diff --git a/pandora_console/extras/mr/47.sql b/pandora_console/extras/mr/47.sql index fa5d161a0c..aa07478947 100644 --- a/pandora_console/extras/mr/47.sql +++ b/pandora_console/extras/mr/47.sql @@ -1,9 +1,14 @@ START TRANSACTION; +ALTER TABLE `tusuario` ADD COLUMN `integria_user_level_user` VARCHAR(60); +ALTER TABLE `tusuario` ADD COLUMN `integria_user_level_pass` VARCHAR(45); +ALTER TABLE `tperfil` DROP COLUMN `incident_view`; +ALTER TABLE `tperfil` DROP COLUMN `incident_edit`; +ALTER TABLE `tperfil` DROP COLUMN `incident_management`; ALTER TABLE `talert_snmp_action` ADD COLUMN `al_field16` TEXT NOT NULL AFTER `al_field15`; ALTER TABLE `talert_snmp_action` ADD COLUMN `al_field17` TEXT NOT NULL AFTER `al_field16`; ALTER TABLE `talert_snmp_action` ADD COLUMN `al_field18` TEXT NOT NULL AFTER `al_field17`; ALTER TABLE `talert_snmp_action` ADD COLUMN `al_field19` TEXT NOT NULL AFTER `al_field18`; ALTER TABLE `talert_snmp_action` ADD COLUMN `al_field20` TEXT NOT NULL AFTER `al_field19`; -COMMIT; \ No newline at end of file +COMMIT; diff --git a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql index 3a22bd4f90..6096c8143d 100644 --- a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql +++ b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql @@ -1532,6 +1532,8 @@ ALTER TABLE `tusuario` MODIFY COLUMN `default_event_filter` int(10) unsigned NOT ADD CONSTRAINT `fk_filter_id` FOREIGN KEY `fk_filter_id` (`id_filter`) REFERENCES `tevent_filter` (`id_filter`) ON DELETE SET NULL ON UPDATE RESTRICT, DROP FOREIGN KEY `fk_id_filter`, DROP INDEX `fk_id_filter`; +ALTER TABLE `tusuario` ADD COLUMN `integria_user_level_user` VARCHAR(60); +ALTER TABLE `tusuario` ADD COLUMN `integria_user_level_pass` VARCHAR(45); -- --------------------------------------------------------------------- @@ -4030,3 +4032,6 @@ DELETE FROM `tconfig` WHERE `token` = 'ipam_installed'; DELETE FROM `tconfig` WHERE `token` = 'ipam_recon_script_id'; +ALTER TABLE `tperfil` DROP COLUMN `incident_view`; +ALTER TABLE `tperfil` DROP COLUMN `incident_edit`; +ALTER TABLE `tperfil` DROP COLUMN `incident_management`; \ No newline at end of file diff --git a/pandora_console/general/main_menu.php b/pandora_console/general/main_menu.php index 9a5e4168b4..5a45058c58 100644 --- a/pandora_console/general/main_menu.php +++ b/pandora_console/general/main_menu.php @@ -88,7 +88,6 @@ if (check_acl($config['id_user'], 0, 'AW') || check_acl($config['id_user'], 0, 'LM') || check_acl($config['id_user'], 0, 'UM') || check_acl($config['id_user'], 0, 'LW') - || check_acl($config['id_user'], 0, 'IW') || check_acl($config['id_user'], 0, 'EW') || check_acl($config['id_user'], 0, 'DW') ) { diff --git a/pandora_console/godmode/agentes/agent_incidents.php b/pandora_console/godmode/agentes/agent_incidents.php index 16cdd9370c..3917c2f81a 100644 --- a/pandora_console/godmode/agentes/agent_incidents.php +++ b/pandora_console/godmode/agentes/agent_incidents.php @@ -39,7 +39,7 @@ $offset = (int) get_parameter('offset', 0); // See if id_agente is set (either POST or GET, otherwise -1 $id_agent = (int) get_parameter('id_agente'); -$groups = users_get_groups($config['id_user'], 'IR'); +$groups = users_get_groups($config['id_user'], 'AR'); $filter = ' AND id_agent = '.$id_agent; $url = 'index.php?sec=gagente&sec2=godmode/agentes/configurar_agente&tab=incident&id_agente='.$id_agent; @@ -55,7 +55,7 @@ $params = [ agents_get_name($id_agent), ]; -$result = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incidents', $params, false, 'json', ','); +$result = integria_api_call(null, null, null, null, 'get_incidents', $params, false, 'json', ','); $result = json_decode($result, true); diff --git a/pandora_console/godmode/alerts/configure_alert_action.php b/pandora_console/godmode/alerts/configure_alert_action.php index 459b12d1ac..e6e7dcfbad 100644 --- a/pandora_console/godmode/alerts/configure_alert_action.php +++ b/pandora_console/godmode/alerts/configure_alert_action.php @@ -43,7 +43,7 @@ if (is_ajax()) { if ($get_integria_ticket_custom_types) { $ticket_type_id = get_parameter('ticket_type_id'); - $api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_fields', $ticket_type_id, false, 'json'); + $api_call = integria_api_call(null, null, null, null, 'get_incident_fields', $ticket_type_id, false, 'json'); echo $api_call; return; diff --git a/pandora_console/godmode/gis_maps/configure_gis_map.php b/pandora_console/godmode/gis_maps/configure_gis_map.php index 5b68afaf37..4c921525e6 100644 --- a/pandora_console/godmode/gis_maps/configure_gis_map.php +++ b/pandora_console/godmode/gis_maps/configure_gis_map.php @@ -15,7 +15,7 @@ global $config; check_login(); -$gis_w = check_acl($config['id_user'], 0, 'MW'); +$gis_w = check_acl($config['id_user'], 0, 'MW', false, true, true); $gis_m = check_acl($config['id_user'], 0, 'MM'); $access = ($gis_w == true) ? 'MW' : (($gis_m == true) ? 'MM' : 'MW'); @@ -490,7 +490,7 @@ if (users_can_manage_group_all('MM') === true) { $table->data[2][0] = __('Group'); $table->data[2][1] = html_print_select_groups( false, - 'IW', + 'AR', $return_all_group, 'map_group_id', $map_group_id, diff --git a/pandora_console/godmode/netflow/nf_item_list.php b/pandora_console/godmode/netflow/nf_item_list.php index 558cbb339c..d7a267aed6 100644 --- a/pandora_console/godmode/netflow/nf_item_list.php +++ b/pandora_console/godmode/netflow/nf_item_list.php @@ -20,15 +20,6 @@ require_once $config['homedir'].'/include/functions_html.php'; check_login(); -if (! check_acl($config['id_user'], 0, 'IW')) { - db_pandora_audit( - 'ACL Violation', - 'Trying to access event viewer' - ); - include 'general/noaccess.php'; - return; -} - // id report $id = (int) get_parameter('id'); diff --git a/pandora_console/godmode/setup/setup_integria.php b/pandora_console/godmode/setup/setup_integria.php index 58a3d054ae..d97921ff43 100644 --- a/pandora_console/godmode/setup/setup_integria.php +++ b/pandora_console/godmode/setup/setup_integria.php @@ -41,8 +41,10 @@ if (is_ajax()) { $integria_pass = get_parameter('integria_pass', ''); $integria_api_hostname = get_parameter('api_hostname', ''); $integria_api_pass = get_parameter('api_pass', ''); + $user_level_conf = get_parameter('user_level_conf', 0); + $user_level_conf_bool = $user_level_conf === 'true' ? true : false; - $login_result = integria_api_call($integria_api_hostname, $integria_user, $integria_pass, $integria_api_pass, 'get_login', []); + $login_result = integria_api_call($integria_api_hostname, $integria_user, $integria_pass, $integria_api_pass, 'get_login', [], false, '', '', $user_level_conf_bool); if ($login_result != false) { echo json_encode(['login' => 1]); @@ -53,7 +55,7 @@ if (is_ajax()) { return; } -$has_connection = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_login', []); +$has_connection = integria_api_call(null, null, null, null, 'get_login', []); if ($has_connection === false && $config['integria_enabled']) { ui_print_error_message(__('Integria IMS API is not reachable')); @@ -86,7 +88,7 @@ if (get_parameter('update_config', 0) == 1) { ); } - $ticket_types = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_types', '', false, 'json'); + $ticket_types = integria_api_call(null, null, null, null, 'get_types', '', false, 'json'); $types_string = ''; @@ -216,19 +218,19 @@ $integria_users_values = []; $integria_types_values = []; $integria_status_values = []; -$integria_groups_csv = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_groups', []); +$integria_groups_csv = integria_api_call(null, null, null, null, 'get_groups', []); get_array_from_csv_data_pair($integria_groups_csv, $integria_group_values); -$integria_status_csv = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incidents_status', []); +$integria_status_csv = integria_api_call(null, null, null, null, 'get_incidents_status', []); get_array_from_csv_data_pair($integria_status_csv, $integria_status_values); -$integria_criticity_levels_csv = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_priorities', []); +$integria_criticity_levels_csv = integria_api_call(null, null, null, null, 'get_incident_priorities', []); get_array_from_csv_data_pair($integria_criticity_levels_csv, $integria_criticity_values); -$integria_users_csv = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_users', []); +$integria_users_csv = integria_api_call(null, null, null, null, 'get_users', []); $csv_array = explode("\n", $integria_users_csv); @@ -238,7 +240,7 @@ foreach ($csv_array as $csv_line) { } } -$integria_types_csv = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_types', []); +$integria_types_csv = integria_api_call(null, null, null, null, 'get_types', []); get_array_from_csv_data_pair($integria_types_csv, $integria_types_values); @@ -267,6 +269,12 @@ $table_remote->class = 'databox filters'; $table_remote->size['name'] = '30%'; $table_remote->style['name'] = 'font-weight: bold'; +// Enable eHorus user configuration. +$row = []; +$row['name'] = ('Integria configuration at user level'); +$row['control'] = html_print_checkbox_switch('integria_user_level_conf', 1, $config['integria_user_level_conf'], true); +$table_remote->data['integria_user_level_conf'] = $row; + // Integria user. $row = []; $row['name'] = __('User'); @@ -629,6 +637,29 @@ echo ''; + \ No newline at end of file diff --git a/pandora_console/operation/incidents/incident_statistics.php b/pandora_console/operation/incidents/incident_statistics.php index af1867264f..b4966c1b96 100755 --- a/pandora_console/operation/incidents/incident_statistics.php +++ b/pandora_console/operation/incidents/incident_statistics.php @@ -18,12 +18,6 @@ require_once $config['homedir'].'/include/functions_graph.php'; check_login(); -if (! check_acl($config['id_user'], 0, 'IR') && ! check_acl($config['id_user'], 0, 'IW') && ! check_acl($config['id_user'], 0, 'IM')) { - db_pandora_audit('ACL Violation', 'Trying to access Incident section'); - include 'general/noaccess.php'; - exit; -} - ui_print_page_header(__('Incidents').' » '.__('Statistics'), 'images/book_edit.png', false, '', false, ''); if (!$config['integria_enabled']) { diff --git a/pandora_console/operation/incidents/integriaims_export_csv.php b/pandora_console/operation/incidents/integriaims_export_csv.php index d4be4443d6..04e0970ab4 100644 --- a/pandora_console/operation/incidents/integriaims_export_csv.php +++ b/pandora_console/operation/incidents/integriaims_export_csv.php @@ -20,14 +20,6 @@ require_once '../../include/functions_integriaims.php'; check_login(); -if (! check_acl($config['id_user'], 0, 'IR') && ! check_acl($config['id_user'], 0, 'IW') && ! check_acl($config['id_user'], 0, 'IM')) { - // Doesn't have access to this page. - db_pandora_audit('ACL Violation', 'Trying to access IntegriaIMS ticket creation'); - include 'general/noaccess.php'; - exit; -} - - // API calls. $status_incident = integriaims_get_details('status'); $group_incident = integriaims_get_details('group'); diff --git a/pandora_console/operation/incidents/list_integriaims_incidents.php b/pandora_console/operation/incidents/list_integriaims_incidents.php index a352300cd2..eadf892b04 100644 --- a/pandora_console/operation/incidents/list_integriaims_incidents.php +++ b/pandora_console/operation/incidents/list_integriaims_incidents.php @@ -18,13 +18,6 @@ require_once 'include/functions_integriaims.php'; check_login(); -if (! check_acl($config['id_user'], 0, 'IR')) { - // Doesn't have access to this page. - db_pandora_audit('ACL Violation', 'Trying to access IntegriaIMS ticket creation'); - include 'general/noaccess.php'; - exit; -} - // Header tabs. $onheader = integriaims_tabs('list_tab'); ui_print_page_header( @@ -43,7 +36,7 @@ if ($config['integria_enabled'] == 0) { } // Check connection to Integria IMS API. -$has_connection = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_login', []); +$has_connection = integria_api_call(null, null, null, null, 'get_login', []); if ($has_connection === false) { ui_print_error_message(__('Integria IMS API is not reachable')); @@ -70,10 +63,10 @@ $delete_incident = get_parameter('delete_incident'); if ($delete_incident) { // Call Integria IMS API method to delete an incident. $result_api_call_delete = integria_api_call( - $config['integria_hostname'], - $config['integria_user'], - $config['integria_pass'], - $config['integria_api_pass'], + null, + null, + null, + null, 'delete_incident', [$delete_incident] ); @@ -266,9 +259,7 @@ $table->head[4] = __('Prior'); $table->head[5] = __('Updated/Started'); $table->head[6] = __('Creator'); $table->head[7] = __('Owner'); -if (check_acl($config['id_user'], 0, 'IW') || check_acl($config['id_user'], 0, 'IM')) { - $table->head[8] = ''; -} +$table->head[8] = ''; $table->data = []; $i = 0; @@ -294,18 +285,14 @@ foreach ($incidents_paginated as $key => $value) { $table->data[$i][7] = $array_get_incidents[$key][5]; $table->data[$i][8] = ''; $table->cellclass[$i][8] = 'action_buttons'; - if (check_acl($config['id_user'], 0, 'IW')) { - $table->data[$i][8] .= ''; - $table->data[$i][8] .= html_print_image('images/config.png', true, ['title' => __('Edit')]); - $table->data[$i][8] .= ''; - } + $table->data[$i][8] .= ''; + $table->data[$i][8] .= html_print_image('images/config.png', true, ['title' => __('Edit')]); + $table->data[$i][8] .= ''; - if (check_acl($config['id_user'], 0, 'IM')) { - $table->data[$i][8] .= ''; - $table->data[$i][8] .= html_print_image('images/cross.png', true, ['title' => __('Delete'), 'class' => 'invert_filter']); - $table->data[$i][8] .= ''; - } + $table->data[$i][8] .= ''; + $table->data[$i][8] .= html_print_image('images/cross.png', true, ['title' => __('Delete'), 'class' => 'invert_filter']); + $table->data[$i][8] .= ''; $i++; } @@ -320,13 +307,11 @@ if (empty($table->data) === true) { } // Show button to create incident. -if (check_acl($config['id_user'], 0, 'IR')) { - echo '
'; - echo '
'; - html_print_submit_button(__('Create'), 'create_new_incident', false, 'class="sub next"'); - echo '
'; - echo '
'; -} +echo '
'; + echo '
'; + html_print_submit_button(__('Create'), 'create_new_incident', false, 'class="sub next"'); + echo '
'; +echo '
'; // Datapicker library for show calendar. ui_require_jquery_file('ui.datepicker-'.get_user_language(), 'include/javascript/i18n/'); diff --git a/pandora_console/operation/menu.php b/pandora_console/operation/menu.php index 9013cd7c32..1d8178f1af 100644 --- a/pandora_console/operation/menu.php +++ b/pandora_console/operation/menu.php @@ -270,9 +270,9 @@ if (check_acl($config['id_user'], 0, 'MR') || check_acl($config['id_user'], 0, ' $own_info = get_user_info($config['id_user']); if ($own_info['is_admin'] || check_acl($config['id_user'], 0, 'PM')) { - $own_groups = array_keys(users_get_groups($config['id_user'], 'IR')); + $own_groups = array_keys(users_get_groups($config['id_user'], 'MR')); } else { - $own_groups = array_keys(users_get_groups($config['id_user'], 'IR', false)); + $own_groups = array_keys(users_get_groups($config['id_user'], 'MR', false)); } foreach ($gisMaps as $gisMap) { @@ -281,10 +281,6 @@ if (check_acl($config['id_user'], 0, 'MR') || check_acl($config['id_user'], 0, ' continue; } - if (! check_acl($config['id_user'], $gisMap['group_id'], 'IR')) { - continue; - } - $sub2['operation/gis_maps/render_view&map_id='.$gisMap['id_tgis_map']]['text'] = mb_substr(io_safe_output($gisMap['map_name']), 0, 15); $sub2['operation/gis_maps/render_view&map_id='.$gisMap['id_tgis_map']]['id'] = mb_substr(io_safe_output($gisMap['map_name']), 0, 15); $sub2['operation/gis_maps/render_view&map_id='.$gisMap['id_tgis_map']]['title'] = io_safe_output($gisMap['map_name']); @@ -462,30 +458,25 @@ $sub['operation/users/user_edit_notifications']['refr'] = 0; // Incidents. -if (check_acl($config['id_user'], 0, 'IR') - || check_acl($config['id_user'], 0, 'IW') - || check_acl($config['id_user'], 0, 'IM') -) { - $temp_sec2 = $sec2; - $sec2 = 'incident'; - $sec2sub = 'operation/incidents/incident_statistics'; - $sub[$sec2]['text'] = __('Incidents'); - $sub[$sec2]['id'] = 'Incidents'; - $sub[$sec2]['type'] = 'direct'; - $sub[$sec2]['subtype'] = 'nolink'; - $sub[$sec2]['refr'] = 0; - $sub[$sec2]['subsecs'] = [ - 'operation/incidents/incident_detail', - 'operation/integria_incidents', - ]; +$temp_sec2 = $sec2; +$sec2 = 'incident'; +$sec2sub = 'operation/incidents/incident_statistics'; +$sub[$sec2]['text'] = __('Incidents'); +$sub[$sec2]['id'] = 'Incidents'; +$sub[$sec2]['type'] = 'direct'; +$sub[$sec2]['subtype'] = 'nolink'; +$sub[$sec2]['refr'] = 0; +$sub[$sec2]['subsecs'] = [ + 'operation/incidents/incident_detail', + 'operation/integria_incidents', +]; - $sub2 = []; - $sub2[$sec2sub]['text'] = __('Integria IMS statistics'); - $sub2['operation/incidents/list_integriaims_incidents']['text'] = __('Integria IMS ticket list'); +$sub2 = []; +$sub2[$sec2sub]['text'] = __('Integria IMS statistics'); +$sub2['operation/incidents/list_integriaims_incidents']['text'] = __('Integria IMS ticket list'); - $sub[$sec2]['sub2'] = $sub2; - $sec2 = $temp_sec2; -} +$sub[$sec2]['sub2'] = $sub2; +$sec2 = $temp_sec2; // Messages. diff --git a/pandora_console/operation/netflow/nf_live_view.php b/pandora_console/operation/netflow/nf_live_view.php index dae0c9457a..a27686f8a7 100644 --- a/pandora_console/operation/netflow/nf_live_view.php +++ b/pandora_console/operation/netflow/nf_live_view.php @@ -370,7 +370,7 @@ if (is_metaconsole()) { ).''; $own_info = get_user_info($config['id_user']); echo ''.__('Group').''; - echo "".html_print_select_groups($config['id_user'], 'IW', $own_info['is_admin'], 'assign_group', $filter['id_group'], '', '', -1, true, false, false).''; + echo "".html_print_select_groups($config['id_user'], 'AR', $own_info['is_admin'], 'assign_group', $filter['id_group'], '', '', -1, true, false, false).''; echo ''; $advanced_toggle = ''; diff --git a/pandora_console/operation/search_graphs.getdata.php b/pandora_console/operation/search_graphs.getdata.php index 9874ef37e2..13db4c2923 100644 --- a/pandora_console/operation/search_graphs.getdata.php +++ b/pandora_console/operation/search_graphs.getdata.php @@ -16,7 +16,7 @@ global $config; require_once 'include/functions_custom_graphs.php'; // Check ACL -$searchGraphs = check_acl($config['id_user'], 0, 'IR'); +$searchGraphs = check_acl($config['id_user'], 0, 'RR'); $graphs = false; diff --git a/pandora_console/operation/search_graphs.php b/pandora_console/operation/search_graphs.php index 69df4e4ded..8f76f0dea8 100755 --- a/pandora_console/operation/search_graphs.php +++ b/pandora_console/operation/search_graphs.php @@ -15,7 +15,7 @@ global $config; require_once 'include/functions_custom_graphs.php'; -$searchGraphs = check_acl($config['id_user'], 0, 'IR'); +$searchGraphs = check_acl($config['id_user'], 0, 'RR'); if ($graphs === false || !$searchGraphs) { echo "
".__('Zero results found')."
\n"; diff --git a/pandora_console/operation/search_helps.php b/pandora_console/operation/search_helps.php index 2433355571..b205d265ef 100644 --- a/pandora_console/operation/search_helps.php +++ b/pandora_console/operation/search_helps.php @@ -13,8 +13,6 @@ // GNU General Public License for more details. global $config; -$totalHelps = check_acl($config['id_user'], 0, 'IR'); - if ($helps === false || !$searchHelps) { echo "
".__('Zero results found.').sprintf( __('You can find more help in the wiki'), diff --git a/pandora_console/operation/search_maps.getdata.php b/pandora_console/operation/search_maps.getdata.php index 2f8fa18a49..e96113cbb3 100644 --- a/pandora_console/operation/search_maps.getdata.php +++ b/pandora_console/operation/search_maps.getdata.php @@ -13,7 +13,7 @@ // GNU General Public License for more details. global $config; -$searchMaps = check_acl($config['id_user'], 0, 'IR'); +$searchMaps = check_acl($config['id_user'], 0, 'VR'); $maps = false; $totalMaps = 0; diff --git a/pandora_console/operation/search_maps.php b/pandora_console/operation/search_maps.php index 804051f000..0ab656d9b5 100755 --- a/pandora_console/operation/search_maps.php +++ b/pandora_console/operation/search_maps.php @@ -13,7 +13,7 @@ // GNU General Public License for more details. global $config; -$searchMaps = check_acl($config['id_user'], 0, 'IR'); +$searchMaps = check_acl($config['id_user'], 0, 'VR'); if ($maps === false || !$searchMaps) { echo "
".__('Zero results found')."
\n"; diff --git a/pandora_console/operation/search_reports.php b/pandora_console/operation/search_reports.php index ee565676eb..d86b0c5446 100755 --- a/pandora_console/operation/search_reports.php +++ b/pandora_console/operation/search_reports.php @@ -19,9 +19,7 @@ require_once 'include/functions_reports.php'; $linkReport = false; $searchReports = check_acl($config['id_user'], 0, 'RR'); -if (check_acl($config['id_user'], 0, 'IW')) { - $linkReport = true; -} +$linkReport = true; if ($reports === false || !$searchReports) { echo "
".__('Zero results found')."
\n"; diff --git a/pandora_console/operation/search_results.php b/pandora_console/operation/search_results.php index e1a9d078e3..5e0fa14384 100644 --- a/pandora_console/operation/search_results.php +++ b/pandora_console/operation/search_results.php @@ -19,7 +19,8 @@ enterprise_include('operation/reporting/custom_reporting.php'); $searchAgents = $searchAlerts = $searchModules = check_acl($config['id_user'], 0, 'AR'); $searchUsers = $searchPolicies = check_acl($config['id_user'], 0, 'AR'); -$searchMaps = $searchReports = $searchGraphs = check_acl($config['id_user'], 0, 'IR'); +$searchReports = $searchGraphs = check_acl($config['id_user'], 0, 'RR'); +$searchMaps = check_acl($config['id_user'], 0, 'VR'); $searchMain = true; $searchHelps = true; diff --git a/pandora_console/operation/snmpconsole/snmp_view.php b/pandora_console/operation/snmpconsole/snmp_view.php index 5442f75823..1ac05621bc 100755 --- a/pandora_console/operation/snmpconsole/snmp_view.php +++ b/pandora_console/operation/snmpconsole/snmp_view.php @@ -133,10 +133,10 @@ if ($config['pure']) { // OPERATIONS -// Delete SNMP Trap entry Event (only incident management access). +// Delete SNMP Trap entry Event. if (isset($_GET['delete'])) { $id_trap = (int) get_parameter_get('delete', 0); - if ($id_trap > 0 && check_acl($config['id_user'], 0, 'IM')) { + if ($id_trap > 0) { if ($group_by) { $sql_ids_traps = 'SELECT id_trap, source FROM ttrap WHERE oid IN (SELECT oid FROM ttrap WHERE id_trap = '.$id_trap.') AND source IN (SELECT source FROM ttrap WHERE id_trap = '.$id_trap.')'; @@ -156,42 +156,30 @@ if (isset($_GET['delete'])) { __('Could not be deleted') ); } - } else { - db_pandora_audit( - 'ACL Violation', - 'Trying to delete SNMP event ID #'.$id_trap - ); } } -// Check Event (only incident write access). +// Check Event. if (isset($_GET['check'])) { $id_trap = (int) get_parameter_get('check', 0); - if (check_acl($config['id_user'], 0, 'IW')) { - $values = [ - 'status' => 1, - 'id_usuario' => $config['id_user'], - ]; - $result = db_process_sql_update('ttrap', $values, ['id_trap' => $id_trap]); - enterprise_hook('snmp_update_forwarded_modules', [$id_trap]); + $values = [ + 'status' => 1, + 'id_usuario' => $config['id_user'], + ]; + $result = db_process_sql_update('ttrap', $values, ['id_trap' => $id_trap]); + enterprise_hook('snmp_update_forwarded_modules', [$id_trap]); - ui_print_result_message( - $result, - __('Successfully updated'), - __('Could not be updated') - ); - } else { - db_pandora_audit( - 'ACL Violation', - 'Trying to checkout SNMP Trap ID'.$id_trap - ); - } + ui_print_result_message( + $result, + __('Successfully updated'), + __('Could not be updated') + ); } // Mass-process DELETE. if (isset($_POST['deletebt'])) { $trap_ids = get_parameter_post('snmptrapid', []); - if (is_array($trap_ids) && check_acl($config['id_user'], 0, 'IW')) { + if (is_array($trap_ids)) { if ($group_by) { foreach ($trap_ids as $key => $value) { $sql_ids_traps = 'SELECT id_trap, source FROM ttrap WHERE oid IN (SELECT oid FROM ttrap WHERE id_trap = '.$value.') @@ -210,28 +198,18 @@ if (isset($_POST['deletebt'])) { enterprise_hook('snmp_update_forwarded_modules', [$forward_info]); } } - } else { - db_pandora_audit( - 'ACL Violation', - 'Trying to mass-delete SNMP Trap ID' - ); } } // Mass-process UPDATE. if (isset($_POST['updatebt'])) { $trap_ids = get_parameter_post('snmptrapid', []); - if (is_array($trap_ids) && check_acl($config['id_user'], 0, 'IW')) { + if (is_array($trap_ids)) { foreach ($trap_ids as $id_trap) { $sql = sprintf("UPDATE ttrap SET status = 1, id_usuario = '%s' WHERE id_trap = %d", $config['id_user'], $id_trap); db_process_sql($sql); enterprise_hook('snmp_update_forwarded_modules', [$id_trap]); } - } else { - db_pandora_audit( - 'ACL Violation', - 'Trying to mass-delete SNMP Trap ID' - ); } } @@ -1025,7 +1003,7 @@ if ($traps !== false) { // Actions. $data[8] = ''; - if (empty($trap['status']) && check_acl($config['id_user'], 0, 'IW')) { + if (empty($trap['status'])) { $data[8] .= ''.html_print_image('images/ok.png', true, ['border' => '0', 'title' => __('Validate')]).' '; } @@ -1045,17 +1023,15 @@ if ($traps !== false) { } else { $agent_trap_group = db_get_value('id_grupo', 'tagente', 'nombre', $trap['source']); - if ((check_acl($config['id_user'], $agent_trap_group, 'IM'))) { - $data[8] .= ''.html_print_image( - 'images/cross.png', - true, - [ - 'border' => '0', - 'title' => __('Delete'), - 'class' => 'invert_filter', - ] - ).' '; - } + $data[8] .= ''.html_print_image( + 'images/cross.png', + true, + [ + 'border' => '0', + 'title' => __('Delete'), + 'class' => 'invert_filter', + ] + ).' '; } $data[8] .= ''.html_print_image( @@ -1217,14 +1193,11 @@ if ($idx == 0) { unset($table); echo '
'; -if (check_acl($config['id_user'], 0, 'IW')) { - html_print_submit_button(__('Validate'), 'updatebt', false, 'class="sub ok"'); -} -if (check_acl($config['id_user'], 0, 'IM')) { - echo ' '; - html_print_submit_button(__('Delete'), 'deletebt', false, 'class="sub delete" onClick="javascript:return confirm(\''.__('Are you sure?').'\')"'); -} +html_print_submit_button(__('Validate'), 'updatebt', false, 'class="sub ok"'); + +echo ' '; +html_print_submit_button(__('Delete'), 'deletebt', false, 'class="sub delete" onClick="javascript:return confirm(\''.__('Are you sure?').'\')"'); echo '
'; diff --git a/pandora_console/operation/users/user_edit.php b/pandora_console/operation/users/user_edit.php index e808a0a271..ca2ad3b012 100644 --- a/pandora_console/operation/users/user_edit.php +++ b/pandora_console/operation/users/user_edit.php @@ -127,7 +127,8 @@ if (isset($_GET['modified']) && !$view_mode) { $upd_info['ehorus_user_level_pass'] = get_parameter('ehorus_user_level_pass'); $upd_info['ehorus_user_level_enabled'] = get_parameter('ehorus_user_level_enabled', 0); - + $upd_info['integria_user_level_user'] = get_parameter('integria_user_level_user'); + $upd_info['integria_user_level_pass'] = get_parameter('integria_user_level_pass'); $is_admin = db_get_value('is_admin', 'tusuario', 'id_user', $id); @@ -731,12 +732,57 @@ if ($config['ehorus_enabled'] && $config['ehorus_user_level_conf']) { $row['control'] .= ''; $table_remote->data['ehorus_test'] = $row; - echo '
'; - + echo '
'; html_print_table($table_remote); echo '
'; } +if ($config['integria_enabled'] && $config['integria_user_level_conf']) { + // Integria IMS user remote login. + $table_remote = new StdClass(); + $table_remote->data = []; + $table_remote->width = '100%'; + $table_remote->id = 'integria-remote-setup'; + $table_remote->class = 'white_box'; + $table_remote->size['name'] = '30%'; + $table_remote->style['name'] = 'font-weight: bold'; + + // Integria IMS user level authentication. + // Title + $row = []; + $row['control'] = '

'.__('Integria user configuration').':

'; + $table_remote->data['integria_user_level_conf'] = $row; + + // Integria IMS user. + $row = []; + $row['name'] = __('User'); + $row['control'] = html_print_input_text('integria_user_level_user', $user_info['integria_user_level_user'], '', 30, 100, true); + $table_remote->data['integria_user_level_user'] = $row; + + // Integria IMS pass. + $row = []; + $row['name'] = __('Password'); + $row['control'] = html_print_input_password('integria_user_level_pass', io_output_password($user_info['integria_user_level_pass']), '', 30, 100, true); + $table_remote->data['integria_user_level_pass'] = $row; + + // Test. + $integria_host = db_get_value('value', 'tconfig', 'token', 'integria_hostname'); + $integria_api_pass = db_get_value('value', 'tconfig', 'token', 'integria_api_pass'); + + $row = []; + $row['name'] = __('Test'); + $row['control'] = html_print_button(__('Start'), 'test-integria', false, 'integria_connection_test("'.$integria_host.'",'.$integria_api_pass.')', 'class="sub next"', true); + $row['control'] .= ' '; + $row['control'] .= ' '; + $row['control'] .= ' '; + $row['control'] .= ''; + $table_remote->data['integria_test'] = $row; + + echo '
'; + html_print_table($table_remote); + echo '
'; +} + echo '
'; if (!$config['user_can_update_info']) { @@ -1280,4 +1326,75 @@ function ehorus_connection_test(host, port) { hideLoadingImage(); }); } + +function integria_connection_test(api_hostname, api_pass) { + var user = $('input#text-integria_user_level_user').val(); + var pass = $('input#password-integria_user_level_pass').val(); + + var badRequestMessage = ''; + var notFoundMessage = ''; + var invalidPassMessage = ''; + + var hideLoadingImage = function () { + $('#test-integria-spinner').hide(); + } + var showLoadingImage = function () { + $('#test-integria-spinner').show(); + } + var hideSuccessImage = function () { + $('#test-integria-success').hide(); + } + var showSuccessImage = function () { + $('#test-integria-success').show(); + } + var hideFailureImage = function () { + $('#test-integria-failure').hide(); + } + var showFailureImage = function () { + $('#test-integria-failure').show(); + } + var hideMessage = function () { + $('#test-integria-message').hide(); + } + var showMessage = function () { + $('#test-integria-message').show(); + } + var changeTestMessage = function (message) { + $('#test-integria-message').text(message); + } + + hideSuccessImage(); + hideFailureImage(); + hideMessage(); + showLoadingImage(); + + $.ajax({ + url: "ajax.php", + type: 'POST', + dataType: 'json', + data: { + page: 'godmode/setup/setup_integria', + operation: 'check_api_access', + integria_user: user, + integria_pass: pass, + api_hostname: api_hostname, + api_pass: api_pass, + } + }) + .done(function(data, textStatus, xhr) { + if (data.login == '1') { + showSuccessImage(); + } else { + showFailureImage(); + showMessage(); + } + }) + .fail(function(xhr, textStatus, errorThrown) { + showFailureImage(); + showMessage(); + }) + .always(function(xhr, textStatus) { + hideLoadingImage(); + }); + } diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql index 90f2e4a076..cbbda24ab5 100644 --- a/pandora_console/pandoradb.sql +++ b/pandora_console/pandoradb.sql @@ -1049,9 +1049,6 @@ CREATE TABLE IF NOT EXISTS `torigen` ( CREATE TABLE IF NOT EXISTS `tperfil` ( `id_perfil` int(10) unsigned NOT NULL auto_increment, `name` TEXT NOT NULL, - `incident_edit` tinyint(1) NOT NULL DEFAULT 0, - `incident_view` tinyint(1) NOT NULL DEFAULT 0, - `incident_management` tinyint(1) NOT NULL DEFAULT 0, `agent_view` tinyint(1) NOT NULL DEFAULT 0, `agent_edit` tinyint(1) NOT NULL DEFAULT 0, `alert_edit` tinyint(1) NOT NULL DEFAULT 0, @@ -1267,6 +1264,8 @@ CREATE TABLE IF NOT EXISTS `tusuario` ( `ehorus_user_level_user` VARCHAR(60), `ehorus_user_level_pass` VARCHAR(45), `ehorus_user_level_enabled` TINYINT(1), + `integria_user_level_user` VARCHAR(60), + `integria_user_level_pass` VARCHAR(45), CONSTRAINT `fk_filter_id` FOREIGN KEY (`id_filter`) REFERENCES tevent_filter (`id_filter`) ON DELETE SET NULL, UNIQUE KEY `id_user` (`id_user`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/pandora_console/pandoradb_data.sql b/pandora_console/pandoradb_data.sql index 6fe259d898..b1d5f860c7 100644 --- a/pandora_console/pandoradb_data.sql +++ b/pandora_console/pandoradb_data.sql @@ -364,7 +364,7 @@ INSERT INTO `tusuario_perfil` (`id_up`, `id_usuario`, `id_perfil`, `id_grupo`, ` -- Dumping data for table `tperfil` -- -INSERT INTO `tperfil` VALUES (1,'Operator (Read)',0,1,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,1,0,0),(2,'Operator (Write)',1,1,0,1,0,0,0,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0),(3,'Chief Operator',1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,0,1,1,1,1,1,1,1),(4,'Group coordinator',1,1,1,1,1,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1),(5,'Pandora Administrator',1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1); +INSERT INTO `tperfil` VALUES (1,'Operator (Read)',1,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,1,0,0),(2,'Operator (Write)',1,0,0,0,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0),(3,'Chief Operator',1,0,0,0,0,0,0,1,1,1,1,1,0,1,1,1,1,1,1,1),(4,'Group coordinator',1,1,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1),(5,'Pandora Administrator',1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1); -- -- Dumping data for table `tnews` diff --git a/pandora_server/util/pandora_manage.pl b/pandora_server/util/pandora_manage.pl index 1f5c6c9c04..ae53f07dbf 100755 --- a/pandora_server/util/pandora_manage.pl +++ b/pandora_server/util/pandora_manage.pl @@ -192,8 +192,8 @@ sub help_screen{ help_screen_line('--add_profile', ' ', 'Add perfil to user'); help_screen_line('--delete_profile', ' ', 'Delete perfil from user'); help_screen_line('--add_profile_to_user', ' []', 'Add a profile in group to a user'); - help_screen_line('--create_profile', " \n\t \n\t \n\t \n\t ", 'Create profile'); - help_screen_line('--update_profile', " \n\t \n\t \n\t \n\t ", 'Modify profile'); + help_screen_line('--create_profile', " \n\t \n\t \n\t \n\t ", 'Create profile'); + help_screen_line('--update_profile', " \n\t \n\t \n\t \n\t ", 'Modify profile'); help_screen_line('--disable_eacl', '', 'Disable enterprise ACL system'); help_screen_line('--enable_eacl', '', 'Enable enterprise ACL system'); help_screen_line('--disable_double_auth', '', 'Disable the double authentication for the specified user'); @@ -563,14 +563,14 @@ sub pandora_create_user_profile ($$$$) { ########################################################################## ## Create profile. ########################################################################## -sub pandora_create_profile ($$$$$$$$$$$$$$$$$$$$$$$$$) { - my ($dbh, $profile_name, $incident_view,$incident_edit, $incident_management, $agent_view, +sub pandora_create_profile ($$$$$$$$$$$$$$$$$$$$$$) { + my ($dbh, $profile_name, $agent_view, $agent_edit, $agent_disable, $alert_edit, $alert_management, $user_management, $db_management, $event_view, $event_edit, $event_management, $report_view, $report_edit, $report_management, $map_view, $map_edit, $map_management, $vconsole_view, $vconsole_edit, $vconsole_management, $pandora_management) = @_; - return db_insert ($dbh, 'id_up', 'INSERT INTO tperfil (name,incident_view,incident_edit,incident_management,agent_view,agent_edit,agent_disable,alert_edit,alert_management,user_management,db_management,event_view,event_edit,event_management,report_view,report_edit,report_management,map_view,map_edit,map_management,vconsole_view,vconsole_edit,vconsole_management,pandora_management) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);', - safe_input($profile_name), $incident_view,$incident_edit, $incident_management, $agent_view, + return db_insert ($dbh, 'id_up', 'INSERT INTO tperfil (name,agent_view,agent_edit,agent_disable,alert_edit,alert_management,user_management,db_management,event_view,event_edit,event_management,report_view,report_edit,report_management,map_view,map_edit,map_management,vconsole_view,vconsole_edit,vconsole_management,pandora_management) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);', + safe_input($profile_name), $agent_view, $agent_edit, $agent_disable, $alert_edit, $alert_management, $user_management, $db_management, $event_view, $event_edit, $event_management, $report_view, $report_edit, $report_management, $map_view, $map_edit, $map_management, $vconsole_view, $vconsole_edit, $vconsole_management, $pandora_management); @@ -579,14 +579,14 @@ sub pandora_create_profile ($$$$$$$$$$$$$$$$$$$$$$$$$) { ########################################################################## #### Update profile. ########################################################################### -sub pandora_update_profile ($$$$$$$$$$$$$$$$$$$$$$$$$) { - my ($dbh, $profile_name, $incident_view,$incident_edit, $incident_management, $agent_view, +sub pandora_update_profile ($$$$$$$$$$$$$$$$$$$$$$) { + my ($dbh, $profile_name, $agent_view, $agent_edit, $agent_disable, $alert_edit, $alert_management, $user_management, $db_management, $event_view, $event_edit, $event_management, $report_view, $report_edit, $report_management, $map_view, $map_edit, $map_management, $vconsole_view, $vconsole_edit, $vconsole_management, $pandora_management) = @_; - return db_update ($dbh, 'UPDATE tperfil SET incident_view = ?, incident_edit = ?, incident_management = ?, agent_view = ?, agent_edit = ?, agent_disable = ?, alert_edit = ?, alert_management = ?, user_management = ?, db_management = ?, event_view = ?, event_edit = ?, event_management = ?, report_view = ?, report_edit = ?, report_management = ?, map_view = ?, map_edit = ?, map_management = ?, vconsole_view = ?, vconsole_edit = ?, vconsole_management = ?, pandora_management = ? WHERE name=?;', - $incident_view,$incident_edit, $incident_management, $agent_view, + return db_update ($dbh, 'UPDATE tperfil SET agent_view = ?, agent_edit = ?, agent_disable = ?, alert_edit = ?, alert_management = ?, user_management = ?, db_management = ?, event_view = ?, event_edit = ?, event_management = ?, report_view = ?, report_edit = ?, report_management = ?, map_view = ?, map_edit = ?, map_management = ?, vconsole_view = ?, vconsole_edit = ?, vconsole_management = ?, pandora_management = ? WHERE name=?;', + $agent_view, $agent_edit, $agent_disable, $alert_edit, $alert_management, $user_management, $db_management, $event_view, $event_edit, $event_management, $report_view, $report_edit, $report_management, $map_view, $map_edit, $map_management, $vconsole_view, $vconsole_edit, $vconsole_management, $pandora_management, safe_input($profile_name)); @@ -4008,7 +4008,7 @@ sub cli_add_profile() { ############################################################################## sub cli_create_profile() { - my ($profile_name,$incident_view,$incident_edit,$incident_management,$agent_view, + my ($profile_name,$agent_view, $agent_edit,$agent_disable,$alert_edit,$alert_management,$user_management,$db_management, $event_view,$event_edit,$event_management,$report_view,$report_edit,$report_management, $map_view,$map_edit,$map_management,$vconsole_view,$vconsole_edit,$vconsole_management,$pandora_management) = @ARGV[2..25]; @@ -4016,7 +4016,7 @@ sub cli_create_profile() { my $id_profile = get_profile_id($dbh,$profile_name); non_exist_check($id_profile,'profile',$profile_name); - pandora_create_profile ($dbh, $profile_name, $incident_view, $incident_edit, $incident_management, $agent_view, + pandora_create_profile ($dbh, $profile_name, $agent_view, $agent_edit, $agent_disable, $alert_edit, $alert_management, $user_management, $db_management, $event_view, $event_edit, $event_management, $report_view, $report_edit, $report_management, $map_view, $map_edit, $map_management, $vconsole_view, $vconsole_edit, $vconsole_management, $pandora_management); @@ -4028,7 +4028,7 @@ sub cli_create_profile() { ############################################################################## # sub cli_update_profile() { - my ($profile_name,$incident_view,$incident_edit,$incident_management,$agent_view, + my ($profile_name,$agent_view, $agent_edit,$agent_disable,$alert_edit,$alert_management,$user_management,$db_management, $event_view,$event_edit,$event_management,$report_view,$report_edit,$report_management, $map_view,$map_edit,$map_management,$vconsole_view,$vconsole_edit,$vconsole_management,$pandora_management) = @ARGV[2..25]; @@ -4036,7 +4036,7 @@ sub cli_update_profile() { my $id_profile = get_profile_id($dbh,$profile_name); exist_check($id_profile,'profile',$profile_name); - pandora_update_profile ($dbh, $profile_name, $incident_view, $incident_edit, $incident_management, $agent_view, + pandora_update_profile ($dbh, $profile_name, $agent_view, $agent_edit, $agent_disable, $alert_edit, $alert_management, $user_management, $db_management, $event_view, $event_edit, $event_management, $report_view, $report_edit, $report_management, $map_view, $map_edit, $map_management, $vconsole_view, $vconsole_edit, $vconsole_management, $pandora_management);