tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-30 01:05:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

2014-03-13 Miguel de Dios <miguel.dedios@artica.es>

Browse Source 
* godmode/reporting/reporting_builder.main.php,
	godmode/reporting/reporting_builder.php,
	include/functions_users.php: fixed the access to the report with the
	user profile "RW" and "RM".
	
	Incident: #655




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@9575 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
mdtrooper 2014-03-13 10:22:34 +00:00
parent 35a7782fbe
commit 84bc0b03ed
4 changed files with 72 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pandora_console/ChangeLog
View File

@ -1,3 +1,12 @@
2014-03-13 Miguel de Dios <miguel.dedios@artica.es>
* godmode/reporting/reporting_builder.main.php,
godmode/reporting/reporting_builder.php,
include/functions_users.php: fixed the access to the report with the
user profile "RW" and "RM".
Incident: #655
2014-03-13 Vanessa Gil <vanessa.gil@artica.es> 2014-03-13 Vanessa Gil <vanessa.gil@artica.es>
* godmode/menu.php * godmode/menu.php

6
pandora_console/godmode/reporting/reporting_builder.main.php
View File

@ -58,14 +58,16 @@ $table->data['name'][1] = html_print_input_text('name', $reportName,
$table->data['group'][0] = __('Group'); $table->data['group'][0] = __('Group');
$write_groups = users_get_groups_for_select(false, "RW", users_can_manage_group_all(), true, false, 'id_grupo'); $write_groups = users_get_groups_for_select(false, "RW",
users_can_manage_group_all(), true, false, 'id_grupo');
// If the report group is not among the RW groups (special permission) we add it // If the report group is not among the RW groups (special permission) we add it
if (!isset($write_groups[$idGroupReport])) { if (!isset($write_groups[$idGroupReport])) {
$write_groups[$idGroupReport] = groups_get_name($idGroupReport); $write_groups[$idGroupReport] = groups_get_name($idGroupReport);
} }
$table->data['group'][1] = html_print_select ($write_groups, 'id_group', $idGroupReport, false, '', '', true); $table->data['group'][1] = html_print_select($write_groups, 'id_group',
$idGroupReport, false, '', '', true);
if ($report_id_user == $config['id_user'] || if ($report_id_user == $config['id_user'] ||
is_user_admin ($config["id_user"])) { is_user_admin ($config["id_user"])) {

44
pandora_console/godmode/reporting/reporting_builder.php
View File

@ -389,7 +389,8 @@ switch ($action) {
$table->head[$next] = __('Group'); $table->head[$next] = __('Group');
$table->align[$next] = 'center'; $table->align[$next] = 'center';
$next++; $next++;
$table->head[$next] = '<span title="Operations">' . __('Op.') . '</span>'; $table->head[$next] = '<span title="Operations">' .
__('Op.') . '</span>';
$table->size = array (); $table->size = array ();
$table->size[$next] = '80px'; $table->size[$next] = '80px';
$table->style[$next] = 'text-align:center;'; $table->style[$next] = 'text-align:center;';
@ -398,7 +399,7 @@ switch ($action) {
foreach ($reports as $report) { foreach ($reports as $report) {
if (!is_user_admin ($config["id_user"])){ if (!is_user_admin ($config["id_user"])) {
if ($report["private"] && $report["id_user"] != $config['id_user']) if ($report["private"] && $report["id_user"] != $config['id_user'])
if (!check_acl ($config["id_user"], $report["id_group"], "RR")) if (!check_acl ($config["id_user"], $report["id_group"], "RR"))
continue; continue;
@ -448,22 +449,41 @@ switch ($action) {
$type_access_selected = reports_get_type_access($report); $type_access_selected = reports_get_type_access($report);
$edit = false; $edit = false;
$delete = false;
switch ($type_access_selected) { switch ($type_access_selected) {
case 'group_view': case 'group_view':
$edit = check_acl($config['id_user'], $report['id_group'], "RW") && users_can_manage_group_all($report["id_group"]); $edit = check_acl($config['id_user'],
$report['id_group'], "RW")
&&
users_can_manage_group_all($report["id_group"], "RW");
$delete = check_acl($config['id_user'],
$report['id_group'], "RM")
&&
users_can_manage_group_all($report["id_group"], "RM");
break; break;
case 'group_edit': case 'group_edit':
$edit = check_acl($config['id_user'], $report['id_group_edit'], "RW") && users_can_manage_group_all($report["id_group_edit"]); $edit = check_acl($config['id_user'],
$report['id_group_edit'], "RW")
&&
users_can_manage_group_all($report["id_group_edit"], "RW");
$delete = check_acl($config['id_user'],
$report['id_group_edit'], "RM")
&&
users_can_manage_group_all($report["id_group_edit"], "RM");
break; break;
case 'user_edit': case 'user_edit':
if ($config['id_user'] == $report['id_user'] || if ($config['id_user'] == $report['id_user'] ||
is_user_admin ($config["id_user"])) is_user_admin ($config["id_user"])) {
$edit = true; $edit = true;
$delete = true;
}
break; break;
} }
if ($edit || $delete) {
if ($edit) {
if (!isset($table->head[$next])) { if (!isset($table->head[$next])) {
$table->head[$next] = '<span title="Operations">' . __('Op.') . '</span>'; $table->head[$next] = '<span title="Operations">' . __('Op.') . '</span>';
$table->size = array (); $table->size = array ();
@ -471,11 +491,16 @@ switch ($action) {
$table->style[$next] = 'text-align:center;'; $table->style[$next] = 'text-align:center;';
} }
if ($edit) {
$data[$next] = '<form method="post" action="index.php?sec=reporting&sec2=godmode/reporting/reporting_builder&action=edit&pure='.$pure.'" style="display:inline">'; $data[$next] = '<form method="post" action="index.php?sec=reporting&sec2=godmode/reporting/reporting_builder&action=edit&pure='.$pure.'" style="display:inline">';
$data[$next] .= html_print_input_hidden ('id_report', $report['id_report'], true); $data[$next] .= html_print_input_hidden('id_report',
$data[$next] .= html_print_input_image ('edit', 'images/config.png', 1, '', true, array ('title' => __('Edit'))); $report['id_report'], true);
$data[$next] .= html_print_input_image('edit',
'images/config.png', 1, '', true, array ('title' => __('Edit')));
$data[$next] .= '</form>'; $data[$next] .= '</form>';
}
if ($delete) {
$data[$next] .= '<form method="post" style="display:inline;" onsubmit="if (!confirm (\''.__('Are you sure?').'\')) return false">'; $data[$next] .= '<form method="post" style="display:inline;" onsubmit="if (!confirm (\''.__('Are you sure?').'\')) return false">';
$data[$next] .= html_print_input_hidden ('id_report', $report['id_report'], true); $data[$next] .= html_print_input_hidden ('id_report', $report['id_report'], true);
$data[$next] .= html_print_input_hidden ('action','delete_report', true); $data[$next] .= html_print_input_hidden ('action','delete_report', true);
@ -483,6 +508,7 @@ switch ($action) {
true, array ('title' => __('Delete'))); true, array ('title' => __('Delete')));
$data[$next] .= '</form>'; $data[$next] .= '</form>';
} }
}
array_push ($table->data, $data); array_push ($table->data, $data);

4
pandora_console/include/functions_users.php
View File

@ -793,7 +793,7 @@ function users_check_users() {
// Check if a user can manage a group when group is all // Check if a user can manage a group when group is all
// This function dont check acls of the group, only if the // This function dont check acls of the group, only if the
// user is admin or pandora manager and the group is all // user is admin or pandora manager and the group is all
function users_can_manage_group_all($id_group = 0) { function users_can_manage_group_all($id_group = 0, $access = "PM") {
global $config; global $config;
if ($id_group != 0) { if ($id_group != 0) {
@ -802,7 +802,7 @@ function users_can_manage_group_all($id_group = 0) {
$is_admin = db_get_value('is_admin', 'tusuario', 'id_user', $config['id_user']); $is_admin = db_get_value('is_admin', 'tusuario', 'id_user', $config['id_user']);
if (check_acl ($config['id_user'], 0, "PM") || $is_admin) { if (check_acl ($config['id_user'], 0, $access) || $is_admin) {
return true; return true;
} }