tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed events with non privileges user. Ticket #208

This commit is contained in:
Arturo Gonzalez 2017-01-31 11:01:54 +01:00
parent 29a0b192b1
commit 9d5a79b6fc
3 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_console/include/functions_tags.php
View File

@ -672,10 +672,13 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR',
$acltags = tags_get_user_module_and_tags($id_user, $access);
// Delete the groups without tag restrictions from the acl tags array if $force_group_and_tag == false
// Delete the groups that aren't in the received groups id
$acltags_aux = array();
if (!empty($groups) && in_array(0, $groups)) {
$acltags_aux[0] = "";
}
foreach ($acltags as $group_id => $tags) {
if (!empty($groups) && array_search($group_id, $groups) === false) {
unset($acltags[$group_id]);
@ -860,7 +863,7 @@ function tags_get_acl_tags_event_condition($acltags, $meta = false, $force_group
foreach ($acltags as $group_id => $group_tags) {
// Group condition (The module belongs to an agent of the group X)
// Juanma (08/05/2014) Fix : Get all groups (children also, Propagate ACL func!)
$group_condition = sprintf('id_grupo IN (%s)', implode(',', array_values(groups_get_id_recursive($group_id))));
$group_condition = sprintf('id_grupo IN (%s)', implode(',', array_values(groups_get_id_recursive($group_id, true))));
$_groups_not_in .= implode(',', array_values(groups_get_id_recursive($group_id))) . ',';
// Tags condition (The module has at least one of the restricted tags)

6
pandora_console/operation/events/events.build_query.php
View File

@ -191,8 +191,8 @@ if (!empty($tag_with)) {
$first = true;
foreach ($tag_with as $id_tag) {
if ($first) $first = false;
else $sql_post .= " OR ";
$sql_post .= "tags = '" . tags_get_name($id_tag) . "'";
else $sql_post .= " AND ";
$sql_post .= "tags LIKE '%" . tags_get_name($id_tag) . "%'";
}
$sql_post .= ' ) ';
}
@ -203,7 +203,7 @@ if (!empty($tag_without)) {
if ($first) $first = false;
else $sql_post .= " AND ";
$sql_post .= "tags <> '" . tags_get_name($id_tag) . "'";
$sql_post .= "tags NOT LIKE '%" . tags_get_name($id_tag) . "%'";
}
$sql_post .= ' ) ';
}

2
pandora_console/operation/events/events.php
View File

@ -25,8 +25,6 @@ require_once ($config['homedir'].'/include/functions_ui.php');
check_login ();
if (! check_acl ($config["id_user"], 0, "ER") && ! check_acl ($config["id_user"], 0, "EW") && ! check_acl ($config["id_user"], 0, "EM")) {
db_pandora_audit("ACL Violation",
"Trying to access event viewer");