From 818766912fe8b6627d81808151a2405943526f43 Mon Sep 17 00:00:00 2001 From: Junichi Satoh Date: Tue, 5 Jan 2021 18:06:21 +0900 Subject: [PATCH] Fixed permission problems and improved function for api calls, 'set create_alert_template', 'set update_alert_template' and 'set delete_alert_template'. --- pandora_console/include/functions_api.php | 218 ++++++++++++++++------ 1 file changed, 156 insertions(+), 62 deletions(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 980bfc0d25..b42088d76f 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -5242,6 +5242,8 @@ function api_get_module_value_all_agents($id, $thrash1, $other, $thrash2) */ function api_set_create_alert_template($name, $thrash1, $other, $thrash3) { + global $config; + if (defined('METACONSOLE')) { return; } @@ -5257,64 +5259,92 @@ function api_set_create_alert_template($name, $thrash1, $other, $thrash3) $template_name = $name; $type = $other['data'][0]; + $id_group = $other['data'][26]; + + if ($id_group == '') { + returnError( + 'error_create_alert_template', + __('Error creating alert template. Id_group cannot be left blank.') + ); + return; + } + + if (users_can_manage_group_all('LM')) { + $groups = users_get_groups($config['id_user'], 'LM'); + } else { + $groups = users_get_groups($config['id_user'], 'LM', false); + } + if ($groups[$id_group] === null) { + returnError( + 'error_create_alert_template', + __('Error creating alert template. Invalid id_group or the user has not enough permission to make this action.') + ); + return; + } + + for ($i = 29; $i < 54; $i++) { + if ($other['data'][$i] === null) { + $other['data'][$i] = ''; + } + } + + $values = [ + 'description' => $other['data'][1], + 'field1' => $other['data'][3], + 'field2' => $other['data'][4], + 'field3' => $other['data'][5], + 'value' => $other['data'][6], + 'matches_value' => $other['data'][7], + 'max_value' => $other['data'][8], + 'min_value' => $other['data'][9], + 'time_threshold' => $other['data'][10], + 'max_alerts' => $other['data'][11], + 'min_alerts' => $other['data'][12], + 'time_from' => $other['data'][13], + 'time_to' => $other['data'][14], + 'monday' => $other['data'][15], + 'tuesday' => $other['data'][16], + 'wednesday' => $other['data'][17], + 'thursday' => $other['data'][18], + 'friday' => $other['data'][19], + 'saturday' => $other['data'][20], + 'sunday' => $other['data'][21], + 'recovery_notify' => $other['data'][22], + 'field2_recovery' => $other['data'][23], + 'field3_recovery' => $other['data'][24], + 'priority' => $other['data'][25], + 'id_group' => $other['data'][26], + 'special_day' => $other['data'][27], + 'min_alerts_reset_counter' => $other['data'][28], + 'field1_recovery' => $other['data'][29], + 'field4' => $other['data'][30], + 'field5' => $other['data'][31], + 'field6' => $other['data'][32], + 'field7' => $other['data'][33], + 'field8' => $other['data'][34], + 'field9' => $other['data'][35], + 'field10' => $other['data'][36], + 'field11' => $other['data'][37], + 'field12' => $other['data'][38], + 'field13' => $other['data'][39], + 'field14' => $other['data'][40], + 'field15' => $other['data'][41], + 'field4_recovery' => $other['data'][42], + 'field5_recovery' => $other['data'][43], + 'field6_recovery' => $other['data'][44], + 'field7_recovery' => $other['data'][45], + 'field8_recovery' => $other['data'][46], + 'field9_recovery' => $other['data'][47], + 'field10_recovery' => $other['data'][48], + 'field11_recovery' => $other['data'][49], + 'field12_recovery' => $other['data'][50], + 'field13_recovery' => $other['data'][51], + 'field14_recovery' => $other['data'][52], + 'field15_recovery' => $other['data'][53], + ]; if ($other['data'][2] != '') { - $values = [ - 'description' => $other['data'][1], - 'id_alert_action' => $other['data'][2], - 'field1' => $other['data'][3], - 'field2' => $other['data'][4], - 'field3' => $other['data'][5], - 'value' => $other['data'][6], - 'matches_value' => $other['data'][7], - 'max_value' => $other['data'][8], - 'min_value' => $other['data'][9], - 'time_threshold' => $other['data'][10], - 'max_alerts' => $other['data'][11], - 'min_alerts' => $other['data'][12], - 'time_from' => $other['data'][13], - 'time_to' => $other['data'][14], - 'monday' => $other['data'][15], - 'tuesday' => $other['data'][16], - 'wednesday' => $other['data'][17], - 'thursday' => $other['data'][18], - 'friday' => $other['data'][19], - 'saturday' => $other['data'][20], - 'sunday' => $other['data'][21], - 'recovery_notify' => $other['data'][22], - 'field2_recovery' => $other['data'][23], - 'field3_recovery' => $other['data'][24], - 'priority' => $other['data'][25], - 'id_group' => $other['data'][26], - ]; - } else { - $values = [ - 'description' => $other['data'][1], - 'field1' => $other['data'][3], - 'field2' => $other['data'][4], - 'field3' => $other['data'][5], - 'value' => $other['data'][6], - 'matches_value' => $other['data'][7], - 'max_value' => $other['data'][8], - 'min_value' => $other['data'][9], - 'time_threshold' => $other['data'][10], - 'max_alerts' => $other['data'][11], - 'min_alerts' => $other['data'][12], - 'time_from' => $other['data'][13], - 'time_to' => $other['data'][14], - 'monday' => $other['data'][15], - 'tuesday' => $other['data'][16], - 'wednesday' => $other['data'][17], - 'thursday' => $other['data'][18], - 'friday' => $other['data'][19], - 'saturday' => $other['data'][20], - 'sunday' => $other['data'][21], - 'recovery_notify' => $other['data'][22], - 'field2_recovery' => $other['data'][23], - 'field3_recovery' => $other['data'][24], - 'priority' => $other['data'][25], - 'id_group' => $other['data'][26], - ]; + $values['id_alert_action'] = $other['data'][2]; } $id_template = alerts_create_alert_template($template_name, $type, $values); @@ -5353,11 +5383,6 @@ function api_set_update_alert_template($id_template, $thrash1, $other, $thrash3) return; } - if (!check_acl($config['id_user'], 0, 'LM')) { - returnError('forbidden', 'string'); - return; - } - if ($id_template == '') { returnError( 'error_update_alert_template', @@ -5366,7 +5391,7 @@ function api_set_update_alert_template($id_template, $thrash1, $other, $thrash3) return; } - $result_template = alerts_get_alert_template_name($id_template); + $result_template = alerts_get_alert_template($id_template); if (!$result_template) { returnError( @@ -5376,6 +5401,25 @@ function api_set_update_alert_template($id_template, $thrash1, $other, $thrash3) return; } + if (users_can_manage_group_all('LM')) { + $groups = users_get_groups($config['id_user'], 'LM'); + } else { + $groups = users_get_groups($config['id_user'], 'LM', false); + } + $id_group_org = $result_template['id_group']; + if ($other['data'][27] === null) { + $id_group_new = $id_group_org; + } else { + $id_group_new = $other['data'][27]; + } + if ($groups[$id_group_org] === null || $groups[$id_group_new] === null) { + returnError( + 'error_create_alert_template', + __('Error updating alert template. Invalid id_group or the user has not enough permission to make this action.') + ); + return; + } + $fields_template = [ 'name', 'type', @@ -5405,6 +5449,33 @@ function api_set_update_alert_template($id_template, $thrash1, $other, $thrash3) 'field3_recovery', 'priority', 'id_group', + 'special_day', + 'min_alerts_reset_counter', + 'field1_recovery', + 'field4', + 'field5', + 'field6', + 'field7', + 'field8', + 'field9', + 'field10', + 'field11', + 'field12', + 'field13', + 'field14', + 'field15', + 'field4_recovery', + 'field5_recovery', + 'field6_recovery', + 'field7_recovery', + 'field8_recovery', + 'field9_recovery', + 'field10_recovery', + 'field11_recovery', + 'field12_recovery', + 'field13_recovery', + 'field14_recovery', + 'field15_recovery', ]; $cont = 0; @@ -5451,6 +5522,8 @@ function api_set_update_alert_template($id_template, $thrash1, $other, $thrash3) */ function api_set_delete_alert_template($id_template, $thrash1, $other, $thrash3) { + global $config; + if (defined('METACONSOLE')) { return; } @@ -5463,6 +5536,27 @@ function api_set_delete_alert_template($id_template, $thrash1, $other, $thrash3) return; } + $result_template = alerts_get_alert_template($id_template); + + if (!$result_template) { + returnError( + 'error_update_alert_template', + __('Error deleting alert template. Id_template doesn\'t exist.') + ); + return; + } + + if (users_can_manage_group_all('LM')) { + $groups = users_get_groups($config['id_user'], 'LM'); + } else { + $groups = users_get_groups($config['id_user'], 'LM', false); + } + $id_group = $result_template['id_group']; + if ($groups[$id_group] === null) { + returnError('forbidden', 'string'); + return; + } + $result = alerts_delete_alert_template($id_template); if ($result == 0) {