tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-2010-error-de-ACLs-en-custom-graphs-y-reports' into 'develop' 

[ACL] Now only RM can delete custom graphs

See merge request artica/pandorafms!1341
This commit is contained in:
vgilc 2018-06-04 10:10:56 +02:00
parent b2eada198a 836cce115d
commit 9ea0115043
3 changed files with 24 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_console/godmode/reporting/graph_builder.main.php
View File

@ -116,11 +116,8 @@ if ($edit_graph) {
echo ">";
$own_info = get_user_info ($config['id_user']);
if ($own_info['is_admin'] || check_acl ($config['id_user'], 0, "PM"))
$return_all_groups = true;
else
$return_all_groups = false;
$return_all_groups = $own_info['is_admin'] || users_can_manage_group_all("RR");
echo "<td><b>".__('Group')."</b></td><td>";
if (check_acl ($config['id_user'], 0, "RW"))
echo html_print_select_groups($config['id_user'], 'RW', $return_all_groups, 'graph_id_group', $id_group, '', '', '', true);

20
pandora_console/godmode/reporting/graphs.php
View File

@ -23,7 +23,7 @@ check_login ();
$report_r = check_acl ($config['id_user'], 0, "RR");
$report_w = check_acl ($config['id_user'], 0, "RW");
$report_m = check_acl ($config['id_user'], 0, "RM");
$access = ($report_r == true) ? 'RR' : (($report_w == true) ? 'RW' : (($report_m == true) ? 'RM' : 'RR'));
if (!$report_r && !$report_w && !$report_m) {
db_pandora_audit("ACL Violation",
"Trying to access Inventory Module Management");
@ -31,6 +31,9 @@ if (!$report_r && !$report_w && !$report_m) {
return;
}
$access = ($report_r == true) ? 'RR' : (($report_w == true) ? 'RW' : (($report_m == true) ? 'RM' : 'RR'));
$manage_group_all = users_can_manage_group_all($access);
$activeTab = get_parameter('tab', 'main');
$enterpriseEnable = false;
@ -185,20 +188,21 @@ if (!empty ($graphs)) {
$data[2] = $graph["graphs_count"];
$data[3] = ui_print_group_icon($graph['id_group'],true);
if (($report_w || $report_m) && users_can_manage_group_all($access)) {
$data[4] = '';
if (($report_w || $report_m) && $manage_group_all) {
$data[4] = '<a href="index.php?sec=reporting&sec2=godmode/reporting/graph_builder&edit_graph=1&id='.
$graph['id_graph'].'">'.html_print_image("images/config.png", true).'</a>';
$data[4] .= '&nbsp;';
}
$data[4] .= '&nbsp;';
if ($report_m && $manage_group_all) {
$data[4] .= '<a href="index.php?sec=reporting&sec2=godmode/reporting/graphs&delete_graph=1&id='
.$graph['id_graph'].'" onClick="if (!confirm(\''.__('Are you sure?').'\'))
return false;">' . html_print_image("images/cross.png", true, array('alt' => __('Delete'), 'title' => __('Delete'))) . '</a>' .
html_print_checkbox_extended ('delete_multiple[]', $graph['id_graph'], false, false, '', 'class="check_delete" style="margin-left:2px;"', true);
} else {
if($op_column) $data[4] = '';
}
array_push ($table->data, $data);
}

27
pandora_console/godmode/reporting/reporting_builder.php
View File

@ -690,25 +690,18 @@ switch ($action) {
switch ($type_access_selected) {
case 'group_view':
$edit = check_acl($config['id_user'],
$report['id_group'], "RW");
if ($config['id_user'] == $report['id_user'] || is_user_admin ($config["id_user"])) {
$delete = true; //owner can delete
} else {
$delete = false;
}
$edit = check_acl($config['id_user'], $report['id_group'], "RW");
$delete =
$edit ||
is_user_admin ($config["id_user"]) ||
$config['id_user'] == $report['id_user'];
break;
case 'group_edit':
$edit = check_acl($config['id_user'],
$report['id_group_edit'], "RW");
if ($config['id_user'] == $report['id_user'] || is_user_admin ($config["id_user"])) {
$delete = true; //owner can delete
} else {
$delete = check_acl($config['id_user'],
$report['id_group'], "RM");
}
$edit = check_acl($config['id_user'], $report['id_group_edit'], "RW");
$delete =
$edit ||
is_user_admin ($config["id_user"]) ||
$config['id_user'] == $report['id_user'];
break;
case 'user_edit':
if ($config['id_user'] == $report['id_user'] ||