From ba423c93d80106085d39e234b62db4e9fed2c7b3 Mon Sep 17 00:00:00 2001
From: m-lopez-f <miguel.lopez@artica.es>
Date: Tue, 7 Mar 2017 16:30:01 +0100
Subject: [PATCH] Only view of system event of user that have admin powers.
 Gitlab: #455

---
 pandora_console/include/functions_graph.php   | 73 +++++++++--------
 .../operation/events/event_statistics.php     | 80 ++++++++++---------
 2 files changed, 80 insertions(+), 73 deletions(-)

diff --git a/pandora_console/include/functions_graph.php b/pandora_console/include/functions_graph.php
index 95a56af319..b5c8567b2b 100644
--- a/pandora_console/include/functions_graph.php
+++ b/pandora_console/include/functions_graph.php
@@ -2993,12 +2993,29 @@ function graphic_incident_source($width = 320, $height = 200) {
 		$config['fontpath'], $config['font_size']);
 }
 
-function graph_events_validated($width = 300, $height = 200, $url = "", $meta = false, $history = false) {
+function graph_events_validated($width = 300, $height = 200, $extra_filters = array(), $meta = false, $history = false) {
 	global $config;
 	global $graphic_type;
 	
+	$event_type = false;
+	if (array_key_exists('event_type', $extra_filters))
+		$event_type = $extra_filters['event_type'];
+	
+	$event_severity = false;
+	if (array_key_exists('event_severity', $extra_filters))
+		$event_severity = $extra_filters['event_severity'];
+	
+	$event_status = false;
+	if (array_key_exists('event_status', $extra_filters))
+		$event_status = $extra_filters['event_status'];
+	
+	$event_filter_search = false;
+	if (array_key_exists('event_filter_search', $extra_filters))
+		$event_filter_search = $extra_filters['event_filter_search'];
+	
 	$data_graph = events_get_count_events_validated(
-		array('id_group' => array_keys(users_get_groups())));
+		array('id_group' => array_keys(users_get_groups())), null, null, 
+		$event_severity, $event_type, $event_status, $event_filter_search);
 	
 	$colors = array();
 	foreach ($data_graph as $k => $v) {
@@ -3085,25 +3102,12 @@ function grafico_eventos_grupo ($width = 300, $height = 200, $url = "", $meta =
 	//This will give the distinct id_agente, give the id_grupo that goes
 	//with it and then the number of times it occured. GROUP BY statement
 	//is required if both DISTINCT() and COUNT() are in the statement 
-	switch ($config["dbtype"]) {
-		case "mysql":
-		case "postgresql":
-			$sql = sprintf ('SELECT DISTINCT(id_agente) AS id_agente,
+	$sql = sprintf ('SELECT DISTINCT(id_agente) AS id_agente,
 					COUNT(id_agente) AS count'.$field_extra.'
 				FROM '.$event_table.'
 				WHERE 1=1 %s %s
 				GROUP BY id_agente'.$groupby_extra.'
 				ORDER BY count DESC LIMIT 8', $url, $tags_condition);
-			break;
-		case "oracle":
-			$sql = sprintf ('SELECT DISTINCT(id_agente) AS id_agente,
-					id_grupo, COUNT(id_agente) AS count'.$field_extra.'
-				FROM '.$event_table.'
-				WHERE rownum <= 8 %s %s
-				GROUP BY id_agente, id_grupo'.$groupby_extra.'
-				ORDER BY count DESC', $url, $tags_condition); 
-			break;
-	}
 	
 	$result = db_get_all_rows_sql ($sql, false, false);
 	if ($result === false) {
@@ -3250,9 +3254,14 @@ function grafico_eventos_total($filter = "", $width = 320, $height = 200, $noWat
 	$legend = array ();
 	$total = 0;
 	
-	$sql = "SELECT criticity, COUNT(id_evento) events
-		FROM tevento
-		GROUP BY criticity ORDER BY events DESC";
+	$where = '';
+	if (!users_is_admin()) {
+		$where = 'WHERE event_type NOT IN (\'recon_host_detected\', \'system\',\'error\', \'new_agent\', \'configuration_change\')';
+	}
+	
+	$sql = sprintf("SELECT criticity, COUNT(id_evento) events
+		FROM tevento %s 
+		GROUP BY criticity ORDER BY events DESC", $where);
 	
 	$criticities = db_get_all_rows_sql ($sql, false, false);
 	
@@ -3319,23 +3328,17 @@ function grafico_eventos_usuario ($width, $height) {
 	
 	$data = array ();
 	$max_items = 5;
-	switch ($config["dbtype"]) {
-		case "mysql":
-		case "postgresql":
-			$sql = sprintf ('SELECT COUNT(id_evento) events, id_usuario
-				FROM tevento
-				GROUP BY id_usuario
-				ORDER BY 1 DESC LIMIT %d', $max_items);
-			break;
-		case "oracle":
-			$sql = sprintf ('SELECT *
-				FROM (SELECT COUNT(id_evento) events, id_usuario
-					FROM tevento
-					GROUP BY id_usuario
-					ORDER BY 1 DESC)
-				WHERE rownum <= %d', $max_items);
-			break;
+	
+	$where = '';
+	if (!users_is_admin()) {
+		$where = 'WHERE event_type NOT IN (\'recon_host_detected\', \'system\',\'error\', \'new_agent\', \'configuration_change\')';
 	}
+	
+	$sql = sprintf ('SELECT COUNT(id_evento) events, id_usuario
+				FROM tevento %s
+				GROUP BY id_usuario
+				ORDER BY 1 DESC LIMIT %d', $where, $max_items);
+	
 	$events = db_get_all_rows_sql ($sql);
 	
 	if ($events === false) {
diff --git a/pandora_console/operation/events/event_statistics.php b/pandora_console/operation/events/event_statistics.php
index 2951a4e613..7214d6de7b 100644
--- a/pandora_console/operation/events/event_statistics.php
+++ b/pandora_console/operation/events/event_statistics.php
@@ -31,52 +31,56 @@ if (! check_acl ($config['id_user'], 0, "ER") && ! check_acl ($config['id_user']
 //header
 ui_print_page_header (__('Statistics'), "images/op_events.png",false, false);
 echo "<table width=95%>";
-echo "<tr>";
 
-echo "<td valign='top'>";
-echo "<h3>" . __('Event graph') . "</h3>";
-echo "</td>";
+	echo "<tr>";
+		echo "<td valign='top'>";
+			echo "<h3>" . __('Event graph') . "</h3>";
+		echo "</td>";
 
-echo "<td valign='top'>";
-echo "<h3>" . __('Event graph by user') . "</h3>";
-echo "</td>";
+		echo "<td valign='top'>";
+			echo "<h3>" . __('Event graph by user') . "</h3>";
+		echo "</td>";
+	echo "</tr>";
 
-echo "</tr>";
+	echo "<tr>";
+		echo "<td valign='top'>";
+			echo grafico_eventos_total();
+		echo "</td>";
 
-echo "<tr>";
+		echo "<td valign='top'>";
+			echo grafico_eventos_usuario(300, 200);
+		echo "</td>";
+	echo "</tr>";
 
-echo "<td valign='top'>";
-echo grafico_eventos_total();
-echo "</td>";
+	echo "<tr>";
+		echo "<td valign='top'>";
+			echo "<h3>" . __('Event graph by agent') . "</h3>";
+		echo "</td>";
 
-echo "<td valign='top'>";
-echo grafico_eventos_usuario(300, 200);
-echo "</td>";
+		echo "<td valign='top'>";
+			echo "<h3>" . __('Amount events validated') . "</h3>";
+		echo "</td>";
+	echo "</tr>";
 
-echo "</tr>";
+	$where = '';
+	if (!users_is_admin()) {
+		$where = 'AND event_type NOT IN (\'recon_host_detected\', \'system\',\'error\', \'new_agent\', \'configuration_change\')';
+	}
+	echo "<tr>";
+		echo "<td valign='top'>";
+			echo grafico_eventos_grupo(300, 200, $where);
+		echo "</td>";
 
-echo "<tr>";
+		echo "<td valign='top'>";
+			$extra_filter = array();
+			if (!users_is_admin())  {
+				$extra_filter['event_type'] = array('unknown','alert_fired','alert_recovered',
+								'alert_ceased','alert_manual_validation', 'critical',
+								'warning','normal');
+			}
+			echo graph_events_validated(300, 200, $extra_filter);
+		echo "</td>";
+	echo "</tr>";
 
-echo "<td valign='top'>";
-echo "<h3>" . __('Event graph by agent') . "</h3>";
-echo "</td>";
-
-echo "<td valign='top'>";
-echo "<h3>" . __('Amount events validated') . "</h3>";
-echo "</td>";
-
-echo "</tr>";
-
-echo "<tr>";
-
-echo "<td valign='top'>";
-echo grafico_eventos_grupo(300, 200);
-echo "</td>";
-
-echo "<td valign='top'>";
-echo graph_events_validated(300, 200);
-echo "</td>";
-
-echo "</tr>";
 echo "</table>";
 ?>