tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-31 01:35:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-2010-error-de-ACLs-en-custom-graphs-y-reports' into 'develop'

Browse Source 
[ACL] Now only RM can delete custom graphs

See merge request artica/pandorafms!1341
This commit is contained in:
vgilc 2018-06-04 10:10:56 +02:00
commit 9ea0115043
3 changed files with 24 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pandora_console/godmode/reporting/graph_builder.main.php
View File

@ -116,10 +116,7 @@ if ($edit_graph) {
echo ">"; echo ">";
$own_info = get_user_info ($config['id_user']); $own_info = get_user_info ($config['id_user']);
if ($own_info['is_admin'] || check_acl ($config['id_user'], 0, "PM")) $return_all_groups = $own_info['is_admin'] || users_can_manage_group_all("RR");
$return_all_groups = true;
else
$return_all_groups = false;
echo "<td><b>".__('Group')."</b></td><td>"; echo "<td><b>".__('Group')."</b></td><td>";
if (check_acl ($config['id_user'], 0, "RW")) if (check_acl ($config['id_user'], 0, "RW"))

12
pandora_console/godmode/reporting/graphs.php
View File

@ -23,7 +23,7 @@ check_login ();
$report_r = check_acl ($config['id_user'], 0, "RR"); $report_r = check_acl ($config['id_user'], 0, "RR");
$report_w = check_acl ($config['id_user'], 0, "RW"); $report_w = check_acl ($config['id_user'], 0, "RW");
$report_m = check_acl ($config['id_user'], 0, "RM"); $report_m = check_acl ($config['id_user'], 0, "RM");
$access = ($report_r == true) ? 'RR' : (($report_w == true) ? 'RW' : (($report_m == true) ? 'RM' : 'RR'));
if (!$report_r && !$report_w && !$report_m) { if (!$report_r && !$report_w && !$report_m) {
db_pandora_audit("ACL Violation", db_pandora_audit("ACL Violation",
"Trying to access Inventory Module Management"); "Trying to access Inventory Module Management");
@ -31,6 +31,9 @@ if (!$report_r && !$report_w && !$report_m) {
return; return;
} }
$access = ($report_r == true) ? 'RR' : (($report_w == true) ? 'RW' : (($report_m == true) ? 'RM' : 'RR'));
$manage_group_all = users_can_manage_group_all($access);
$activeTab = get_parameter('tab', 'main'); $activeTab = get_parameter('tab', 'main');
$enterpriseEnable = false; $enterpriseEnable = false;
@ -185,18 +188,19 @@ if (!empty ($graphs)) {
$data[2] = $graph["graphs_count"]; $data[2] = $graph["graphs_count"];
$data[3] = ui_print_group_icon($graph['id_group'],true); $data[3] = ui_print_group_icon($graph['id_group'],true);
if (($report_w || $report_m) && users_can_manage_group_all($access)) { $data[4] = '';
if (($report_w || $report_m) && $manage_group_all) {
$data[4] = '<a href="index.php?sec=reporting&sec2=godmode/reporting/graph_builder&edit_graph=1&id='. $data[4] = '<a href="index.php?sec=reporting&sec2=godmode/reporting/graph_builder&edit_graph=1&id='.
$graph['id_graph'].'">'.html_print_image("images/config.png", true).'</a>'; $graph['id_graph'].'">'.html_print_image("images/config.png", true).'</a>';
}
$data[4] .= '&nbsp;'; $data[4] .= '&nbsp;';
if ($report_m && $manage_group_all) {
$data[4] .= '<a href="index.php?sec=reporting&sec2=godmode/reporting/graphs&delete_graph=1&id=' $data[4] .= '<a href="index.php?sec=reporting&sec2=godmode/reporting/graphs&delete_graph=1&id='
.$graph['id_graph'].'" onClick="if (!confirm(\''.__('Are you sure?').'\')) .$graph['id_graph'].'" onClick="if (!confirm(\''.__('Are you sure?').'\'))
return false;">' . html_print_image("images/cross.png", true, array('alt' => __('Delete'), 'title' => __('Delete'))) . '</a>' . return false;">' . html_print_image("images/cross.png", true, array('alt' => __('Delete'), 'title' => __('Delete'))) . '</a>' .
html_print_checkbox_extended ('delete_multiple[]', $graph['id_graph'], false, false, '', 'class="check_delete" style="margin-left:2px;"', true); html_print_checkbox_extended ('delete_multiple[]', $graph['id_graph'], false, false, '', 'class="check_delete" style="margin-left:2px;"', true);
} else {
if($op_column) $data[4] = '';
} }
array_push ($table->data, $data); array_push ($table->data, $data);

27
pandora_console/godmode/reporting/reporting_builder.php
View File

@ -690,25 +690,18 @@ switch ($action) {
switch ($type_access_selected) { switch ($type_access_selected) {
case 'group_view': case 'group_view':
$edit = check_acl($config['id_user'], $edit = check_acl($config['id_user'], $report['id_group'], "RW");
$report['id_group'], "RW"); $delete =
$edit ||
if ($config['id_user'] == $report['id_user'] || is_user_admin ($config["id_user"])) { is_user_admin ($config["id_user"]) ||
$delete = true; //owner can delete $config['id_user'] == $report['id_user'];
} else {
$delete = false;
}
break; break;
case 'group_edit': case 'group_edit':
$edit = check_acl($config['id_user'], $edit = check_acl($config['id_user'], $report['id_group_edit'], "RW");
$report['id_group_edit'], "RW"); $delete =
$edit ||
if ($config['id_user'] == $report['id_user'] || is_user_admin ($config["id_user"])) { is_user_admin ($config["id_user"]) ||
$delete = true; //owner can delete $config['id_user'] == $report['id_user'];
} else {
$delete = check_acl($config['id_user'],
$report['id_group'], "RM");
}
break; break;
case 'user_edit': case 'user_edit':
if ($config['id_user'] == $report['id_user'] || if ($config['id_user'] == $report['id_user'] ||