tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 08:45:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

[Secondary groups] Fixed some problems in agent view

Browse Source
This commit is contained in:
fermin831 2018-03-27 16:38:17 +02:00
parent c96b883614
commit 88375a2460
11 changed files with 68 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_console/godmode/agentes/agent_manager.php
View File

@ -273,7 +273,12 @@ if(is_array($modules)){
}
$table->data[4][0] = __('Primary group');
$table->data[4][1] = html_print_select_groups(false, "AR", false, 'grupo', $grupo, '', '', 0, true);
// Cannot change primary group if user have not permission for that group
if (isset($groups[$grupo]) || $new_agent) {
$table->data[4][1] = html_print_select_groups(false, "AR", false, 'grupo', $grupo, '', '', 0, true);
} else {
$table->data[4][1] = groups_get_name($grupo);
}
$table->data[4][1] .= ' <span id="group_preview">';
$table->data[4][1] .= ui_print_group_icon ($grupo, true);
$table->data[4][1] .= '</span>';

16
pandora_console/godmode/agentes/configurar_agente.php
View File

@ -32,15 +32,18 @@ $tab = get_parameter ('tab', 'main');
//See if id_agente is set (either POST or GET, otherwise -1
$id_agente = (int) get_parameter ("id_agente");
$group = 0;
if ($id_agente)
$all_groups = array($group);
if ($id_agente) {
$group = agents_get_agent_group ($id_agente);
$all_groups = agents_get_all_groups_agent($id_agente, $group);
}
if (!check_acl ($config["id_user"], $group, "AW", $id_agente)) {
if (!check_acl_one_of_groups ($config["id_user"], $all_groups, "AW")) {
$access_granted = false;
switch ($tab) {
case 'alert':
case 'module':
if (check_acl ($config["id_user"], $group, "AD", $id_agente)) {
if (check_acl_one_of_groups ($config["id_user"], $all_groups, "AD")) {
$access_granted = true;
}
break;
@ -447,7 +450,7 @@ if ($id_agente) {
$incidenttab['active'] = false;
}
if (check_acl ($config["id_user"], $group, "AW", $id_agente)) {
if (check_acl_one_of_groups ($config["id_user"], $all_groups, "AW")) {
if ($has_remote_conf) {
$agent_name = agents_get_name($id_agente);
$agent_name = io_safe_output($agent_name);
@ -909,7 +912,7 @@ if ($update_agent) { // if modified some agent paramenter
if ($id_agente) {
//This has been done in the beginning of the page, but if an agent was created, this id might change
$id_grupo = agents_get_agent_group ($id_agente);
if (!check_acl ($config["id_user"], $id_grupo, "AW") && !check_acl ($config["id_user"], $id_grupo, "AD")) {
if (!check_acl_one_of_groups ($config["id_user"], $all_groups, "AW") && !check_acl_one_of_groups ($config["id_user"], $all_groups, "AD")) {
db_pandora_audit("ACL Violation","Trying to admin an agent without access");
require ("general/noaccess.php");
exit;
@ -1586,8 +1589,9 @@ if ($delete_module) { // DELETE agent module !
WHERE tam.id_agente_modulo = tae.id_agente_modulo
AND tam.id_agente_modulo = ' . $id_borrar_modulo);
$id_grupo = (int) agents_get_agent_group($id_agente);
$all_groups = agents_get_all_groups_agent ($id_agente, $id_grupo);
if (! check_acl ($config["id_user"], $id_grupo, "AW")) {
if (! check_acl_one_of_groups ($config["id_user"], $all_groups, "AW")) {
db_pandora_audit("ACL Violation",
"Trying to delete a module without admin rights");
require ("general/noaccess.php");

10
pandora_console/godmode/agentes/modificar_agente.php
View File

@ -79,16 +79,18 @@ $result = null;
if ($agent_to_delete) {
$id_agente = $agent_to_delete;
$agent_name = agents_get_name ($id_agente);
$id_grupo = agents_get_agent_group($id_agente);
if (check_acl ($config["id_user"], $id_grupo, "AW")) {
if (check_acl_one_of_groups (
$config["id_user"],
agents_get_all_groups_agent($id_agente),
"AW"
)) {
$id_agentes[0] = $id_agente;
$result = agents_delete_agent($id_agentes);
}
else {
// NO permissions.
db_pandora_audit("ACL Violation",
"Trying to delete agent \'$agent_name\'");
"Trying to delete agent \'" . agents_get_name ($id_agente). "\'");
require ("general/noaccess.php");
exit;
}

21
pandora_console/godmode/agentes/module_manager.php
View File

@ -111,7 +111,13 @@ if (($policy_page) || (isset($agent))) {
$show_creation = true;
}
else {
if (check_acl ($config['id_user'], $agent['id_grupo'], "AW"))
if (!isset($all_groups)) {
$all_groups = agents_get_all_groups_agent (
$agent['id_agente'],
$agent['id_grupo']
);
}
if (check_acl_one_of_groups ($config['id_user'], $all_groups, "AW"))
$show_creation = true;
}
@ -164,8 +170,9 @@ if ($multiple_delete) {
$count_correct_delete_modules = 0;
foreach($id_agent_modules_delete as $id_agent_module_del) {
$id_grupo = (int) agents_get_agent_group($id_agente);
$all_groups = agents_get_all_groups_agent($id_agente, $id_grupo);
if (! check_acl ($config["id_user"], $id_grupo, "AW")) {
if (! check_acl_one_of_groups ($config["id_user"], $all_groups, "AW")) {
db_pandora_audit("ACL Violation",
"Trying to delete a module without admin rights");
require ("general/noaccess.php");
@ -604,7 +611,7 @@ if ($checked) {
}
foreach ($modules as $module) {
if (! check_acl ($config["id_user"], $group, "AW", $id_agente) && ! check_acl ($config["id_user"], $group, "AD", $id_agente)) {
if (! check_acl_one_of_groups ($config["id_user"], $all_groups, "AW") && ! check_acl_one_of_groups ($config["id_user"], $all_groups, "AD")) {
continue;
}
@ -762,7 +769,7 @@ foreach ($modules as $module) {
array('alt' => __('Disable module'), 'title' => __('Disable module'))) ."</a>";
}
if (check_acl ($config['id_user'], $agent['id_grupo'], "AW") && $module['id_tipo_modulo'] != 25) {
if (check_acl_one_of_groups ($config['id_user'], $all_groups, "AW") && $module['id_tipo_modulo'] != 25) {
$data[8] .= '&nbsp;<a href="index.php?sec=gagente&tab=module&sec2=godmode/agentes/configurar_agente&id_agente='.$id_agente.'&duplicate_module='.$module['id_agente_modulo'].'"
onClick="if (!confirm(\' ' . __('Are you sure?') . '\')) return false;">';
$data[8] .= html_print_image ('images/copy.png', true,
@ -798,7 +805,7 @@ foreach ($modules as $module) {
}
}
if (check_acl ($config['id_user'], $agent['id_grupo'], "AW")) {
if (check_acl_one_of_groups ($config['id_user'], $all_groups, "AW")) {
// Delete module
$data[9] = html_print_checkbox('id_delete[]', $module['id_agente_modulo'], false, true);
$data[9] .= '&nbsp;<a href="index.php?sec=gagente&tab=module&sec2=godmode/agentes/configurar_agente&id_agente='.$id_agente.'&delete_module='.$module['id_agente_modulo'].'"
@ -811,14 +818,14 @@ foreach ($modules as $module) {
array_push ($table->data, $data);
}
if (check_acl ($config['id_user'], $agent['id_grupo'], "AW")) {
if (check_acl_one_of_groups ($config['id_user'], $all_groups, "AW")) {
echo '<form method="post" action="index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&id_agente='.$id_agente.'&tab=module"
onsubmit="if (! confirm (\'' . __('Are you sure?') . '\')) return false">';
}
html_print_table ($table);
if (check_acl ($config['id_user'], $agent['id_grupo'], "AW")) {
if (check_acl_one_of_groups ($config['id_user'], $all_groups, "AW")) {
echo '<div class="action-buttons" style="width: ' . $table->width . '">';
html_print_input_hidden ('multiple_delete', 1);
html_print_submit_button (__('Delete'), 'multiple_delete', false, 'class="sub delete"');

19
pandora_console/godmode/alerts/alert_list.list.php
View File

@ -443,12 +443,11 @@ foreach ($simple_alerts as $alert) {
if (! $id_agente) {
$id_agent = modules_get_agentmodule_agent ($alert['id_agent_module']);
$agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $id_agent);
$all_groups = agents_get_all_groups_agent($id_agent);
$data[0] = '';
if (check_acl ($config['id_user'], $agent_group, "AW")) {
if (check_acl_one_of_groups ($config['id_user'], $all_groups, "AW")) {
$main_tab = 'main';
}
else {
@ -467,7 +466,7 @@ foreach ($simple_alerts as $alert) {
$data[0] .= '</a>';
}
else {
$agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $id_agente);
$all_groups = agents_get_all_groups_agent($id_agente);
}
$module_name = modules_get_agentmodule_name ($alert['id_agent_module']);
@ -544,7 +543,7 @@ foreach ($simple_alerts as $alert) {
$data[2] .= '</ul>';
// Is possible manage actions if have LW permissions in the agent group of the alert module
if (check_acl ($config['id_user'], $agent_group, "LW")) {
if (check_acl_one_of_groups ($config['id_user'], $all_groups, "LW")) {
//~ $data[2] .= '<form method="post" action="' . $url . '" class="delete_link" style="display: inline; vertical-align: -50%;">';
$data[2] .= '<form method="post" action="' . $url . '" class="delete_link" style="display: inline;">';
$data[2] .= html_print_input_image ('delete',
@ -568,7 +567,7 @@ foreach ($simple_alerts as $alert) {
$data[2] .= '</div>';
$data[2] .= '</table>';
// Is possible manage actions if have LW permissions in the agent group of the alert module
if (check_acl ($config['id_user'], $agent_group, "LW") || check_acl ($config['id_user'], $template_group, "LM")) {
if (check_acl_one_of_groups ($config['id_user'], $all_groups, "LW") || check_acl ($config['id_user'], $template_group, "LM")) {
$own_info = get_user_info($config['id_user']);
if (check_acl ($config['id_user'], $template_group, "LW"))
$own_groups = users_get_groups($config['id_user'], 'LW', true);
@ -666,7 +665,7 @@ foreach ($simple_alerts as $alert) {
$data[4] .= '</form>';
// To manage alert is necessary LW permissions in the agent group
if(check_acl ($config['id_user'], $agent_group, "LW")) {
if(check_acl_one_of_groups ($config['id_user'], $all_groups, "LW")) {
$data[4] .= '&nbsp;&nbsp;<form class="standby_alert_form" action="' . $url . '" method="post" style="display: inline;">';
if (!$alert['standby']) {
$data[4] .= html_print_input_image ('standby_off', 'images/bell.png', 1, 'padding:0px;', true);
@ -681,7 +680,7 @@ foreach ($simple_alerts as $alert) {
}
// To access to policy page is necessary have AW permissions in the agent
if(check_acl ($config['id_user'], $agent_group, "AW")) {
if(check_acl_one_of_groups ($config['id_user'], $all_groups, "AW")) {
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
$policyInfo = policies_is_alert_in_policy2($alert['id'], false);
if ($policyInfo === false)
@ -697,7 +696,7 @@ foreach ($simple_alerts as $alert) {
}
// To manage alert is necessary LW permissions in the agent group
if(check_acl ($config['id_user'], $agent_group, "LW")) {
if(check_acl_one_of_groups ($config['id_user'], $all_groups, "LW")) {
$data[4] .= '&nbsp;&nbsp;<form class="delete_alert_form" action="' . $url . '" method="post" style="display: inline;">';
if ($alert['disabled']) {
$data[4] .= html_print_image('images/add.disabled.png',
@ -714,7 +713,7 @@ foreach ($simple_alerts as $alert) {
$data[4] .= '</form>';
}
if(check_acl ($config['id_user'], $agent_group, "LM")) {
if(check_acl_one_of_groups ($config['id_user'], $all_groups, "LM")) {
$data[4] .= '<form class="view_alert_form" method="post" style="display: inline;" action="index.php?sec=galertas&sec2=godmode/alerts/alert_view">';
$data[4] .= html_print_input_image ('view_alert', 'images/eye.png', 1, '', true, array('title' => __('View alert advanced details')));
$data[4] .= html_print_input_hidden ('id_alert', $alert['id'], true);

4
pandora_console/godmode/alerts/alert_list.php
View File

@ -294,8 +294,8 @@ if ($id_agente) {
echo $messageAction;
require_once('godmode/alerts/alert_list.list.php');
if(check_acl ($config['id_user'], $agent['id_grupo'], "LW") || check_acl ($config['id_user'], $agent['id_grupo'], "LM")) {
$all_groups = agents_get_all_groups_agent ($id_agente, $agent['id_grupo']);
if(check_acl_one_of_groups ($config['id_user'], $all_groups, "LW") || check_acl_one_of_groups ($config['id_user'], $all_groups, "LM")) {
require_once('godmode/alerts/alert_list.builder.php');
}

4
pandora_console/include/functions_agents.php
View File

@ -1836,8 +1836,8 @@ function agents_delete_agent ($id_agents, $disableACL = false) {
$agent_alias = io_safe_output(agents_get_alias($id_agent));
/* Check for deletion permissions */
$id_group = agents_get_agent_group ($id_agent);
if ((! check_acl ($config['id_user'], $id_group, "AW")) && !$disableACL) {
$all_groups = agents_get_all_groups_agent ($id_agent);
if ((! check_acl_one_of_groups ($config['id_user'], $all_groups, "AW")) && !$disableACL) {
return false;
}

11
pandora_console/include/functions_users.php
View File

@ -422,15 +422,16 @@ function users_get_first_group ($id_user = false, $privilege = "AR", $all_group
function users_access_to_agent ($id_agent, $mode = "AR", $id_user = false) {
if (empty ($id_agent))
return false;
if ($id_user == false) {
global $config;
$id_user = $config['id_user'];
}
$id_group = (int) db_get_value ('id_grupo', 'tagente', 'id_agente', (int) $id_agent);
return (bool) check_acl ($id_user, $id_group, $mode);
return (bool) check_acl_one_of_groups (
$id_user,
agents_get_all_groups_agent((int)$id_agent),
$mode);
}
/**

4
pandora_console/operation/agentes/alerts_status.php
View File

@ -503,7 +503,7 @@ if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
$table->head[1] = "<span title='" . __('Standby') . "'>" . __('S.') . "</span>";
if (!is_metaconsole()) {
if (check_acl($config['id_user'], $id_group, "AW") || check_acl ($config["id_user"], $id_group, "LM"))
if (check_acl_one_of_groups($config['id_user'], $all_groups, "AW") || check_acl_one_of_groups ($config["id_user"], $all_groups, "LM"))
$table->head[2] = "<span title='" . __('Force execution') . "'>" . __('F.') . "</span>";
}
@ -514,7 +514,7 @@ if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
$table->head[7] = __('Status');
if (!is_metaconsole()) {
$table->size[7] = '5%';
if (check_acl ($config["id_user"], $id_group, "LW") || check_acl ($config["id_user"], $id_group, "LM")) {
if (check_acl_one_of_groups ($config["id_user"], $all_groups, "LW") || check_acl_one_of_groups ($config["id_user"], $all_groups, "LM")) {
$table->head[8] = __('Validate');
$table->align[8] = 'center';
$table->size[8] = '5%';

13
pandora_console/operation/agentes/custom_fields.php
View File

@ -29,15 +29,20 @@ if ($id_agente === -1) {
return;
}
if (! check_acl ($config["id_user"], $agent["id_grupo"], "AR") && ! check_acl ($config['id_user'], 0, "AW")) {
db_pandora_audit("ACL Violation",
// All groups is calculated in ver_agente.php. Avoid to calculate it again
if (!isset($all_groups)) {
$all_groups = agents_get_all_groups_agent ($idAgent, $id_group);
}
if (! check_acl_one_of_groups ($config["id_user"], $all_groups, "AR") && ! check_acl ($config['id_user'], 0, "AW")) {
db_pandora_audit("ACL Violation",
"Trying to access Agent General Information");
require_once ("general/noaccess.php");
return;
}
$all_customs_fields = (bool)check_acl($config["id_user"],
$agent["id_grupo"], "AW");
$all_customs_fields = (bool)check_acl_one_of_groups($config["id_user"],
$all_groups, "AW");
if ($all_customs_fields) {
$fields = db_get_all_rows_filter('tagent_custom_fields');

4
pandora_console/operation/agentes/estado_agente.php
View File

@ -95,8 +95,8 @@ if (is_ajax ()) {
if ($get_agent_module_last_value) {
$id_module = (int) get_parameter ('id_agent_module');
if (! check_acl ($config['id_user'], agents_get_agentmodule_group ($id_module), "AR")) {
$id_agent = (int) modules_get_agentmodule_agent ((int) $id_module);
if (! check_acl_one_of_groups ($config['id_user'], agents_get_all_groups_agent ($id_agent), "AR")) {
db_pandora_audit("ACL Violation",
"Trying to access agent main list view");
echo json_encode (false);