diff --git a/pandora_console/extensions/insert_data.php b/pandora_console/extensions/insert_data.php index 3e52a9138c..8357c96113 100644 --- a/pandora_console/extensions/insert_data.php +++ b/pandora_console/extensions/insert_data.php @@ -147,7 +147,7 @@ function mainInsertData() { $config['remote_config']); echo ''; - $table = null; + $table = new stdClass(); $table->width = '100%'; $table->class = 'databox filters'; $table->style = array(); diff --git a/pandora_console/general/login_page.php b/pandora_console/general/login_page.php index cec619f446..8d6712f65a 100755 --- a/pandora_console/general/login_page.php +++ b/pandora_console/general/login_page.php @@ -23,7 +23,7 @@ else { include_once($homedir . 'include/functions_ui.php'); include_once($homedir . 'include/functions.php'); -include_once($homedir . 'include/functions_html.php'); +include_once(__DIR__ . '/../include/functions_html.php'); if($config['visual_animation']){ diff --git a/pandora_console/godmode/agentes/agent_manager.php b/pandora_console/godmode/agentes/agent_manager.php index d8a7190ed9..8c747fb8d0 100644 --- a/pandora_console/godmode/agentes/agent_manager.php +++ b/pandora_console/godmode/agentes/agent_manager.php @@ -245,8 +245,10 @@ $modules = db_get_all_rows_sql("SELECT id_agente_modulo as id_module, nombre as WHERE id_agente = " . $id_parent); $modules_values = array(); $modules_values[0] = __('Any'); -foreach ($modules as $m) { - $modules_values[$m['id_module']] = $m['name']; +if(is_array($modules)){ + foreach ($modules as $m) { + $modules_values[$m['id_module']] = $m['name']; + } } $table->data[4][0] = __('Group'); diff --git a/pandora_console/godmode/groups/group_list.php b/pandora_console/godmode/groups/group_list.php index d02571078e..c1c4a91cef 100644 --- a/pandora_console/godmode/groups/group_list.php +++ b/pandora_console/godmode/groups/group_list.php @@ -342,6 +342,7 @@ if ($create_group || $delete_group || $update_group) { $groups = users_get_groups_tree ($config['id_user'], "AR", true); } +$table = new StdClass(); $table->width = '100%'; $all_parents = array(); diff --git a/pandora_console/godmode/menu.php b/pandora_console/godmode/menu.php index aab312158d..11f510349a 100644 --- a/pandora_console/godmode/menu.php +++ b/pandora_console/godmode/menu.php @@ -354,7 +354,7 @@ if (is_array ($config['extensions'])) { $sub2[$extmenu["sec2"]]["refr"] = 0; } else { - if (array_key_exists('fatherId',$extmenu)) { + if (is_array($extmenu) && array_key_exists('fatherId',$extmenu)) { if (strlen($extmenu['fatherId']) > 0) { if (array_key_exists('subfatherId',$extmenu)) { if (strlen($extmenu['subfatherId']) > 0) { diff --git a/pandora_console/godmode/netflow/nf_edit.php b/pandora_console/godmode/netflow/nf_edit.php index f3ffc36bcc..6ee7258e33 100644 --- a/pandora_console/godmode/netflow/nf_edit.php +++ b/pandora_console/godmode/netflow/nf_edit.php @@ -111,6 +111,7 @@ $filters = db_get_all_rows_sql($sql); if ($filters === false) $filters = array (); +$table = new stdClass(); $table->width = '100%'; $table->class = 'databox data'; diff --git a/pandora_console/godmode/users/user_list.php b/pandora_console/godmode/users/user_list.php index 2a10e8c7b8..13cdba54c1 100644 --- a/pandora_console/godmode/users/user_list.php +++ b/pandora_console/godmode/users/user_list.php @@ -248,8 +248,7 @@ else { } -$table = null; - +$table = new stdClass(); $table->cellpadding = 0; $table->cellspacing = 0; $table->width = '100%'; diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index 6392adda37..e6861aa956 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -445,9 +445,8 @@ function process_user_login_remote ($login, $pass, $api = false) { * @return bool True is the user is admin */ function is_user_admin ($id_user) { - $is_admin = (bool) db_get_value ('is_admin', 'tusuario', 'id_user', $id_user); - - return $is_admin; + require_once(__DIR__ . "/../functions_users.php"); + return users_is_admin($id_user); } @@ -531,7 +530,15 @@ function get_user_email ($user) { * @return mixed An array of users */ function get_user_info ($user) { - return db_get_row ("tusuario", "id_user", get_user_id ($user)); + static $cache_user_info = array(); + if (array_key_exists($user, $cache_user_info)){ + return $cache_user_info[$user]; + } + else{ + $return = db_get_row ("tusuario", "id_user", get_user_id ($user)); + $cache_user_info[$user] = $return; + return $return; + } } /** diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index 3caa79ad05..6e937e547b 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -1809,85 +1809,26 @@ function check_acl($id_user, $id_group, $access, $onlyOneGroup = false) { $id_group = (int) $id_group; } - $three_eyes_crow_groups = db_get_all_rows_sql("SELECT tperfil.*, tusuario_perfil.id_perfil FROM tperfil, tusuario_perfil WHERE tusuario_perfil.id_usuario = '" . - $id_user . "' AND tusuario_perfil.id_grupo = 0 AND tusuario_perfil.id_perfil = tperfil.id_perfil"); + if ($id_group != 0 || $onlyOneGroup === true) { + $groups_list_acl = users_get_groups ($id_user, 'AR', false, true, null); + } + else{ + $groups_list_acl = get_users_acl($id_user); + } - if ($three_eyes_crow_groups && !empty($three_eyes_crow_groups)) { - $acl_column = get_acl_column($access); - - foreach ($three_eyes_crow_groups as $three_eyes_crow_group) { - if (isset($three_eyes_crow_group[$acl_column]) && $three_eyes_crow_group[$acl_column] == 1) { + if(is_array($groups_list_acl)){ + if(isset($groups_list_acl[$id_group])){ + $access = get_acl_column($access); + if(isset($groups_list_acl[$id_group][$access]) + && $groups_list_acl[$id_group][$access] > 0){ return 1; } + else{ + return 0; + } } } - $parents_id = array($id_group); - if ($id_group != 0 && $onlyOneGroup !== true) { - $group = db_get_row_filter('tgrupo', array('id_grupo' => $id_group)); - $parents = groups_get_parents($group['parent'], true); - - foreach ($parents as $parent) { - $parents_id[] = $parent['id_grupo']; - } - } - - // TODO: To reduce this querys in one adding the group condition if necessary (only one line is different) - //Joined multiple queries into one. That saves on the query overhead and query cache. - if ($id_group == 0 && $onlyOneGroup !== true) { - $query = sprintf("SELECT tperfil.incident_view, tperfil.incident_edit, - tperfil.incident_management, tperfil.agent_view, - tperfil.agent_edit, tperfil.alert_edit, - tperfil.alert_management, tperfil.pandora_management, - tperfil.db_management, tperfil.user_management, - tperfil.report_view, tperfil.report_edit, - tperfil.report_management, tperfil.event_view, - tperfil.event_edit, tperfil.event_management, - tperfil.agent_disable, - tperfil.map_view, tperfil.map_edit, tperfil.map_management, - tperfil.vconsole_view, tperfil.vconsole_edit, tperfil.vconsole_management - FROM tusuario_perfil, tperfil - WHERE tusuario_perfil.id_perfil = tperfil.id_perfil - AND tusuario_perfil.id_usuario = '%s'", $id_user); - //GroupID = 0 and onlyOneGroup = false, group id doesnt matter (use with caution!) - } - else { - $query = sprintf("SELECT tperfil.incident_view, tperfil.incident_edit, - tperfil.incident_management, tperfil.agent_view, - tperfil.agent_edit, tperfil.alert_edit, - tperfil.alert_management, tperfil.pandora_management, - tperfil.db_management, tperfil.user_management, - tperfil.report_view, tperfil.report_edit, - tperfil.report_management, tperfil.event_view, - tperfil.event_edit, tperfil.event_management, - tperfil.agent_disable, - tperfil.map_view, tperfil.map_edit, tperfil.map_management, - tperfil.vconsole_view, tperfil.vconsole_edit, tperfil.vconsole_management - FROM tusuario_perfil, tperfil - WHERE tusuario_perfil.id_perfil = tperfil.id_perfil - AND tusuario_perfil.id_usuario = '%s' - AND (tusuario_perfil.id_grupo IN (%s) - OR tusuario_perfil.id_grupo = 0)", $id_user, implode(', ', $parents_id)); - } - - $rowdup = db_get_all_rows_sql ($query); - - if (empty ($rowdup)) - return 0; - - $result = 0; - $acl_column = get_acl_column($access); - foreach ($rowdup as $row) { - // For each profile for this pair of group and user do... - if (isset($row[$acl_column])) { - $result += $row[$acl_column]; - } - } - - if ($result >= 1) { - return 1; - } - return 0; } @@ -1975,6 +1916,51 @@ function get_acl_column($access) { } } +function get_users_acl($id_user){ + static $users_acl_cache = array(); + + + if (is_array($users_acl_cache[$id_user])) { + $rowdup = $users_acl_cache[$id_user]; + } + else { + $query = sprintf("SELECT sum(tperfil.incident_view) as incident_view, + sum(tperfil.incident_edit) as incident_edit, + sum(tperfil.incident_management) as incident_management, + sum(tperfil.agent_view) as agent_view, + sum(tperfil.agent_edit) as agent_edit, + sum(tperfil.alert_edit) as alert_edit, + sum(tperfil.alert_management) as alert_management, + sum(tperfil.pandora_management) as pandora_management, + sum(tperfil.db_management) as db_management, + sum(tperfil.user_management) as user_management, + sum(tperfil.report_view) as report_view, + sum(tperfil.report_edit) as report_edit, + sum(tperfil.report_management) as report_management, + sum(tperfil.event_view) as event_view, + sum(tperfil.event_edit) as event_edit, + sum(tperfil.event_management) as event_management, + sum(tperfil.agent_disable) as agent_disable, + sum(tperfil.map_view) as map_view, + sum(tperfil.map_edit) as map_edit, + sum(tperfil.map_management) as map_management, + sum(tperfil.vconsole_view) as vconsole_view, + sum(tperfil.vconsole_edit) as vconsole_edit, + sum(tperfil.vconsole_management) as vconsole_management + FROM tusuario_perfil, tperfil + WHERE tusuario_perfil.id_perfil = tperfil.id_perfil + AND tusuario_perfil.id_usuario = '%s'", $id_user); + + $rowdup = db_get_all_rows_sql ($query); + $users_acl_cache[$id_user] = $rowdup; + } + + if (empty ($rowdup) || !$rowdup) + return 0; + + return $rowdup; +} + /** * Get the name of a plugin * diff --git a/pandora_console/include/functions_agents.php b/pandora_console/include/functions_agents.php index 9c38157300..7587bb76b1 100644 --- a/pandora_console/include/functions_agents.php +++ b/pandora_console/include/functions_agents.php @@ -2601,7 +2601,9 @@ function select_modules_for_agent_group($id_group, $id_agents, } if ($selection == 1 || (count($id_agents) == 1)) { - $modules = db_get_all_rows_sql("SELECT DISTINCT nombre, id_agente_modulo FROM tagente_modulo WHERE 1 = 1" . $filter_agent . $filter_group); + $modules = db_get_all_rows_sql("SELECT DISTINCT nombre, id_agente_modulo + FROM tagente_modulo + WHERE 1 = 1" . $filter_agent . $filter_group); if (empty($modules)) $modules = array(); @@ -2614,13 +2616,15 @@ function select_modules_for_agent_group($id_group, $id_agents, } } else { - $modules = db_get_all_rows_sql("SELECT nombre, id_agente_modulo FROM tagente_modulo WHERE 1 = 1" . $filter_agent . $filter_group); + $modules = db_get_all_rows_sql("SELECT nombre, id_agente_modulo + FROM tagente_modulo + WHERE 1 = 1" . $filter_agent . $filter_group); if (empty($modules)) $modules = array(); foreach ($modules as $m) { $is_in_all_agents = true; - $module_name = modules_get_agentmodule_name($m['id_agente_modulo']); + $module_name = $m['nombre']; foreach ($id_agents as $a) { $module_in_agent = db_get_value_filter('id_agente_modulo', 'tagente_modulo', array('id_agente' => $a, 'nombre' => $module_name)); diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php index 47b6e80658..c3d7b7b2b4 100755 --- a/pandora_console/include/functions_io.php +++ b/pandora_console/include/functions_io.php @@ -372,8 +372,16 @@ function io_unsafe_string ($string) { */ function __ ($string /*, variable arguments */) { global $l10n; + global $config; + static $extensions_cache = array(); - $extensions = extensions_get_extensions(); + if (array_key_exists($config["id_user"], $extensions_cache)) { + $extensions = $extensions_cache[$config["id_user"]]; + } + else { + $extensions = extensions_get_extensions(); + $extensions_cache[$config["id_user"]] = $extensions; + } if (empty($extensions)) $extensions = array(); diff --git a/pandora_console/include/functions_tags.php b/pandora_console/include/functions_tags.php index 9a6c614fc4..622814ef7f 100644 --- a/pandora_console/include/functions_tags.php +++ b/pandora_console/include/functions_tags.php @@ -2405,7 +2405,6 @@ function tags_get_user_groups_and_tags ($id_user = false, $access = 'AR', $stric $return = array(); foreach ($acls as $acl) { $return[$acl["id_grupo"]] = $acl["tags"]; - } return $return; diff --git a/pandora_console/include/functions_users.php b/pandora_console/include/functions_users.php index f4ddf90750..c9fc558467 100755 --- a/pandora_console/include/functions_users.php +++ b/pandora_console/include/functions_users.php @@ -250,6 +250,10 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup $id_groups = null, $keys_field = 'id_grupo', $cache = true) { static $group_cache = array(); + // Added users_group_cache to avoid unnecessary proccess on massive calls... + static $users_group_cache = array(); + $users_group_cache_key = $id_user . "|" . $privilege . "|" . $returnAllGroup . "|" . $returnAllColumns; + if (empty ($id_user)) { global $config; @@ -277,10 +281,17 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup WHERE (tgrupo.id_grupo = tusuario_perfil.id_grupo OR tusuario_perfil.id_grupo = 0) AND tusuario_perfil.id_perfil = tperfil.id_perfil AND tusuario_perfil.id_usuario = '%s' ORDER BY nombre", $id_user); - $forest_acl = db_get_all_rows_sql ($query); + $raw_forest = db_get_all_rows_sql ($query); - foreach ($forest_acl as $g) { - $forest_acl[$g["id_grupo"]] = $g; + foreach ($raw_forest as $g) { + // XXX, following code must be remade (TAG) + if (!isset($forest_acl[$g["id_grupo"]] )) { + $forest_acl[$g["id_grupo"]] = $g; + } + else { + $forest_acl[$g["id_grupo"]]["tags"] .= "," . $g["tags"]; + } + } $groups = array(); @@ -334,10 +345,16 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup } $acl_column = get_acl_column($privilege); + + if (array_key_exists($users_group_cache_key, $users_group_cache)) { + return $users_group_cache[$users_group_cache_key]; + } + + foreach ($forest_acl as $group) { # Check the specific permission column. acl_column is undefined for admins. - if (defined($group[$acl_column]) && $group[$acl_column] != '1') { + if (isset($group[$acl_column]) && $group[$acl_column] != '1') { continue; } @@ -349,6 +366,8 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup } } + $users_group_cache[$users_group_cache_key] = $user_groups; + return $user_groups; } @@ -1006,15 +1025,23 @@ function users_get_last_type_message() { function users_is_admin($id_user = false) { global $config; - + + if (!isset($config["is_admin"])) { + $config["is_admin"] = array(); + } + if ($id_user === false) { $id_user = $config['id_user']; } - $is_admin = (bool)db_get_value('is_admin', + if (isset($config["is_admin"][$id_user])) { + return $config["is_admin"][$id_user]; + } + + $config["is_admin"][$id_user] = (bool)db_get_value('is_admin', 'tusuario', 'id_user', $id_user); - return $is_admin; + return $config["is_admin"][$id_user]; } function users_is_last_system_message() {