From ccb477821771a719107a075a177e80142f20aeb7 Mon Sep 17 00:00:00 2001
From: alejandro-campos <alejandro.campos@artica.es>
Date: Mon, 17 Dec 2018 18:18:17 +0100
Subject: [PATCH] implemented api functions to create/update/delete/list event
 filters

Former-commit-id: f6b5c092622d74dee4fd587f259e6c286cd9c180
---
 pandora_console/include/functions_api.php | 439 ++++++++++++++++++++++
 1 file changed, 439 insertions(+)

diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php
index 53479ae7ed..36c8394b84 100644
--- a/pandora_console/include/functions_api.php
+++ b/pandora_console/include/functions_api.php
@@ -11852,6 +11852,445 @@ function api_get_cluster_items ($cluster_id){
 	}
 }
 
+
+/**
+ * Create an event filter.
+ * 
+ * @param string $id Name of event filter to add.
+ * @param $thrash1 Don't use.
+ * @param array $other it's array, $other as param is<id_group_filter>;<id_group>;<event_type>;
+ *  <severity>;<event_status>;<free_search>;<agent_search_id>;<pagination_size>;<max_hours_old>;<id_user_ack>;<duplicate>;
+ *  <date_from>;<date_to>;<events_with_tags>;<events_without_tags>;<alert_events>;<module_search_id>;<source>;
+ *  <id_extra>;<user_comment> in this order
+ *  and separator char (after text ; ) and separator (pass in param othermode as othermode=url_encode_separator_<separator>)
+ *  
+ * 	example: api.php?op=set&op2=create_event_filter&id=test&other=||error|4|||1||12|||2018-12-09|2018-12-13|[%226%22]|[%2210%22,%226%22,%223%22]|1|10|||&other_mode=url_encode_separator_|
+ * 
+ *    
+ * @param $thrash3 Don't use
+ */
+function api_set_create_event_filter($name, $thrash1, $other, $thrash3) {
+	
+	if ($name == "") {
+		returnError('error_create_event_filter',
+			__('Error creating event filter. Event filter name cannot be left blank.'));
+		return;
+	}
+
+	$event_w = check_acl ($config['id_user'], 0, "EW");
+	$event_m = check_acl ($config['id_user'], 0, "EM");
+	$access = ($event_w == true) ? 'EW' : (($event_m == true) ? 'EM' : 'EW');
+	
+	$event_filter_name = $name;
+
+	$user_groups = users_get_groups ($config['id_user'], "AR", true);
+
+	$id_group_filter = (array_key_exists($other['data'][0], $user_groups)) ? $other['data'][0] : 0;
+
+	$id_group = (array_key_exists($other['data'][1], $user_groups)) ? $other['data'][1] : 0;
+
+	$event_type = (array_key_exists($other['data'][2], get_event_types ()) || $other['data'][2]=='') ? $other['data'][2] : '';
+
+	$severity = (array_key_exists($other['data'][3], get_priorities()) || $other['data'][3]==-1) ? $other['data'][3] : -1;
+
+	$status = (array_key_exists($other['data'][4], events_get_all_status()) || $other['data'][4]==-1) ? $other['data'][4] : -1;
+
+	if (!is_numeric($other['data'][6]) || empty($other['data'][6])) {
+		$text_agent = '';
+		$id_agent = 0;
+	}
+	else {
+		$filter = array ();
+
+		if ($id_group == 0)
+			$filter['id_grupo'] = array_keys ($user_groups);
+		else
+			$filter['id_grupo'] = $id_group;
+
+		$filter[] = '(id_agente = '.$other["data"][6].')';
+		$agent = agents_get_agents($filter, array ('id_agente'));
+
+		if ($agent === false)
+			$text_agent = '';
+		else {
+			$sql = sprintf('SELECT alias
+				FROM tagente
+				WHERE id_agente = %d', $agent[0]['id_agente']);
+
+			$id_agent = $other["data"][6];
+			$text_agent = db_get_value_sql($sql);
+		}
+	}
+
+	$pagination = (in_array($other['data'][7], [20,25,50,100,200,500])) ? $other['data'][7] : 20;
+
+	$users = users_get_user_users($config['id_user'], $access, users_can_manage_group_all());
+
+	$id_user_ack = (in_array($other['data'][9], $users)) ? $other['data'][9] : 0;
+
+	$group_rep = ($other['data'][10] == 0 || $other['data'][10] == 1) ? $other['data'][10] : 0;
+
+	$date_from = (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/",$other['data'][11])) ? $other['data'][11] : '0000-00-00';
+
+	$date_to = (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/",$other['data'][12])) ? $other['data'][12] : '0000-00-00';
+
+	$tag_with = (preg_match('/^\[(("\d+"((,|\])("\d+"))+)|"\d+")\]$/', io_safe_output($other['data'][13]))) ? $other['data'][13] : '[]';
+
+	$tag_without = (preg_match('/^\[(("\d+"((,|\])("\d+"))+)|"\d+")\]$/', io_safe_output($other['data'][14]))) ? $other['data'][14] : '[]';
+
+	$filter_only_alert = (in_array($other['data'][15], [-1,0,1])) ? $other['data'][15] : -1;
+
+	if (!is_numeric($other['data'][16]) || empty($other['data'][16]))
+		$id_agent_module = 0;
+	else {
+		$groups = array();
+
+		$groups = users_get_groups($config['id_user'], "AW", false);
+		$groups = array_keys($groups);
+		
+		if (empty($groups)) {
+			$id_groups = 0;
+		}
+		else {
+			$id_groups = implode(',', $groups);
+		}
+		
+		$agents = db_get_all_rows_sql('SELECT id_agente
+			FROM tagente
+			WHERE id_grupo IN (' . $id_groups . ')');
+		
+		if ($agents === false) $agents = array();
+		
+		$id_agents = array();
+		foreach ($agents as $agent) {
+			$id_agents[] = $agent['id_agente'];
+		}
+
+		$filter =  '(' . $other['data'][16] . ')';
+
+		$modules = agents_get_modules($id_agents, false,
+			(array('tagente_modulo.id_agente_modulo in' => $filter)));
+
+		$id_agent_module = (array_key_exists($other['data'][16], $modules)) ? $other['data'][16] : 0;
+	}
+
+	$values = array(
+		'id_group_filter' => $id_group_filter,
+		'id_group' => $id_group,
+		'event_type' => $event_type,
+		'severity' => $severity,
+		'status' => $status,
+		'search' => $other['data'][5],
+		'text_agent' => $text_agent,
+		'id_agent' => $id_agent,
+		'pagination' => $pagination,
+		'event_view_hr' => $other['data'][8],
+		'id_user_ack' => $id_user_ack,
+		'group_rep' => $group_rep,
+		'date_from' => $date_from,
+		'date_to' => $date_to,
+		'tag_with' => $tag_with,
+		'tag_without' => $tag_without,
+		'filter_only_alert' => $filter_only_alert,
+		'id_agent_module' => $id_agent_module,
+		'source' => $other['data'][17],
+		'id_extra' => $other['data'][18],
+		'user_comment' => $other['data'][19]
+	);
+
+	$values['id_name'] = $event_filter_name;
+	
+	$id_filter = db_process_sql_insert('tevent_filter', $values);
+	
+	if ($id_filter === false) {
+		returnError('error_create_event_filter', __('Error creating event filter.'));
+	}
+	else {
+		returnData('string', array('type' => 'string',
+			'data' => __('Event filter successfully created.')));
+	}
+
+}
+
+/**
+ * Update an event filter. And return a message with the result of the operation.
+ * 
+ * @param string $id_event_filter Id of the event filter to update.
+ * @param $thrash1 Don't use.
+ * @param array $other it's array, $other as param is <filter_name>;<id_group>;<event_type>;
+ *  <severity>;<event_status>;<free_search>;<agent_search_id>;<pagination_size>;<max_hours_old>;<id_user_ack>;<duplicate>;
+ *  <date_from>;<date_to>;<events_with_tags>;<events_without_tags>;<alert_events>;<module_search_id>;<source>;
+ *  <id_extra>;<user_comment> in this order
+ *  and separator char (after text ; ) and separator (pass in param othermode as othermode=url_encode_separator_<separator>)
+ * 
+ *  example:
+ * 
+ * api.php?op=set&op2=update_event_filter&id=198&other=new_name|||alert_recovered|||||||||||||||||&other_mode=url_encode_separator_%7C
+ *    
+ * @param $thrash3 Don't use
+ */
+function api_set_update_event_filter($id_event_filter, $thrash1, $other, $thrash3) {
+	global $config;
+
+	if (!check_acl($config['id_user'], 0, "LM")) {
+		returnError('forbidden', 'string');
+		return;
+	}
+
+	if ($id_event_filter == "") {
+		returnError('error_update_event_filter',
+			__('Error updating event filter. Event filter ID cannot be left blank.'));
+		return;
+	}
+	
+	$sql = "SELECT * FROM tevent_filter WHERE id_filter=$id_event_filter";
+	$result_event_filter = db_get_row_sql($sql);
+	
+	if (!$result_event_filter) {
+		returnError('error_update_event_filter',
+			__('Error updating event filter. Event filter ID doesn\'t exist.'));
+		return;
+	}
+
+	$values = array();
+
+	for ($i=0; $i<21; $i++) {
+		if ($other['data'][$i] != "") {
+			switch ($i) {
+				case 0:
+					$values['id_name'] = $other['data'][0];
+					break;
+				case 1:
+					$user_groups = users_get_groups ($config['id_user'], "AR", true);
+					$values['id_group_filter'] = (array_key_exists($other['data'][1], $user_groups)) ? $other['data'][1] : 0;
+					break;
+				case 2:
+					$user_groups = users_get_groups ($config['id_user'], "AR", true);
+					$values['id_group'] = (array_key_exists($other['data'][2], $user_groups)) ? $other['data'][2] : 0;
+					break;
+				case 3:
+					$values['event_type'] = (array_key_exists($other['data'][3], get_event_types ()) || $other['data'][3]=='') ? $other['data'][3] : '';
+					break;
+				case 4:
+					$values['severity'] = (array_key_exists($other['data'][4], get_priorities()) || $other['data'][4]==-1) ? $other['data'][4] : -1;
+					break;
+				case 5:
+					$values['status'] = (array_key_exists($other['data'][5], events_get_all_status()) || $other['data'][5]==-1) ? $other['data'][5] : -1;
+					break;
+				case 6:
+					$values['search'] = $other['data'][6];
+					break;
+				case 7:
+					$user_groups = users_get_groups ($config['id_user'], "AR", true);
+
+					if (!is_numeric($other['data'][7]) || empty($other['data'][7])) {
+						$values['text_agent'] = '';
+						$values['id_agent'] = 0;
+					}
+					else {
+
+						$filter = array ();
+
+						if ($id_group == 0)
+							$filter['id_grupo'] = array_keys ($user_groups);
+						else
+							$filter['id_grupo'] = $id_group;
+
+						$filter[] = '(id_agente = '.$other["data"][7].')';
+						$agent = agents_get_agents($filter, array ('id_agente'));
+
+						if ($agent === false)
+							$values['text_agent'] = '';
+						else {
+							$sql = sprintf('SELECT alias
+								FROM tagente
+								WHERE id_agente = %d', $agent[0]['id_agente']);
+
+							$values['id_agent'] = $other["data"][7];
+							$values['text_agent'] = db_get_value_sql($sql);
+						}
+					}
+					break;
+				case 8:
+					$values['pagination'] = (in_array($other['data'][8], [20,25,50,100,200,500])) ? $other['data'][8] : 20;
+					break;
+				case 9:
+					$values['event_view_hr'] = $other['data'][9];
+					break;
+				case 10:
+
+					$event_w = check_acl ($config['id_user'], 0, "EW");
+					$event_m = check_acl ($config['id_user'], 0, "EM");
+					$access = ($event_w == true) ? 'EW' : (($event_m == true) ? 'EM' : 'EW');
+
+					$users = users_get_user_users($config['id_user'], $access, users_can_manage_group_all());
+
+					$values['id_user_ack'] = (in_array($other['data'][10], $users)) ? $other['data'][10] : 0;
+					break;
+				case 11:
+					$values['group_rep'] = ($other['data'][11] == 0 || $other['data'][11] == 1) ? $other['data'][11] : 0;
+					break;
+				case 12:
+					$values['date_from'] = (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/",$other['data'][12])) ? $other['data'][12] : '0000-00-00';
+					break;
+				case 13:
+					$values['date_to'] = (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/",$other['data'][13])) ? $other['data'][13] : '0000-00-00';
+					break;
+				case 14:
+				print_r("14444444");
+					$values['tag_with'] = (preg_match('/^\[(("\d+"((,|\])("\d+"))+)|"\d+")\]$/', io_safe_output($other['data'][14]))) ? $other['data'][14] : '[]';	
+					break;
+				case 15:
+				print_r("1555555555");
+					$values['tag_without'] = (preg_match('/^\[(("\d+"((,|\])("\d+"))+)|"\d+")\]$/', io_safe_output($other['data'][15]))) ? $other['data'][15] : '[]';
+					break;
+				case 16:
+					$values['filter_only_alert'] = (in_array($other['data'][16], [-1,0,1])) ? $other['data'][16] : -1;
+					break;
+				case 17:
+					if (!is_numeric($other['data'][17]) || empty($other['data'][17]))
+						$values['id_agent_module'] = 0;
+					else {
+						$groups = array();
+
+						$groups = users_get_groups($config['id_user'], "AW", false);
+						$groups = array_keys($groups);
+						
+						if (empty($groups)) {
+							$id_groups = 0;
+						}
+						else {
+							$id_groups = implode(',', $groups);
+						}
+						
+						$agents = db_get_all_rows_sql('SELECT id_agente
+							FROM tagente
+							WHERE id_grupo IN (' . $id_groups . ')');
+						
+						if ($agents === false) $agents = array();
+						
+						$id_agents = array();
+						foreach ($agents as $agent) {
+							$id_agents[] = $agent['id_agente'];
+						}
+
+						$filter =  '(' . $other['data'][17] . ')';
+
+						$modules = agents_get_modules($id_agents, false,
+							(array('tagente_modulo.id_agente_modulo in' => $filter)));
+
+						$values['id_agent_module'] = (array_key_exists($other['data'][17], $modules)) ? $other['data'][17] : 0;
+					}
+					break;
+				case 18:
+					$values['source'] = $other['data'][18];
+					break;
+				case 19:
+					$values['id_extra'] = $other['data'][19];
+					break;
+				case 20:
+					print_r("adadadasds");
+					$values['user_comment'] = $other['data'][20];
+					break;
+
+			}
+		}
+	}
+
+	$result = db_process_sql_update ('tevent_filter',
+				$values,
+				array ('id_filter' => $id_event_filter));
+
+	if ($result === false) {
+		returnError('error_update_event_filter', __('Error updating event filter.'));
+	}
+	else {
+		returnData('string', array('type' => 'string',
+			'data' => __('Event filter successfully updated.')));
+	}
+
+}
+
+
+/**
+ * Delete an event filter. And return a message with the result of the operation.
+ * 
+ * @param string $id_template Id of the event filter to delete.
+ * @param $thrash1 Don't use.
+ * @param array $other Don't use 
+ * 
+ *  example:
+ * 
+ * api.php?op=set&op2=delete_event_filter&id=38
+ *    
+ * @param $thrash3 Don't use
+ */
+function api_set_delete_event_filter($id_event_filter, $thrash1, $other, $thrash3) {
+	
+	if ($id_event_filter == "") {
+		returnError('error_delete_event_filter',
+			__('Error deleting event_filter. Event filter ID cannot be left blank.'));
+		return;
+	}
+
+	$result = db_process_sql_delete ('tevent_filter',array('id_filter' => $id_event_filter));
+
+	if ($result == 0) {
+		returnError('error_delete_event_filter',
+			__('Error deleting event filter.'));
+	}
+	else {
+		returnData('string', array('type' => 'string',
+			'data' => __('Event filter successfully deleted.')));
+	}
+}
+
+
+/**
+ * Get all event filters, and print all the result like a csv.
+ * 
+ * @param $thrash1 Don't use.
+ * @param $thrash2 Don't use.
+ * @param array $other it's array, but only <csv_separator> is available.
+ *  example:
+ *  
+ *  api.php?op=get&op2=all_event_filters&return_type=csv&other=;
+ * 
+ * @param $thrash3 Don't use.
+ */
+function api_get_all_event_filters($thrash1, $thrash2, $other, $thrash3) {
+	global $config;
+	
+	if (!isset($other['data'][0]))
+		$separator = ';'; // by default
+	else
+		$separator = $other['data'][0];
+
+	if (!check_acl($config["id_user"], 0, "LM")) {
+		returnError("forbidden", "csv");
+		return;
+	}
+
+	$filter = false;
+	
+	$sql = "SELECT * FROM tevent_filter";
+  	$event_filters = db_get_all_rows_sql($sql);
+	
+	if ($event_filters !== false) {
+		$data['type'] = 'array';
+		$data['data'] = $event_filters;
+	}
+	
+	if (!$event_filters) {
+		returnError('error_get_all_event_filters',
+			__('Error getting all event filters.'));
+	}
+	else {
+		returnData('csv', $data, $separator);
+	}
+}
+
+
 /////////////////////////////////////////////////////////////////////
 // AUX FUNCTIONS
 /////////////////////////////////////////////////////////////////////