From a5112929fdbafa354cd0fe6941597e7647d43ebc Mon Sep 17 00:00:00 2001 From: fermin831 Date: Tue, 19 Jun 2018 13:37:37 +0200 Subject: [PATCH 1/2] [API ACL] Fixed get agent_module_last_value (and related) and get policies --- pandora_console/include/functions_api.php | 75 +++++++---------------- 1 file changed, 23 insertions(+), 52 deletions(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index afb2d67681..6ace1738ca 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -310,60 +310,24 @@ function api_get_groups($thrash1, $thrash2, $other, $returnType, $user_in_db) { returnData($returnType, $data, $separator); } -function api_get_agent_module_name_last_value($agentName, $moduleName, $other = ';', $returnType) -{ - global $config; - +function api_get_agent_module_name_last_value($agentName, $moduleName, $other = ';', $returnType){ $idAgent = agents_get_agent_id($agentName); $sql = sprintf('SELECT id_agente_modulo FROM tagente_modulo WHERE id_agente = %d AND nombre LIKE "%s"', $idAgent, $moduleName); $idModuleAgent = db_get_value_sql($sql); - $user_has_access = users_access_to_agent($idAgent); - - if (($value === false || !$user_has_access) && isset($other['data'][0])) { - if ($other['type'] == 'array' && $other['data'][0] == 'error_value') { - returnData($returnType, array('type' => 'string', 'data' => $other['data'][1])); - } else { - if (!$value) { - returnError('id_not_found', $returnType); - } else { - returnError('forbidden', $returnType); - } - } - } - else { - api_get_module_last_value($idModuleAgent, null, $other, $returnType); - } + api_get_module_last_value($idModuleAgent, null, $other, $returnType); } -function api_get_agent_module_name_last_value_alias($alias, $moduleName, $other = ';', $returnType) -{ - global $config; - +function api_get_agent_module_name_last_value_alias($alias, $moduleName, $other = ';', $returnType) { $sql = sprintf('SELECT tagente_modulo.id_agente_modulo FROM tagente_modulo INNER JOIN tagente ON tagente_modulo.id_agente = tagente.id_agente WHERE tagente.alias LIKE "%s" AND tagente_modulo.nombre LIKE "%s"', $alias, $moduleName); $idModuleAgent = db_get_value_sql($sql); - $user_has_access = users_access_to_agent($idAgent); - - if (($value === false || !$user_has_access) && isset($other['data'][0])) { - if ($other['type'] == 'array' && $other['data'][0] == 'error_value') { - returnData($returnType, array('type' => 'string', 'data' => $other['data'][1])); - } else { - if (!$value) { - returnError('id_not_found', $returnType); - } else { - returnError('forbidden', $returnType); - } - } - } - else { - api_get_module_last_value($idModuleAgent, null, $other, $returnType); - } + api_get_module_last_value($idModuleAgent, null, $other, $returnType); } @@ -373,28 +337,30 @@ function api_get_module_last_value($idAgentModule, $trash1, $other = ';', $retur return; } - $user_has_access = users_access_to_agent(modules_get_agentmodule_agent($idAgentModule)); + $check_access = agents_check_access_agent(modules_get_agentmodule_agent($idAgentModule)); + if ($check_access === false || !check_acl($config['id_user'], 0, "AR")) { + returnError('forbidden', $returnType); + return; + } $sql = sprintf('SELECT datos FROM tagente_estado WHERE id_agente_modulo = %d', $idAgentModule); $value = db_get_value_sql($sql); - if (($value === false || !$user_has_access) && isset($other['data'][0])) { - if ($other['type'] == 'array' && $other['data'][0] == 'error_value') { + if ($value === false) { + if (isset($other['data'][1]) && $other['data'][0] == 'error_value') { returnData($returnType, array('type' => 'string', 'data' => $other['data'][1])); + } elseif ($check_access) { + returnError('no_data_to_show', $returnType); } else { - if (!$value) { - returnError('id_not_found', $returnType); - } else { - returnError('forbidden', $returnType); - } + returnError('id_not_found', $returnType); } + return; } - else { - $data = array('type' => 'string', 'data' => $value); - returnData($returnType, $data); - } + + $data = array('type' => 'string', 'data' => $value); + returnData($returnType, $data); } /*** DB column mapping table used by tree_agents (and get module_properties) ***/ @@ -2500,6 +2466,11 @@ function api_get_policies($thrash1, $thrash2, $other, $thrash3) { return; } + if (!check_acl($config['id_user'], 0, "AW")) { + returnError('forbidden', 'csv'); + return; + } + $user_groups = implode (',', array_keys(users_get_groups($config["id_user"], "AW"))); if ($other['data'][0] != "") { From 2fc6b8625121b75958f2d6495398b8a79896cc82 Mon Sep 17 00:00:00 2001 From: fermin831 Date: Tue, 19 Jun 2018 16:14:25 +0200 Subject: [PATCH 2/2] [ACL API] Undo refix --- pandora_console/include/functions_api.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 6e73ba1e00..127af8dd48 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -11451,7 +11451,7 @@ function api_get_modules_id_name_by_cluster_name ($cluster_name){ function util_api_check_agent_and_print_error($id_agent, $returnType, $access = "AR") { global $config; - $check_agent = agents_check_access_agent($id_agent["id_agente"], $access); + $check_agent = agents_check_access_agent($id_agent, $access); if ($check_agent === true) return true; if ($check_agent === false || !check_acl($config['id_user'], 0, $access)) {