tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed several bugs with acl tags.

This commit is contained in:
Vanessa Gil 2014-12-03 10:27:27 +01:00
parent 6c6e49ea91
commit 9e3c5d3932
4 changed files with 149 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/include/ajax/events.php
View File

@ -222,9 +222,9 @@ if ($get_extended_event) {
$event_id = get_parameter('event_id',false); $event_id = get_parameter('event_id',false);
$childrens_ids = get_parameter('childrens_ids'); $childrens_ids = get_parameter('childrens_ids');
$childrens_ids = json_decode($childrens_ids); $childrens_ids = json_decode($childrens_ids);
if ($meta) { if ($meta) {
$event = events_meta_get_event($event_id, false, $history); $event = events_meta_get_event($event_id, false, $history, "ER");
} }
else { else {
$event = events_get_event($event_id); $event = events_get_event($event_id);

42
pandora_console/include/functions_groups.php
View File

@ -1198,6 +1198,7 @@ function groups_agent_ok ($group_array) {
if (empty ($group_array)) { if (empty ($group_array)) {
return 0; return 0;
} }
else if (!is_array ($group_array)) { else if (!is_array ($group_array)) {
$group_array = array($group_array); $group_array = array($group_array);
@ -1206,12 +1207,7 @@ function groups_agent_ok ($group_array) {
$group_clause = implode (",", $group_array); $group_clause = implode (",", $group_array);
$group_clause = "(" . $group_clause . ")"; $group_clause = "(" . $group_clause . ")";
$count = db_get_sql ("SELECT COUNT(*) $count = db_get_sql ("SELECT COUNT(*) FROM tagente WHERE tagente.disabled=0 AND normal_count=total_count AND id_grupo IN $group_clause");
FROM tagente
WHERE tagente.disabled = 0
AND normal_count = total_count
AND (notinit_count != 0)
AND id_grupo IN $group_clause");
return $count > 0 ? $count : 0; return $count > 0 ? $count : 0;
} }
@ -1627,27 +1623,31 @@ function groups_get_tree(&$groups, $parent = false) {
return $return; return $return;
} }
function groups_get_all_hierarchy_group ($id_group, $hierarchy = array(), $debug = false) { function groups_get_all_hierarchy_group ($id_group, $hierarchy = array()) {
global $config; global $config;
$hierarchy[] = $id_group; if ($id_group == 0) {
$parent = db_get_value('parent','tgrupo','id_grupo',$id_group); $hierarchy = groups_get_childrens($id_group);
} else {
$hierarchy[] = $id_group;
$parent = db_get_value('parent','tgrupo','id_grupo',$id_group);
if ($parent !== 0) { if ($parent !== 0) {
$propagate = db_get_value('propagate','tgrupo','id_grupo',$parent); $propagate = db_get_value('propagate','tgrupo','id_grupo',$parent);
if ($propagate == 1) { if ($propagate == 1) {
//$childrens_ids_parent = array($parent); //$childrens_ids_parent = array($parent);
$hierarchy[] = $parent; $hierarchy[] = $parent;
$childrens = groups_get_childrens($parent); $childrens = groups_get_childrens($parent);
if (!empty($childrens)) { if (!empty($childrens)) {
foreach ($childrens as $child) { foreach ($childrens as $child) {
//$childrens_ids_parent[] = (int)$child['id_grupo']; //$childrens_ids_parent[] = (int)$child['id_grupo'];
$hierarchy[] = (int)$child['id_grupo']; $hierarchy[] = (int)$child['id_grupo'];
}
} }
}
$hierarchy = groups_get_all_hierarchy_group ($parent, $hierarchy); $hierarchy = groups_get_all_hierarchy_group ($parent, $hierarchy);
}
} }
} }
return $hierarchy; return $hierarchy;

234
pandora_console/include/functions_tags.php
View File

@ -636,8 +636,8 @@ function tags_get_tags_formatted ($tags_array, $get_url = true) {
* @return mixed/string Tag ids * @return mixed/string Tag ids
*/ */
function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = 'module_condition', $query_prefix = '', $query_table = '', $meta = false, $childrens_ids = array()) { function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = 'module_condition', $query_prefix = '', $query_table = '', $meta = false, $childrens_ids = array(), $force_group_and_tag = false) {
global $config; global $config;
if ($id_user == false) { if ($id_user == false) {
@ -670,29 +670,16 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
$id_group = (array) $id_group; $id_group = (array) $id_group;
} }
$id_group_aux = array(); if ($id_group[0] != 0) {
foreach ($id_group as $key=>$id) { $id_group = groups_get_all_hierarchy_group ($id_group[0]);
array_push($id_group_aux, $id);
$parent = db_get_value('parent','tgrupo','id_grupo',$id);
if ($parent !== 0) {
$propagate = db_get_value('propagate','tgrupo','id_grupo',$parent);
if ($propagate == 1) {
array_push($id_group_aux,$parent);
}
}
} }
$id_group = $id_group_aux;
$acl_column = get_acl_column($access); $acl_column = get_acl_column($access);
if (empty($acl_column)) { if (empty($acl_column)) {
return ERR_WRONG_PARAMETERS; return ERR_WRONG_PARAMETERS;
} }
if (!empty($childrens_ids)) {
$id_group = $childrens_ids;
}
$query = sprintf("SELECT tags, id_grupo $query = sprintf("SELECT tags, id_grupo
FROM tusuario_perfil, tperfil FROM tusuario_perfil, tperfil
WHERE tperfil.id_perfil = tusuario_perfil.id_perfil AND WHERE tperfil.id_perfil = tusuario_perfil.id_perfil AND
@ -712,25 +699,37 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
$acltags = array(); $acltags = array();
foreach ($tags as $tagsone) { foreach ($tags as $tagsone) {
if (empty($tagsone['tags'])) { if ($force_group_and_tag) {
// If there arent tags restriction in all groups (group 0), return no condition if (empty($tagsone['tags'])) {
if ($tagsone['id_grupo'] == 0) { // Do none
switch ($return_mode) { }
case 'data': }
return array(); else {
break; if (empty($tagsone['tags'])) {
case 'event_condition': // If there arent tags restriction in all groups (group 0), return no condition
case 'module_condition': if ($tagsone['id_grupo'] == 0) {
return ""; switch ($return_mode) {
break; case 'data':
} return array();
break;
case 'event_condition':
case 'module_condition':
return "";
break;
}
}
$non_restriction_groups[] = $tagsone['id_grupo'];
continue;
} }
$non_restriction_groups[] = $tagsone['id_grupo'];
continue;
} }
$tags_array = explode(',',$tagsone['tags']); $tags_array = explode(',',$tagsone['tags']);
if ($force_group_and_tag) {
if (empty($tagsone['tags'])) {
$tags_array = array();
}
}
if (!isset($acltags[$tagsone['id_grupo']])) { if (!isset($acltags[$tagsone['id_grupo']])) {
$acltags[$tagsone['id_grupo']] = $tags_array; $acltags[$tagsone['id_grupo']] = $tags_array;
@ -761,7 +760,7 @@ function tags_get_acl_tags($id_user, $id_group, $access = 'AR', $return_mode = '
break; break;
case 'event_condition': case 'event_condition':
// Return the condition of the tags for tevento table // Return the condition of the tags for tevento table
$condition = tags_get_acl_tags_event_condition($acltags, $meta); $condition = tags_get_acl_tags_event_condition($acltags, $meta, $force_group_and_tag);
if(!empty($condition)) { if(!empty($condition)) {
return " $query_prefix "."(".$condition.")"; return " $query_prefix "."(".$condition.")";
} }
@ -837,15 +836,17 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') {
* @return string SQL condition for tagente_module * @return string SQL condition for tagente_module
*/ */
function tags_get_acl_tags_event_condition($acltags, $meta = false) { function tags_get_acl_tags_event_condition($acltags, $meta = false, $force_group_and_tag = false) {
global $config;
$condition = ''; $condition = '';
// Get all tags of the system // Get all tags of the system
$all_tags = tags_get_all_tags(false); $all_tags = tags_get_all_tags(false);
// Juanma (08/05/2014) Fix : Will have all groups retrieved (also propagated ones) // Juanma (08/05/2014) Fix : Will have all groups retrieved (also propagated ones)
$_groups_not_in = ''; $_groups_not_in = '';
foreach ($acltags as $group_id => $group_tags) { foreach ($acltags as $group_id => $group_tags) {
// Group condition (The module belongs to an agent of the group X) // Group condition (The module belongs to an agent of the group X)
// Juanma (08/05/2014) Fix : Get all groups (children also, Propagate ACL func!) // Juanma (08/05/2014) Fix : Get all groups (children also, Propagate ACL func!)
@ -854,24 +855,49 @@ function tags_get_acl_tags_event_condition($acltags, $meta = false) {
// Tags condition (The module has at least one of the restricted tags) // Tags condition (The module has at least one of the restricted tags)
$tags_condition = ''; $tags_condition = '';
foreach ($group_tags as $tag) { if (empty($group_tags)) {
// If the tag ID doesnt exist, ignore $tags_condition = "id_grupo = ".$group_id;
if (!isset($all_tags[$tag])) { } else {
continue; foreach ($group_tags as $tag) {
// If the tag ID doesnt exist, ignore
if (!isset($all_tags[$tag])) {
continue;
}
if ($tags_condition != '') {
$tags_condition .= " OR \n";
}
//~ // Add as condition all the posibilities of the serialized tags
//~ $tags_condition .= sprintf('tags LIKE "%s,%%"',io_safe_input($all_tags[$tag]));
//~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s,%%"',io_safe_input($all_tags[$tag]));
//~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s"',io_safe_input($all_tags[$tag]));
//~ $tags_condition .= sprintf(' OR tags LIKE "%s %%"',io_safe_input($all_tags[$tag]));
//~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s %%"',io_safe_input($all_tags[$tag]));
if ($force_group_and_tag) {
if (!empty($all_tags[$tag])) {
$tags_condition .= sprintf('(tags = "%s"',io_safe_input($all_tags[$tag]));
$childrens = groups_get_childrens($group_id, null, true);
if (empty($childrens)) {
$tags_condition .= sprintf(' AND id_grupo = %d )', $group_id);
} else {
$childrens_ids[] = $group_id;
foreach ($childrens as $child) {
$childrens_ids[] = (int)$child['id_grupo'];
}
$ids_str = implode(',', $childrens_ids);
$tags_condition .= sprintf(' AND id_grupo IN (%s) )', $ids_str);
}
} else {
$tags_condition .= "id_grupo = ".$group_id;
}
} else {
$tags_condition .= sprintf('tags = "%s"',io_safe_input($all_tags[$tag]));
}
} }
if ($tags_condition != '') {
$tags_condition .= " OR \n";
}
//~ // Add as condition all the posibilities of the serialized tags
//~ $tags_condition .= sprintf('tags LIKE "%s,%%"',io_safe_input($all_tags[$tag]));
//~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s,%%"',io_safe_input($all_tags[$tag]));
//~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s"',io_safe_input($all_tags[$tag]));
//~ $tags_condition .= sprintf(' OR tags LIKE "%s %%"',io_safe_input($all_tags[$tag]));
//~ $tags_condition .= sprintf(' OR tags LIKE "%%,%s %%"',io_safe_input($all_tags[$tag]));
$tags_condition .= sprintf('tags = "%s"',io_safe_input($all_tags[$tag]));
} }
// If there is not tag condition ignore // If there is not tag condition ignore
@ -883,11 +909,7 @@ function tags_get_acl_tags_event_condition($acltags, $meta = false) {
$condition .= ' OR '; $condition .= ' OR ';
} }
if ($meta) { $condition .= "($tags_condition)\n";
$condition .= "($tags_condition)\n";
} else {
$condition .= "($group_condition AND \n($tags_condition))\n";
}
} }
//Commented because ACLs propagation don't work //Commented because ACLs propagation don't work
@ -1142,7 +1164,7 @@ function tags_check_acl($id_user, $id_group, $access, $tags = array(), $flag_id_
function tags_check_acl_event($id_user, $id_group, $access, $tags = array(),$p = false) { function tags_check_acl_event($id_user, $id_group, $access, $tags = array(),$p = false) {
global $config; global $config;
if($id_user === false) { if($id_user === false) {
$id_user = $config['id_user']; $id_user = $config['id_user'];
} }
@ -1239,64 +1261,56 @@ function tags_checks_event_acl($id_user, $id_group, $access, $tags = array(), $c
if($id_user === false) { if($id_user === false) {
$id_user = $config['id_user']; $id_user = $config['id_user'];
} }
$tags_user = tags_get_acl_tags($id_user, $id_group, $access, 'data', '', '', true, $childrens_ids, true);
$tags_user = tags_get_acl_tags($id_user, $id_group, $access, 'data', '', '', false, $childrens_ids); //check user without tags
$sql = "SELECT id_usuario FROM tusuario_perfil
// If there are wrong parameters or fail ACL check, return false WHERE id_usuario = '".$config["id_user"]."' AND tags = ''
if($tags_user === ERR_WRONG_PARAMETERS || $tags_user === ERR_ACL) { AND id_perfil IN (SELECT id_perfil FROM tperfil WHERE ".get_acl_column($access)."=1)";
//return false; $user_has_perm_without_tags = db_get_all_rows_sql ($sql);
$return = false;
if ($user_has_perm_without_tags) {
return true;
} }
// If there are not tags restrictions or tags passed, return true $query = sprintf("SELECT tags, id_grupo
//if(empty($tags_user) || empty($tags)) { FROM tusuario_perfil, tperfil
if(empty($tags_user)) { WHERE tperfil.id_perfil = tusuario_perfil.id_perfil AND
return true; tusuario_perfil.id_usuario = '%s' AND
//$return = true; tperfil.%s = 1
ORDER BY id_grupo", $id_user, get_acl_column($access));
$user_tags = db_get_all_rows_sql($query);
if ($user_tags === false) {
$user_tags = array();
} }
$tags_user_ids = array(); foreach ($user_tags as $user_tag) {
foreach ($tags_user as $id=>$tag_user) { $tags_user = $user_tag['tags'];
$tags_user_ids[] = $tag_user[0]; $id_group_user = $user_tag['id_grupo'];
} $childrens = groups_get_childrens($id_group_user, null, true);
if (in_array($id_group, $childrens_ids)) { //check group if (empty($childrens)) {
foreach ($tags as $tag) { $group_ids = $id_group_user;
$tag_id = tags_get_id($tag); } else {
if (in_array($tag_id, $tags_user_ids)) { //check tag $childrens_ids[] = $id_group_user;
return true; foreach ($childrens as $child) {
//$return = true; $childrens_ids[] = (int)$child['id_grupo'];
} }
$group_ids = implode(',', $childrens_ids);
}
$sql = "SELECT id_usuario FROM tusuario_perfil
WHERE id_usuario = '".$config["id_user"]."' AND tags = $tags_user
AND id_perfil IN (SELECT id_perfil FROM tperfil WHERE ".get_acl_column($access)."=1)
AND id_grupo IN ($group_ids)";
$has_perm = db_get_value_sql ($sql);
if ($has_perm) {
return true;
} }
} }
//return false;
$return = false;
if ($return == false) {
$parent = db_get_value('parent','tgrupo','id_grupo',$id_group);
if ($parent !== 0) {
$propagate = db_get_value('propagate','tgrupo','id_grupo',$parent);
if ($propagate == 1) {
$childrens_ids_parent = array($parent);
$childrens = groups_get_childrens($parent);
if (!empty($childrens)) {
foreach ($childrens as $child) {
$childrens_ids_parent[] = (int)$child['id_grupo'];
}
}
//$acl_parent = tags_check_acl_event($id_user, $parent, $access, $tags,$p);
$acl_parent = tags_checks_event_acl($id_user, $parent, $access, $tags, $childrens_ids_parent);
return $acl_parent;
}
}
}
return false; return false;
} }
?> ?>

10
pandora_console/operation/events/events.build_query.php
View File

@ -162,7 +162,6 @@ else {
} }
} }
//Search by tag //Search by tag
if (!empty($tag_with)) { if (!empty($tag_with)) {
$sql_post .= ' AND ( '; $sql_post .= ' AND ( ';
@ -202,13 +201,8 @@ else {
$group_array = array_keys($groups); $group_array = array_keys($groups);
} }
//$tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER', 'event_condition', 'AND', '', $meta); $tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER',
if ($id_group == 0) { 'event_condition', 'AND', '', $meta, array(), true); //FORCE CHECK SQL "(TAG = tag1 AND id_grupo = 1)"
$hierarchy = array_keys($groups);
} else {
$hierarchy = groups_get_all_hierarchy_group ($id_group, array(), true);
}
$tags_acls_condition = tags_get_acl_tags($id_user, $group_array, 'ER', 'event_condition', 'AND', '', $meta, $hierarchy, true);
if (($tags_acls_condition != ERR_WRONG_PARAMETERS) && ($tags_acls_condition != ERR_ACL)&& ($tags_acls_condition != -110000)) { if (($tags_acls_condition != ERR_WRONG_PARAMETERS) && ($tags_acls_condition != ERR_ACL)&& ($tags_acls_condition != -110000)) {
$sql_post .= $tags_acls_condition; $sql_post .= $tags_acls_condition;