ACL improvements for the module graphs

pandora_console/include/functions_treeview.php

@@ -314,6 +314,8 @@ function treeview_printTable($id_agente, $server_data = array()) {
 	enterprise_include_once ('meta/include/functions_ui_meta.php');
 	include_graphs_dependencies();
 	
+	$strict_user = (bool) db_get_value("strict_acl", "tusuario", "id_user", $config['id_user']);
+	
 	$is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente));
 	
 	if ($is_extra === ENTERPRISE_NOT_HOOK) {
@@ -545,25 +547,41 @@ function treeview_printTable($id_agente, $server_data = array()) {
 		$table->data = array();
 		
 		foreach ($network_interfaces as $interface_name => $interface) {
-			if (!empty($interface['traffic']) && check_acl($config['id_user'], $agent["id_grupo"], "RR")) {
-				$params = array(
-						'interface_name' => $interface_name,
-						'agent_id' => $id_agente,
-						'traffic_module_in' => $interface['traffic']['in'],
-						'traffic_module_out' => $interface['traffic']['out']
-					);
+			if (!empty($interface['traffic'])) {
+				$permission = false;
 				
-				if (defined('METACONSOLE') && !empty($server_id))
-					$params["server"] = $server_id;
+				if ($strict_user) {
+					if (tags_check_acl_by_module($interface['traffic']['in'], $config['id_user'], 'RR') === true
+							&& tags_check_acl_by_module($interface['traffic']['out'], $config['id_user'], 'RR') === true)
+						$permission = true;
+				}
+				else {
+					$permission = check_acl($config['id_user'], $agent["id_grupo"], "RR");
+				}
 				
-				$params_json = json_encode($params);
-				$params_encoded = base64_encode($params_json);
-				$url = ui_get_full_url("operation/agentes/interface_traffic_graph_win.php", false, false, false);
-				$graph_url = "$url?params=$params_encoded";
-				$win_handle = dechex(crc32($interface['status_module_id'].$interface_name));
-				
-				$graph_link = "<a href=\"javascript:winopeng('$graph_url','$win_handle')\">" .
-					html_print_image("images/chart_curve.png", true, array("title" => __('Interface traffic'))) . "</a>";
+				if ($permission) {
+					$params = array(
+							'interface_name' => $interface_name,
+							'agent_id' => $id_agente,
+							'traffic_module_in' => $interface['traffic']['in'],
+							'traffic_module_out' => $interface['traffic']['out']
+						);
+					
+					if (defined('METACONSOLE') && !empty($server_id))
+						$params["server"] = $server_id;
+					
+					$params_json = json_encode($params);
+					$params_encoded = base64_encode($params_json);
+					$url = ui_get_full_url("operation/agentes/interface_traffic_graph_win.php", false, false, false);
+					$graph_url = "$url?params=$params_encoded";
+					$win_handle = dechex(crc32($interface['status_module_id'].$interface_name));
+					
+					$graph_link = "<a href=\"javascript:winopeng('$graph_url','$win_handle')\">" .
+						html_print_image("images/chart_curve.png", true, array("title" => __('Interface traffic'))) . "</a>";
+				}
+				else {
+					$graph_link = "";
+				}
 			}
 			else {
 				$graph_link = "";

pandora_console/operation/agentes/estado_generalagente.php

@@ -29,6 +29,7 @@ include_once($config['homedir'] . "/include/functions_clippy.php");
 
 check_login ();
 
+$strict_user = (bool) db_get_value("strict_acl", "tusuario", "id_user", $config['id_user']);
 
 $id_agente = get_parameter_get ("id_agente", -1);
 
@@ -415,17 +416,33 @@ if (!empty($network_interfaces)) {
 	
 	foreach ($network_interfaces as $interface_name => $interface) {
 		if (!empty($interface['traffic'])) {
-			$params = array(
-					'interface_name' => $interface_name,
-					'agent_id' => $id_agente,
-					'traffic_module_in' => $interface['traffic']['in'],
-					'traffic_module_out' => $interface['traffic']['out']
-				);
-			$params_json = json_encode($params);
-			$params_encoded = base64_encode($params_json);
-			$win_handle = dechex(crc32($interface['status_module_id'].$interface_name));
-			$graph_link = "<a href=\"javascript:winopeng('operation/agentes/interface_traffic_graph_win.php?params=$params_encoded','$win_handle')\">" .
-				html_print_image("images/chart_curve.png", true, array("title" => __('Interface traffic'))) . "</a>";
+			$permission = false;
+			
+			if ($strict_user) {
+				if (tags_check_acl_by_module($interface['traffic']['in'], $config['id_user'], 'RR') === true
+						&& tags_check_acl_by_module($interface['traffic']['out'], $config['id_user'], 'RR') === true)
+					$permission = true;
+			}
+			else {
+				$permission = check_acl($config['id_user'], $agent["id_grupo"], "RR");
+			}
+			
+			if ($permission) {
+				$params = array(
+						'interface_name' => $interface_name,
+						'agent_id' => $id_agente,
+						'traffic_module_in' => $interface['traffic']['in'],
+						'traffic_module_out' => $interface['traffic']['out']
+					);
+				$params_json = json_encode($params);
+				$params_encoded = base64_encode($params_json);
+				$win_handle = dechex(crc32($interface['status_module_id'].$interface_name));
+				$graph_link = "<a href=\"javascript:winopeng('operation/agentes/interface_traffic_graph_win.php?params=$params_encoded','$win_handle')\">" .
+					html_print_image("images/chart_curve.png", true, array("title" => __('Interface traffic'))) . "</a>";
+			}
+			else {
+				$graph_link = "";
+			}
 		}
 		else {
 			$graph_link = "";

pandora_console/operation/agentes/interface_traffic_graph_win.php

@@ -21,13 +21,15 @@ if (! isset($_SESSION['id_usuario'])) {
 
 // Global & session management
 require_once ('../../include/config.php');
-require_once ('../../include/auth/mysql.php');
+require_once ($config['homedir'] . '/include/auth/mysql.php');
 require_once ($config['homedir'] . '/include/functions.php');
 require_once ($config['homedir'] . '/include/functions_db.php');
 require_once ($config['homedir'] . '/include/functions_reporting.php');
 require_once ($config['homedir'] . '/include/functions_graph.php');
 require_once ($config['homedir'] . '/include/functions_custom_graphs.php');
 require_once ($config['homedir'] . '/include/functions_modules.php');
+require_once ($config['homedir'] . '/include/functions_agents.php');
+require_once ($config['homedir'] . '/include/functions_tags.php');
 
 check_login();
 
@@ -36,7 +38,7 @@ $params = json_decode($params_json, true);
 
 // Metaconsole connection to the node
 $server_id = (int) (isset($params['server']) ? $params['server'] : 0);
-if (!empty($server_id) && function_exists("metaconsole_get_connection_by_id")) {
+if ($config["metaconsole"] && !empty($server_id)) {
 	$server = metaconsole_get_connection_by_id($server_id);
 
 	// Error connecting
@@ -110,15 +112,24 @@ $interface_traffic_modules = array(
 		// ACL
 		$permission = false;
 		$agent_group = (int) agents_get_agent_group($agent_id);
+		$strict_user = (bool) db_get_value("strict_acl", "tusuario", "id_user", $config['id_user']);
 		
 		// The traffic modules should belong to the agent id
 		$in_agent_id = (int) db_get_value("id_agente", "tagente_modulo", "id_agente_modulo", $params['traffic_module_in']);
 		$out_agent_id = (int) db_get_value("id_agente", "tagente_modulo", "id_agente_modulo", $params['traffic_module_out']);
 		$traffic_modules_belong_to_agent = $agent_id == $in_agent_id && $agent_id == $out_agent_id;
 		
-		if (!empty($agent_group) && !empty($params['traffic_module_in']) && !empty($params['traffic_module_out'])
-				&& $traffic_modules_belong_to_agent && check_acl($config['id_user'], $agent_group, "RR")) {
-			$permission = true;
+		if (!empty($agent_group) && !empty($params['traffic_module_in'])
+				&& !empty($params['traffic_module_out']) && $traffic_modules_belong_to_agent) {
+			
+			if ($strict_user) {
+				if (tags_check_acl_by_module($params['traffic_module_in'], $config['id_user'], 'RR') === true
+						&& tags_check_acl_by_module($params['traffic_module_out'], $config['id_user'], 'RR') === true)
+					$permission = true;
+			}
+			else {
+				$permission = check_acl($config['id_user'], $agent_group, "RR");
+			}
 		}
 		
 		if (!$permission) {