From a625b598a659f7260c0cf9a0e2c452f834a72b32 Mon Sep 17 00:00:00 2001 From: mdtrooper Date: Thu, 13 Mar 2014 10:22:34 +0000 Subject: [PATCH] 2014-03-13 Miguel de Dios * godmode/reporting/reporting_builder.main.php, godmode/reporting/reporting_builder.php, include/functions_users.php: fixed the access to the report with the user profile "RW" and "RM". Incident: #655 git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@9575 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 9 ++ .../reporting/reporting_builder.main.php | 12 +-- .../godmode/reporting/reporting_builder.php | 82 ++++++++++++------- pandora_console/include/functions_users.php | 4 +- 4 files changed, 72 insertions(+), 35 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 94d3d8c6b8..4627fca030 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,12 @@ +2014-03-13 Miguel de Dios + + * godmode/reporting/reporting_builder.main.php, + godmode/reporting/reporting_builder.php, + include/functions_users.php: fixed the access to the report with the + user profile "RW" and "RM". + + Incident: #655 + 2014-03-13 Vanessa Gil * godmode/menu.php diff --git a/pandora_console/godmode/reporting/reporting_builder.main.php b/pandora_console/godmode/reporting/reporting_builder.main.php index ca5a5559a6..fd90173070 100644 --- a/pandora_console/godmode/reporting/reporting_builder.main.php +++ b/pandora_console/godmode/reporting/reporting_builder.main.php @@ -58,15 +58,17 @@ $table->data['name'][1] = html_print_input_text('name', $reportName, $table->data['group'][0] = __('Group'); -$write_groups = users_get_groups_for_select(false, "RW", users_can_manage_group_all(), true, false, 'id_grupo'); - +$write_groups = users_get_groups_for_select(false, "RW", + users_can_manage_group_all(), true, false, 'id_grupo'); + // If the report group is not among the RW groups (special permission) we add it if (!isset($write_groups[$idGroupReport])) { $write_groups[$idGroupReport] = groups_get_name($idGroupReport); } -$table->data['group'][1] = html_print_select ($write_groups, 'id_group', $idGroupReport, false, '', '', true); - +$table->data['group'][1] = html_print_select($write_groups, 'id_group', + $idGroupReport, false, '', '', true); + if ($report_id_user == $config['id_user'] || is_user_admin ($config["id_user"])) { //S/he is the creator of report (or admin) and s/he can change the access. @@ -78,7 +80,7 @@ if ($report_id_user == $config['id_user'] || ui_print_help_tip(__('For example, you want a report that the people of "All" groups can see but you want to edit only for you or your group.'), true); $table->data['access'][1] = html_print_select ($type_access, 'type_access', $type_access_selected, 'change_type_access(this)', '', 0, true); - + $style = "display: none;"; if ($type_access_selected == 'group_edit') $style = ""; diff --git a/pandora_console/godmode/reporting/reporting_builder.php b/pandora_console/godmode/reporting/reporting_builder.php index 8756816b29..90ce4b6405 100644 --- a/pandora_console/godmode/reporting/reporting_builder.php +++ b/pandora_console/godmode/reporting/reporting_builder.php @@ -336,17 +336,17 @@ switch ($action) { 'order' => 'name' ); } - + # Fix : group filter was not working // Show only selected groups - if ($id_group > 0) { - $group = array("$id_group" => $id_group); - $filter['id_group'] = $id_group; + if ($id_group > 0) { + $group = array("$id_group" => $id_group); + $filter['id_group'] = $id_group; } - else { - $group = false; - } - + else { + $group = false; + } + // Filter normal and metaconsole reports if ($config['metaconsole'] == 1 and defined('METACONSOLE')) @@ -357,7 +357,7 @@ switch ($action) { $reports = reports_get_reports ($filter, array ('name', 'id_report', 'description', 'private', 'id_user', 'id_group'), $return_all_group, 'RR', $group); - + $table->width = '0px'; if (sizeof ($reports)) { $table->id = 'report_list'; @@ -389,7 +389,8 @@ switch ($action) { $table->head[$next] = __('Group'); $table->align[$next] = 'center'; $next++; - $table->head[$next] = '' . __('Op.') . ''; + $table->head[$next] = '' . + __('Op.') . ''; $table->size = array (); $table->size[$next] = '80px'; $table->style[$next] = 'text-align:center;'; @@ -398,7 +399,7 @@ switch ($action) { foreach ($reports as $report) { - if (!is_user_admin ($config["id_user"])){ + if (!is_user_admin ($config["id_user"])) { if ($report["private"] && $report["id_user"] != $config['id_user']) if (!check_acl ($config["id_user"], $report["id_group"], "RR")) continue; @@ -448,40 +449,65 @@ switch ($action) { $type_access_selected = reports_get_type_access($report); $edit = false; + $delete = false; + switch ($type_access_selected) { case 'group_view': - $edit = check_acl($config['id_user'], $report['id_group'], "RW") && users_can_manage_group_all($report["id_group"]); + $edit = check_acl($config['id_user'], + $report['id_group'], "RW") + && + users_can_manage_group_all($report["id_group"], "RW"); + + $delete = check_acl($config['id_user'], + $report['id_group'], "RM") + && + users_can_manage_group_all($report["id_group"], "RM"); break; case 'group_edit': - $edit = check_acl($config['id_user'], $report['id_group_edit'], "RW") && users_can_manage_group_all($report["id_group_edit"]); + $edit = check_acl($config['id_user'], + $report['id_group_edit'], "RW") + && + users_can_manage_group_all($report["id_group_edit"], "RW"); + + $delete = check_acl($config['id_user'], + $report['id_group_edit'], "RM") + && + users_can_manage_group_all($report["id_group_edit"], "RM"); break; case 'user_edit': if ($config['id_user'] == $report['id_user'] || - is_user_admin ($config["id_user"])) + is_user_admin ($config["id_user"])) { $edit = true; + $delete = true; + } break; } - - if ($edit) { + if ($edit || $delete) { if (!isset($table->head[$next])) { $table->head[$next] = '' . __('Op.') . ''; $table->size = array (); $table->size[$next] = '80px'; $table->style[$next] = 'text-align:center;'; } - - $data[$next] = '
'; - $data[$next] .= html_print_input_hidden ('id_report', $report['id_report'], true); - $data[$next] .= html_print_input_image ('edit', 'images/config.png', 1, '', true, array ('title' => __('Edit'))); - $data[$next] .= '
'; - $data[$next] .= '
'; - $data[$next] .= html_print_input_hidden ('id_report', $report['id_report'], true); - $data[$next] .= html_print_input_hidden ('action','delete_report', true); - $data[$next] .= html_print_input_image ('delete', 'images/cross.png', 1, '', - true, array ('title' => __('Delete'))); - $data[$next] .= '
'; + if ($edit) { + $data[$next] = '
'; + $data[$next] .= html_print_input_hidden('id_report', + $report['id_report'], true); + $data[$next] .= html_print_input_image('edit', + 'images/config.png', 1, '', true, array ('title' => __('Edit'))); + $data[$next] .= '
'; + } + + if ($delete) { + $data[$next] .= '
'; + $data[$next] .= html_print_input_hidden ('id_report', $report['id_report'], true); + $data[$next] .= html_print_input_hidden ('action','delete_report', true); + $data[$next] .= html_print_input_image ('delete', 'images/cross.png', 1, '', + true, array ('title' => __('Delete'))); + $data[$next] .= '
'; + } } array_push ($table->data, $data); @@ -499,7 +525,7 @@ switch ($action) { } enterprise_hook('close_meta_frame'); - + return; break; case 'new': diff --git a/pandora_console/include/functions_users.php b/pandora_console/include/functions_users.php index a4ae6cc06f..d0eb1f9b47 100644 --- a/pandora_console/include/functions_users.php +++ b/pandora_console/include/functions_users.php @@ -793,7 +793,7 @@ function users_check_users() { // Check if a user can manage a group when group is all // This function dont check acls of the group, only if the // user is admin or pandora manager and the group is all -function users_can_manage_group_all($id_group = 0) { +function users_can_manage_group_all($id_group = 0, $access = "PM") { global $config; if ($id_group != 0) { @@ -802,7 +802,7 @@ function users_can_manage_group_all($id_group = 0) { $is_admin = db_get_value('is_admin', 'tusuario', 'id_user', $config['id_user']); - if (check_acl ($config['id_user'], 0, "PM") || $is_admin) { + if (check_acl ($config['id_user'], 0, $access) || $is_admin) { return true; }