($event_id);
--- a/pandora_console/include/functions_groups.php
+++ b/pandora_console/include/functions_groups.php
@ -1198,6 +1198,7 @@ function groups_agent_ok ($group_array) {
 	
 	if (empty ($group_array)) {
 		return 0;
+		
 	}
 	else if (!is_array ($group_array)) {
 		$group_array = array($group_array);
@ -1206,12 +1207,7 @@ function groups_agent_ok ($group_array) {
 	$group_clause = implode (",", $group_array);
 	$group_clause = "(" . $group_clause . ")";
 	
-	$count = db_get_sql ("SELECT COUNT(*)
-		FROM tagente
-		WHERE tagente.disabled = 0
-			AND normal_count = total_count
-			AND (notinit_count != 0)
-			AND id_grupo IN $group_clause");
+	$count = db_get_sql ("SELECT COUNT(*) FROM tagente WHERE tagente.disabled=0 AND normal_count=total_count AND id_grupo IN $group_clause");
 	
 	return $count > 0 ? $count : 0;
 }
@ -1627,9 +1623,12 @@ function groups_get_tree(&$groups, $parent = false) {
 	return $return;
 }

-function groups_get_all_hierarchy_group ($id_group, $hierarchy = array(), $debug = false) {
+function groups_get_all_hierarchy_group ($id_group, $hierarchy = array()) {
 	global $config;

+	if ($id_group == 0) {
+		$hierarchy = groups_get_childrens($id_group);
+	} else {
 		$hierarchy[] = $id_group;
 		$parent = db_get_value('parent','tgrupo','id_grupo',$id_group);

@ -1650,6 +1649,7 @@ function groups_get_all_hierarchy_group ($id_group, $hierarchy = array(), $debug
 				$hierarchy = groups_get_all_hierarchy_group ($parent, $hierarchy);
 			}
 		}
+	}
 	return $hierarchy;
 }
 ?>
--- a/pandora_console/include/functions_tags.php
+++ b/pandora_console/include/functions_tags.php
@ -636,7 +636,7 @@ function tags_get_tags_formatted ($tags_array, $get_url = true) {
 * @return mixed/string Tag ids
 */
 
-function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = 'module_condition', $query_prefix = '', $query_table = '', $meta = false, $childrens_ids = array()) {
+function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = 'module_condition', $query_prefix = '', $query_table = '', $meta = false, $childrens_ids = array(), $force_group_and_tag = false) {

 	global $config;
 	
@ -670,19 +670,9 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
 		$id_group = (array) $id_group;
 	}
 	
-	$id_group_aux = array();
-	foreach ($id_group as $key=>$id) {
-		array_push($id_group_aux, $id);
-		$parent = db_get_value('parent','tgrupo','id_grupo',$id);
-		
-		if ($parent !== 0) {
-			$propagate = db_get_value('propagate','tgrupo','id_grupo',$parent);
-			if ($propagate == 1) {
-				array_push($id_group_aux,$parent);
+	if ($id_group[0] != 0) {
+		$id_group = groups_get_all_hierarchy_group ($id_group[0]);
 	}
-		}
-	}
-	$id_group = $id_group_aux;

 	$acl_column = get_acl_column($access);
 	
@ -690,9 +680,6 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
 		return ERR_WRONG_PARAMETERS;
 	}

-	if (!empty($childrens_ids)) {
-		$id_group = $childrens_ids;
-	}
 	$query = sprintf("SELECT tags, id_grupo 
 			FROM tusuario_perfil, tperfil
 			WHERE tperfil.id_perfil = tusuario_perfil.id_perfil AND
@ -712,6 +699,12 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
 	
 	$acltags = array();
 	foreach ($tags as $tagsone) {
+		if ($force_group_and_tag) {
+			if (empty($tagsone['tags'])) {
+				// Do none
+			}
+		}
+		else {
 			if (empty($tagsone['tags'])) {
 				// If there arent tags restriction in all groups (group 0), return no condition
 				if ($tagsone['id_grupo'] == 0) {
@ -729,8 +722,14 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
 				$non_restriction_groups[] = $tagsone['id_grupo'];
 				continue;
 			}
+		}
 		
 		$tags_array = explode(',',$tagsone['tags']);
+		if ($force_group_and_tag) {
+			if (empty($tagsone['tags'])) {
+				$tags_array = array();
+			}
+		}
 		
 		if (!isset($acltags[$tagsone['id_grupo']])) {
 			$acltags[$tagsone['id_grupo']] = $tags_array;
@ -761,7 +760,7 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
 			break;
 		case 'event_condition':
 			// Return the condition of the tags for tevento table
-			$condition = tags_get_acl_tags_event_condition($acltags, $meta);			
+			$condition = tags_get_acl_tags_event_condition($acltags, $meta, $force_group_and_tag);
 			if(!empty($condition)) {
 				return " $query_prefix "."(".$condition.")";
 			}
@ -837,7 +836,9 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') {
 * @return string SQL condition for tagente_module
 */
 
-function tags_get_acl_tags_event_condition($acltags, $meta = false) {
+function tags_get_acl_tags_event_condition($acltags, $meta = false, $force_group_and_tag = false) {
+
+	global $config;
 	$condition = '';

 	// Get all tags of the system
@ -854,6 +855,9 @@ function tags_get_acl_tags_event_condition($acltags, $meta = false) {
 		
 		// Tags condition (The module has at least one of the restricted tags)
 		$tags_condition = '';
+		if (empty($group_tags)) {
+			$tags_condition = "id_grupo = ".$group_id;
+		} else {
 			foreach ($group_tags as $tag) {
 				// If the tag ID doesnt exist, ignore
 				if (!isset($all_tags[$tag])) {
@ -871,8 +875,30 @@ function tags_get_acl_tags_event_condition($acltags, $meta = false) {
 				//~ $tags_condition .= sprintf(' OR tags LIKE "%s %%"',io_safe_input($all_tags[$tag]));
 				//~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s %%"',io_safe_input($all_tags[$tag]));
 				
+				if ($force_group_and_tag) {
+					if (!empty($all_tags[$tag])) {
+						$tags_condition .= sprintf('(tags = "%s"',io_safe_input($all_tags[$tag]));
+						$childrens = groups_get_childrens($group_id, null, true);
+
+						if (empty($childrens)) {
+							$tags_condition .= sprintf(' AND id_grupo = %d )', $group_id);
+						} else {
+							$childrens_ids[] = $group_id;
+							foreach ($childrens as $child) {
+								$childrens_ids[] = (int)$child['id_grupo'];
+							}
+							$ids_str = implode(',', $childrens_ids);
+
+							$tags_condition .= sprintf(' AND id_grupo IN (%s) )', $ids_str);
+						}
+					} else {
+						$tags_condition .= "id_grupo = ".$group_id;
+					}
+				} else {
 					$tags_condition .= sprintf('tags = "%s"',io_safe_input($all_tags[$tag]));
 				}
+			}
+		}
 		
 		// If there is not tag condition ignore
 		if (empty($tags_condition)) {
@ -883,11 +909,7 @@ function tags_get_acl_tags_event_condition($acltags, $meta = false) {
 			$condition .= ' OR ';
 		}
 		
-		if ($meta) {
 		$condition .= "($tags_condition)\n";
-		} else {
-			$condition .= "($group_condition AND \n($tags_condition))\n";
-		}
 	}
 	
 	//Commented because ACLs propagation don't work
@ -1240,60 +1262,52 @@ function tags_checks_event_acl($id_user, $id_group, $access, $tags = array(), $c
 		$id_user = $config['id_user'];
 	}
 	
-	$tags_user = tags_get_acl_tags($id_user, $id_group, $access, 'data', '', '', false, $childrens_ids);
+	$tags_user = tags_get_acl_tags($id_user, $id_group, $access, 'data', '', '', true, $childrens_ids, true);

-	// If there are wrong parameters or fail ACL check, return false
-	if($tags_user === ERR_WRONG_PARAMETERS || $tags_user === ERR_ACL) {
-		//return false;
-		$return = false;
-	}
+	//check user without tags
+	$sql = "SELECT id_usuario FROM tusuario_perfil
+		WHERE id_usuario = '".$config["id_user"]."' AND tags = ''
+		AND id_perfil IN (SELECT id_perfil FROM tperfil WHERE ".get_acl_column($access)."=1)";
+	$user_has_perm_without_tags = db_get_all_rows_sql ($sql);
 	
-	// If there are not tags restrictions or tags passed, return true
-	//if(empty($tags_user) || empty($tags)) {
-	if(empty($tags_user)) {
+	if ($user_has_perm_without_tags) {
 		return true;
-		//$return = true;
 	}

-	$tags_user_ids = array();
-	foreach ($tags_user as $id=>$tag_user) {
-		$tags_user_ids[] = $tag_user[0];
+	$query = sprintf("SELECT tags, id_grupo 
+				FROM tusuario_perfil, tperfil
+				WHERE tperfil.id_perfil = tusuario_perfil.id_perfil AND
+					tusuario_perfil.id_usuario = '%s' AND 
+					tperfil.%s = 1
+				ORDER BY id_grupo", $id_user, get_acl_column($access));
+	$user_tags = db_get_all_rows_sql($query);
+
+	if ($user_tags === false) {
+		$user_tags = array();
 	}
 	
-	if (in_array($id_group, $childrens_ids)) { //check group
-		foreach ($tags as $tag) {
-			$tag_id = tags_get_id($tag);
-			if (in_array($tag_id, $tags_user_ids)) { //check tag
-				return true;
-				//$return = true;
-			}
-		}
-	}
-	//return false;
-	$return = false;
+	foreach ($user_tags as $user_tag) {
+		$tags_user = $user_tag['tags'];
+		$id_group_user = $user_tag['id_grupo'];
+		$childrens = groups_get_childrens($id_group_user, null, true);

-	if ($return == false) {
-
-		$parent = db_get_value('parent','tgrupo','id_grupo',$id_group);
-
-		if ($parent !== 0) {
-			$propagate = db_get_value('propagate','tgrupo','id_grupo',$parent);
-
-			if ($propagate == 1) {
-
-				$childrens_ids_parent = array($parent);
-					
-				$childrens = groups_get_childrens($parent);
-
-				if (!empty($childrens)) {
+		if (empty($childrens)) {
+			$group_ids = $id_group_user;
+		} else {
+			$childrens_ids[] = $id_group_user;
 			foreach ($childrens as $child) {
-						$childrens_ids_parent[] = (int)$child['id_grupo'];
+				$childrens_ids[] = (int)$child['id_grupo'];
 			}
+			$group_ids = implode(',', $childrens_ids);
 		}
-				//$acl_parent = tags_check_acl_event($id_user, $parent, $access, $tags,$p);
-				$acl_parent = tags_checks_event_acl($id_user, $parent, $access, $tags, $childrens_ids_parent);
-				return $acl_parent;
-			}
+		$sql = "SELECT id_usuario FROM tusuario_perfil
+					WHERE id_usuario = '".$config["id_user"]."' AND tags = $tags_user
+					AND id_perfil IN (SELECT id_perfil FROM tperfil WHERE ".get_acl_column($access)."=1)
+					AND id_grupo IN ($group_ids)";
+		$has_perm = db_get_value_sql ($sql);
+		
+		if ($has_perm) {
+			return true;
 		}
 	}
 	
--- a/pandora_console/operation/events/events.build_query.php
+++ b/pandora_console/operation/events/events.build_query.php
@ -162,7 +162,6 @@ else {
 	}
 }

-
 //Search by tag
 if (!empty($tag_with)) {
 	$sql_post .= ' AND ( ';
@ -202,13 +201,8 @@ else {
 	$group_array = array_keys($groups);
 }

-//$tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER', 'event_condition', 'AND', '', $meta);
-if ($id_group == 0) {
-	$hierarchy = array_keys($groups);
-} else {
-	$hierarchy = groups_get_all_hierarchy_group ($id_group, array(), true);
-}
-$tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER', 'event_condition', 'AND', '', $meta, $hierarchy, true);
+$tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER',
+	'event_condition', 'AND', '', $meta, array(), true); //FORCE CHECK SQL "(TAG = tag1 AND id_grupo = 1)"

 if (($tags_acls_condition != ERR_WRONG_PARAMETERS) && ($tags_acls_condition != ERR_ACL)&& ($tags_acls_condition != -110000)) {
 	$sql_post .= $tags_acls_condition;