From adb9a8b7506be04482fe5096ae161e36fd8099de Mon Sep 17 00:00:00 2001 From: vgilc Date: Wed, 11 Jan 2012 18:12:33 +0000 Subject: [PATCH] 2012-01-11 Vanessa Gil godmode/netflow/nf_edit_form.php godmode/netflow/nf_report.php godmode/netflow/nf_report_form.php godmode/netflow/nf_report_item.php include/functions_netflow.php operation/netflow/nf_view.php: netflow acl. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5350 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 8 +++ .../godmode/netflow/nf_edit_form.php | 10 ++- pandora_console/godmode/netflow/nf_report.php | 5 +- .../godmode/netflow/nf_report_form.php | 8 +++ .../godmode/netflow/nf_report_item.php | 8 +-- pandora_console/include/functions_netflow.php | 70 +++++++++++++++++-- pandora_console/operation/netflow/nf_view.php | 9 +++ 7 files changed, 104 insertions(+), 14 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index b6911f2e73..518a8a0079 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,11 @@ +2012-01-11 Vanessa Gil + godmode/netflow/nf_edit_form.php + godmode/netflow/nf_report.php + godmode/netflow/nf_report_form.php + godmode/netflow/nf_report_item.php + include/functions_netflow.php + operation/netflow/nf_view.php: netflow acl. + 2012-01-11 Ramon Novoa * include/functions_graph.php, diff --git a/pandora_console/godmode/netflow/nf_edit_form.php b/pandora_console/godmode/netflow/nf_edit_form.php index 6c19b775df..b7455301a0 100644 --- a/pandora_console/godmode/netflow/nf_edit_form.php +++ b/pandora_console/godmode/netflow/nf_edit_form.php @@ -35,7 +35,15 @@ $id = (int) get_parameter ('id'); $name = db_get_value('id_name', 'tnetflow_filter', 'id_sg', $id); $update = (string)get_parameter('update', 0); $create = (string)get_parameter('create', 0); - + +if ($id){ + $permission = netflow_check_filter_group ($id); + if (!$permission) { //no tiene permisos para acceder a un filtro + require ("general/noaccess.php"); + return; + } +} + $buttons['edit'] = '' . html_print_image ("images/edit.png", true, array ("title" => __('Filter list'))) . ''; diff --git a/pandora_console/godmode/netflow/nf_report.php b/pandora_console/godmode/netflow/nf_report.php index be4698ee7b..cc5cd50697 100644 --- a/pandora_console/godmode/netflow/nf_report.php +++ b/pandora_console/godmode/netflow/nf_report.php @@ -89,15 +89,14 @@ $reports = db_get_all_rows_filter ('tnetflow_report', $filter); // Get group list that user has access $groups_user = users_get_groups ($config['id_user'], "IW", false, true); -html_debug_print($groups_user); $groups_id = array(); foreach($groups_user as $key => $groups){ $groups_id[] = $groups['id_grupo']; } -html_debug_print($groups_id); + $sql = "SELECT * FROM tnetflow_report WHERE id_group IN (".implode(',',$groups_id).")"; -html_debug_print($sql); + $reports = db_get_all_rows_sql($sql); if ($reports === false) $reports = array(); diff --git a/pandora_console/godmode/netflow/nf_report_form.php b/pandora_console/godmode/netflow/nf_report_form.php index e99f5a59bc..4657a9bc2b 100644 --- a/pandora_console/godmode/netflow/nf_report_form.php +++ b/pandora_console/godmode/netflow/nf_report_form.php @@ -34,6 +34,14 @@ $id = (int)get_parameter('id'); $update = (string)get_parameter('update', 0); $create = (string)get_parameter('create', 0); +if ($id) { + $permission = netflow_check_report_group ($id); + if (!$permission) { //no tiene permisos para acceder a un informe + require ("general/noaccess.php"); + return; + } +} + if ($id) { $report = netflow_reports_get_reports ($id); $name = $report['id_name']; diff --git a/pandora_console/godmode/netflow/nf_report_item.php b/pandora_console/godmode/netflow/nf_report_item.php index 614c24957e..6f0a15725d 100644 --- a/pandora_console/godmode/netflow/nf_report_item.php +++ b/pandora_console/godmode/netflow/nf_report_item.php @@ -63,7 +63,7 @@ if ($update) { $name_filter = db_get_value('id_name', 'tnetflow_filter', 'id_sg', $id_filter); $max_val = get_parameter('max','2'); $show_graph = get_parameter('show_graph',''); - + $result = db_process_sql_update ('tnetflow_report_content', array ( 'id_report' => $id, @@ -79,7 +79,6 @@ if ($update) { } if ($create){ - $id_filter = get_parameter('id_filter'); $name_filter = db_get_value('id_name', 'tnetflow_filter', 'id_sg', $id_filter); $max_val = get_parameter('max','2'); @@ -112,9 +111,10 @@ $filters = netflow_get_filters (); if ($filters === false) { $filters = array (); } -html_debug_print($filters); + +$is_admin = db_get_value('is_admin', 'tusuario', 'id_user', $config['id_user']); // Get group list that user has access -$groups_user = users_get_groups ($config['id_user'], "IW", false, true); +$groups_user = users_get_groups ($config['id_user'], "IW", $is_admin, true); $groups_id = array(); foreach($groups_user as $key => $groups){ $groups_id[] = $groups['id_grupo']; diff --git a/pandora_console/include/functions_netflow.php b/pandora_console/include/functions_netflow.php index 2265fab934..40ca53cd22 100644 --- a/pandora_console/include/functions_netflow.php +++ b/pandora_console/include/functions_netflow.php @@ -14,6 +14,9 @@ // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. + +include_once("include/functions_users.php"); + // Date format for nfdump $nfdump_date_format = 'Y/m/d.H:i:s'; @@ -66,6 +69,42 @@ function netflow_get_reports ($filter = false) { return $return; } +//permite validar si un filtro pertenece a un grupo permitido para el usuario + +function netflow_check_filter_group ($id_sg) { + global $config; + + $id_group = db_get_value('id_group', 'tnetflow_filter', 'id_sg', $id_sg); + // Get group list that user has access + $groups_user = users_get_groups ($config['id_user'], "IW", false, true); + $groups_id = array(); + $has_permission = false; + + foreach($groups_user as $key => $groups){ + if ($groups['id_grupo'] == $id_group) + return true; + } + return false; +} + +//permite validar si un informe pertenece a un grupo permitido para el usuario + +function netflow_check_report_group ($id_report) { + global $config; + + $id_group = db_get_value('id_group', 'tnetflow_report', 'id_report', $id_report); + // Get group list that user has access + $groups_user = users_get_groups ($config['id_user'], "IW", false, true); + $groups_id = array(); + $has_permission = false; + + foreach($groups_user as $key => $groups){ + if ($groups['id_grupo'] == $id_group) + return true; + } + return false; +} + /** * Get a filter. * @@ -76,13 +115,32 @@ function netflow_get_reports ($filter = false) { * @return array A netflow filter matching id and filter. */ function netflow_filter_get_filter ($id_sg, $filter = false, $fields = false) { - if (empty ($id_sg)) - return false; - if (! is_array ($filter)) - $filter = array (); - $filter['id_sg'] = (int) $id_sg; + global $config; - return db_get_row_filter ('tnetflow_filter', $filter, $fields); +/* + $id_group = db_get_value('id_group', 'tnetflow_filter', 'id_sg', $id_sg); + // Get group list that user has access + $groups_user = users_get_groups ($config['id_user'], "AR", false, true); + $groups_id = array(); + $has_permission = false; + + foreach($groups_user as $key => $groups){ + if ($groups['id_grupo'] == $id_group) + $has_permission = true; + } +*/ + + //if ($has_permission) { + if (! is_array ($filter)) + $filter = array (); + $filter['id_sg'] = (int) $id_sg; + + return db_get_row_filter ('tnetflow_filter', $filter, $fields); +/* + } else { + return false; + } +*/ } /** diff --git a/pandora_console/operation/netflow/nf_view.php b/pandora_console/operation/netflow/nf_view.php index 77c8b0451b..cd5bb7b8e1 100644 --- a/pandora_console/operation/netflow/nf_view.php +++ b/pandora_console/operation/netflow/nf_view.php @@ -31,6 +31,15 @@ if (! check_acl ($config["id_user"], 0, "AR")) { } $id = io_safe_input (get_parameter('id')); + +if ($id) { + $permission = netflow_check_report_group ($id); + if (!$permission) { //no tiene permisos para acceder a un informe + require ("general/noaccess.php"); + return; + } +} + $period = get_parameter('period', '86400'); $update_date = get_parameter('update_date', 0); if($update_date){