diff --git a/pandora_console/include/class/Tree.class.php b/pandora_console/include/class/Tree.class.php index 902e964db8..6dc52ea68d 100644 --- a/pandora_console/include/class/Tree.class.php +++ b/pandora_console/include/class/Tree.class.php @@ -325,10 +325,21 @@ class Tree { $user_groups_str = "-1"; $group_acl = ""; if (!$this->strictACL) { - if (!empty($this->userGroups)) { - $user_groups_str = implode(",", array_keys($this->userGroups)); + if (empty($this->userGroups)) { + return; + } + + // Asking for a specific group. + if ($item_for_count !== false) { + if (!isset($this->userGroups[$item_for_count])) { + return; + } + } + // Asking for all groups. + else { + $user_groups_str = implode(",", array_keys($this->userGroups)); + $group_acl = "AND ta.id_grupo IN ($user_groups_str)"; } - $group_acl = "AND ta.id_grupo IN ($user_groups_str)"; } else { if (!empty($this->acltags)) { @@ -1142,7 +1153,7 @@ class Tree { } // If user have not permissions in parent, set parent node to 0 (all) - $user_groups_with_privileges = users_get_groups($config['id_user']); + $user_groups_with_privileges = $this->userGroups; foreach ($groups as $id => $group) { if (!in_array($groups[$id]['parent'], array_keys($user_groups_with_privileges))) { $groups[$id]['parent'] = 0; @@ -1306,7 +1317,7 @@ class Tree { // Get the counters of the group (special case) if ($processed_item['type'] == 'group') { - $counters = $this->getCounters($item['id']); + $counters = $this->getGroupCounters($item['id']); if (!empty($counters)) { foreach ($counters as $type => $value) { $item[$type] = $value; @@ -2608,6 +2619,50 @@ class Tree { return $tree_modules; } + protected function getGroupCounters($group_id) { + global $config; + static $group_stats = false; + + # Do not use the group stat cache when using tags or real time group stats. + if ($config['realtimestats'] == 1 || (isset($this->userGroups[$group_id]['tags']) && $this->userGroups[$group_id]['tags'] != "")) { + return $this->getCounters($group_id); + } + + # Update the group stat cache. + if ( $group_stats === false) { + $group_stats = array(); + $stats = db_get_all_rows_sql('SELECT * FROM tgroup_stat'); + + foreach ($stats as $group) { + if ($group['modules'] > 0) { + $group_stats[$group['id_group']]['total_count'] = $group['modules'] > 0 ? $group['agents'] : 0; + $group_stats[$group['id_group']]['total_critical_count'] = $group['critical']; + $group_stats[$group['id_group']]['total_unknown_count'] = $group['unknown']; + $group_stats[$group['id_group']]['total_warning_count'] = $group['warning']; + $group_stats[$group['id_group']]['total_not_init_count'] = $group['non-init']; + $group_stats[$group['id_group']]['total_normal_count'] = $group['normal']; + $group_stats[$group['id_group']]['total_fired_count'] = $group['alerts_fired']; + } + # Skip groups without modules. + else { + $group_stats[$group['id_group']]['total_count'] = 0; + $group_stats[$group['id_group']]['total_critical_count'] = 0; + $group_stats[$group['id_group']]['total_unknown_count'] = 0; + $group_stats[$group['id_group']]['total_warning_count'] = 0; + $group_stats[$group['id_group']]['total_not_init_count'] = 0; + $group_stats[$group['id_group']]['total_normal_count'] = 0; + $group_stats[$group['id_group']]['total_fired_count'] = 0; + } + } + } + + if ($group_stats !== false && isset($group_stats[$group_id])) { + return $group_stats[$group_id]; + } + + return $this->getCounters($group_id); + } + static function recursive_modules_tree_view (&$new_modules, &$new_modules_child, $i, $child) { foreach ($new_modules as $index => $module) { if ($module['id'] == $child['parent']) { diff --git a/pandora_console/include/functions_users.php b/pandora_console/include/functions_users.php index 13116c6eb8..8e3eac823b 100755 --- a/pandora_console/include/functions_users.php +++ b/pandora_console/include/functions_users.php @@ -161,57 +161,95 @@ function users_get_groups ($id_user = false, $privilege = "AR", $returnAllGroup } } - if (isset($id_groups)) { - //Get recursive id groups - $list_id_groups = array(); - foreach ((array)$id_groups as $id_group) { - $list_id_groups = array_merge($list_id_groups, groups_get_id_recursive($id_group)); + // Check the group cache first. + if (array_key_exists($id_user, $group_cache)) { + $groups = $group_cache[$id_user]; + } else { + // Admin. + if (is_user_admin($id_user)) { + $groups = db_get_all_rows_sql ("SELECT * FROM tgrupo"); + } + // Per-group permissions. + else { + $query = sprintf("SELECT tgrupo.*, tperfil.*, tusuario_perfil.tags FROM tgrupo, tusuario_perfil, tperfil + WHERE (tgrupo.id_grupo = tusuario_perfil.id_grupo OR tusuario_perfil.id_grupo = 0) + AND tusuario_perfil.id_perfil = tperfil.id_perfil + AND tusuario_perfil.id_usuario = '%s'", $id_user); + $groups = db_get_all_rows_sql ($query); + + // Get children groups. + $parent_ids = array(); + $parents = $groups; + $seen = array(); + while (!empty($parents)) { + $children = array(); + foreach ($parents as $parent) { + // Do not process the same parent twice. + if (array_key_exists($parent['id_grupo'], $seen)) { + continue; + } + $seen[$parent['id_grupo']] = 1; + + // Does this group propagate ACLs? + if ($parent['propagate'] == '0') { + continue; + } + + // Save a list of parents in the tree to search for user profiles, including the current parent! + $parent_ids[$parent['id_grupo']] = isset($parent_ids[$parent['parent']]) ? array_merge(array($parent['id_grupo']), $parent_ids[$parent['parent']]) : array($parent['id_grupo']); + + // Get children groups from the DB. + $query = sprintf("SELECT tgrupo.*, tperfil.*, tusuario_perfil.tags FROM tgrupo, tusuario_perfil, tperfil + WHERE tgrupo.parent = %d + AND tusuario_perfil.id_grupo IN (%s) + AND tusuario_perfil.id_perfil = tperfil.id_perfil + AND tusuario_perfil.id_usuario = '%s'", $parent['id_grupo'], join(',', $parent_ids[$parent['id_grupo']]), $id_user); + $local_children = db_get_all_rows_sql ($query); + if (!empty($local_children)) { + $children = array_merge($children, $local_children); + } + } + + if (!empty($children)) { + $groups = array_merge($groups, $children); + } + + // Move down in the hierarchy. + $parents = $children; + } } - - $list_id_groups = array_unique($list_id_groups); - - $groups = db_get_all_rows_filter('tgrupo', array('id_grupo' => $list_id_groups, 'order' => 'parent, nombre')); - } - else { - $groups = db_get_all_rows_in_table ('tgrupo', 'parent, nombre'); + + // Update the group cache. + $group_cache[$id_user] = $groups; } $user_groups = array (); - if (!$groups) { return $user_groups; } if ($returnAllGroup) { //All group - if ($returnAllColumns) { - $groupall = array('id_grupo' => 0, 'nombre' => __('All'), - 'icon' => 'world', 'parent' => 0, 'disabled' => 0, - 'custom_id' => null, 'description' => '', 'propagate' => 0); - } - else { - $groupall = array('id_grupo' => 0, 'nombre' => __("All")); - } + $groupall = array('id_grupo' => 0, 'nombre' => __('All'), + 'icon' => 'world', 'parent' => 0, 'disabled' => 0, + 'custom_id' => null, 'description' => '', 'propagate' => 0); // Add the All group to the beginning to be always the first array_unshift($groups, $groupall); } + $acl_column = get_acl_column($privilege); foreach ($groups as $group) { - if ($privilege === false) { - if ($returnAllColumns) { - $user_groups[$group[$keys_field]] = $group; - } - else { - $user_groups[$group[$keys_field]] = $group['nombre']; - } + + # Check the specific permission column. acl_column is undefined for admins. + if (defined($group[$acl_column]) && $group[$acl_column] != '1') { + continue; } - else if (check_acl($id_user, $group["id_grupo"], $privilege)) { - if ($returnAllColumns) { - $user_groups[$group[$keys_field]] = $group; - } - else { - $user_groups[$group[$keys_field]] = $group['nombre']; - } + + if ($returnAllColumns) { + $user_groups[$group[$keys_field]] = $group; + } + else { + $user_groups[$group[$keys_field]] = $group['nombre']; } }