From c2114333210af041b39a78b570798aca6b2827b9 Mon Sep 17 00:00:00 2001 From: fermin831 Date: Mon, 29 Oct 2018 11:02:43 +0100 Subject: [PATCH 1/4] Added API function get user_profiles_info --- pandora_console/include/functions_api.php | 52 +++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 479929c619..4f2d06961e 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -8720,6 +8720,58 @@ function api_set_delete_user_profile($id, $thrash1, $other, $thrash2) { returnData('string', array('type' => 'string', 'data' => __('Delete user profile.'))); } +/** + * List all user profiles. + * + * api.php?op=get&op2=user_profiles_info&return_type=json&apipass=1234&user=admin&pass=pandora + */ +function api_get_user_profiles_info ($thrash1, $thrash2, $thrash3, $returnType) { + global $config; + + if (!check_acl($config['id_user'], 0, "PM")){ + returnError('forbidden', 'string'); + return; + } + + $profiles = db_get_all_rows_filter( + 'tperfil', + array(), + array( + "id_perfil", + "name", + "incident_view as IR", + "incident_edit as IW", + "incident_management as IM", + "agent_view as AR", + "agent_edit as AW", + "agent_disable as AD", + "alert_edit as LW", + "alert_management as LM", + "user_management as UM", + "db_management as DM", + "event_view as ER", + "event_edit as EW", + "event_management as EM", + "report_view as RR", + "report_edit as RW", + "report_management as RM", + "map_view as MR", + "map_edit as MW", + "map_management as MM", + "vconsole_view as VR", + "vconsole_edit as VW", + "vconsole_management as VM", + "pandora_management as PM" + ) + ); + + if ($profiles === false) { + returnError('error_list_profiles', __('Error retrieving profiles')); + } else { + returnData($returnType, array('type' => 'array', 'data' => $profiles)); + } +} + /** * Create new incident in Pandora. * From 4f02d72630c5633297da05bb6469a4c7deb4ccac Mon Sep 17 00:00:00 2001 From: fermin831 Date: Mon, 29 Oct 2018 12:22:08 +0100 Subject: [PATCH 2/4] Added API function set create_user_profile_info --- pandora_console/include/functions_api.php | 53 ++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 4f2d06961e..830edaf85c 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -8772,9 +8772,60 @@ function api_get_user_profiles_info ($thrash1, $thrash2, $thrash3, $returnType) } } +/** + * Create an user profile. + * + * @param array Serialized parameters: name|IR|IW|IM|AR|AW|AD|LW|LM|UM|DM|ER|EW|EM|RR|RW|RM|MR|MW|MM|VR|VW|VM|PM + * + * api.php?op=set&op2=create_user_profile_info&return_type=json&other=API_profile%7C1%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C0&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora + */ +function api_set_create_user_profile_info ($thrash1, $thrash2, $other, $returnType) { + global $config; + + if (!check_acl($config['id_user'], 0, "PM")){ + returnError('forbidden', 'string'); + return; + } + + $values = array( + 'name' => (string)$other['data'][0], + 'incident_view' => (bool)$other['data'][1] ? 1 : 0, + 'incident_edit' => (bool)$other['data'][2] ? 1 : 0, + 'incident_management' => (bool)$other['data'][3] ? 1 : 0, + 'agent_view' => (bool)$other['data'][4] ? 1 : 0, + 'agent_edit' => (bool)$other['data'][5] ? 1 : 0, + 'agent_disable' => (bool)$other['data'][6] ? 1 : 0, + 'alert_edit' => (bool)$other['data'][7] ? 1 : 0, + 'alert_management' => (bool)$other['data'][8] ? 1 : 0, + 'user_management' => (bool)$other['data'][9] ? 1 : 0, + 'db_management' => (bool)$other['data'][10] ? 1 : 0, + 'event_view' => (bool)$other['data'][11] ? 1 : 0, + 'event_edit' => (bool)$other['data'][12] ? 1 : 0, + 'event_management' => (bool)$other['data'][13] ? 1 : 0, + 'report_view' => (bool)$other['data'][14] ? 1 : 0, + 'report_edit' => (bool)$other['data'][15] ? 1 : 0, + 'report_management' => (bool)$other['data'][16] ? 1 : 0, + 'map_view' => (bool)$other['data'][17] ? 1 : 0, + 'map_edit' => (bool)$other['data'][18] ? 1 : 0, + 'map_management' => (bool)$other['data'][19] ? 1 : 0, + 'vconsole_view' => (bool)$other['data'][20] ? 1 : 0, + 'vconsole_edit' => (bool)$other['data'][21] ? 1 : 0, + 'vconsole_management' => (bool)$other['data'][22] ? 1 : 0, + 'pandora_management' => (bool)$other['data'][23] ? 1 : 0 + ); + + $return = db_process_sql_insert('tperfil', $values); + + if ($return === false) { + returnError('error_create_user_profile_info', __('Error creating user profile')); + } else { + returnData($returnType, array('type' => 'array', 'data' => 1)); + } +} + /** * Create new incident in Pandora. - * + * * @param $thrash1 Don't use. * @param $thrash2 Don't use. * @param array $other it's array, $other as param is ;<description>; From bf7cdcc7ff0db80a695e53759f71106e3178473a Mon Sep 17 00:00:00 2001 From: fermin831 <fermin.hernandez@artica.es> Date: Mon, 29 Oct 2018 12:45:03 +0100 Subject: [PATCH 3/4] Added API function set update_user_profile_info --- pandora_console/include/functions_api.php | 70 ++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 830edaf85c..834f25c199 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -8723,6 +8723,11 @@ function api_set_delete_user_profile($id, $thrash1, $other, $thrash2) { /** * List all user profiles. * + * @param Reserved $thrash1 + * @param Reserved $thrash2 + * @param Reserved $thrash3 + * @param string Return type (csv, json, string...) + * * api.php?op=get&op2=user_profiles_info&return_type=json&apipass=1234&user=admin&pass=pandora */ function api_get_user_profiles_info ($thrash1, $thrash2, $thrash3, $returnType) { @@ -8775,7 +8780,10 @@ function api_get_user_profiles_info ($thrash1, $thrash2, $thrash3, $returnType) /** * Create an user profile. * - * @param array Serialized parameters: name|IR|IW|IM|AR|AW|AD|LW|LM|UM|DM|ER|EW|EM|RR|RW|RM|MR|MW|MM|VR|VW|VM|PM + * @param Reserved $thrash1 + * @param Reserved $thrash2 + * @param array parameters in array: name|IR|IW|IM|AR|AW|AD|LW|LM|UM|DM|ER|EW|EM|RR|RW|RM|MR|MW|MM|VR|VW|VM|PM + * @param string Return type (csv, json, string...) * * api.php?op=set&op2=create_user_profile_info&return_type=json&other=API_profile%7C1%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C0&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora */ @@ -8823,6 +8831,66 @@ function api_set_create_user_profile_info ($thrash1, $thrash2, $other, $returnTy } } +/** + * Update an user profile. + * + * @param int Profile id + * @param Reserved $thrash2 + * @param array parameters in array: name|IR|IW|IM|AR|AW|AD|LW|LM|UM|DM|ER|EW|EM|RR|RW|RM|MR|MW|MM|VR|VW|VM|PM + * @param string Return type (csv, json, string...) + * + * api.php?op=set&op2=create_user_profile_info&return_type=json&other=API_profile%7C1%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C0&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora + */ +function api_set_update_user_profile_info ($id_profile, $thrash2, $other, $returnType) { + global $config; + + if (!check_acl($config['id_user'], 0, "PM")){ + returnError('forbidden', 'string'); + return; + } + + $profile = db_get_row ('tperfil', 'id_perfil', $id_profile); + if ($profile === false) { + returnError('id_not_found', 'string'); + return; + } + + $values = array( + 'name' => $other['data'][0] == '' ? $profile['name'] : (string)$other['data'][0], + 'incident_view' => $other['data'][1] == '' ? $profile['incident_view'] : (bool)$other['data'][1] ? 1 : 0, + 'incident_edit' => $other['data'][2] == '' ? $profile['incident_edit'] : (bool)$other['data'][2] ? 1 : 0, + 'incident_management' => $other['data'][3] == '' ? $profile['incident_management'] : (bool)$other['data'][3] ? 1 : 0, + 'agent_view' => $other['data'][4] == '' ? $profile['agent_view'] : (bool)$other['data'][4] ? 1 : 0, + 'agent_edit' => $other['data'][5] == '' ? $profile['agent_edit'] : (bool)$other['data'][5] ? 1 : 0, + 'agent_disable' => $other['data'][6] == '' ? $profile['agent_disable'] : (bool)$other['data'][6] ? 1 : 0, + 'alert_edit' => $other['data'][7] == '' ? $profile['alert_edit'] : (bool)$other['data'][7] ? 1 : 0, + 'alert_management' => $other['data'][8] == '' ? $profile['alert_management'] : (bool)$other['data'][8] ? 1 : 0, + 'user_management' => $other['data'][9] == '' ? $profile['user_management'] : (bool)$other['data'][9] ? 1 : 0, + 'db_management' => $other['data'][10] == '' ? $profile['db_management'] : (bool)$other['data'][10] ? 1 : 0, + 'event_view' => $other['data'][11] == '' ? $profile['event_view'] : (bool)$other['data'][11] ? 1 : 0, + 'event_edit' => $other['data'][12] == '' ? $profile['event_edit'] : (bool)$other['data'][12] ? 1 : 0, + 'event_management' => $other['data'][13] == '' ? $profile['event_management'] : (bool)$other['data'][13] ? 1 : 0, + 'report_view' => $other['data'][14] == '' ? $profile['report_view'] : (bool)$other['data'][14] ? 1 : 0, + 'report_edit' => $other['data'][15] == '' ? $profile['report_edit'] : (bool)$other['data'][15] ? 1 : 0, + 'report_management' => $other['data'][16] == '' ? $profile['report_management'] : (bool)$other['data'][16] ? 1 : 0, + 'map_view' => $other['data'][17] == '' ? $profile['map_view'] : (bool)$other['data'][17] ? 1 : 0, + 'map_edit' => $other['data'][18] == '' ? $profile['map_edit'] : (bool)$other['data'][18] ? 1 : 0, + 'map_management' => $other['data'][19] == '' ? $profile['map_management'] : (bool)$other['data'][19] ? 1 : 0, + 'vconsole_view' => $other['data'][20] == '' ? $profile['vconsole_view'] : (bool)$other['data'][20] ? 1 : 0, + 'vconsole_edit' => $other['data'][21] == '' ? $profile['vconsole_edit'] : (bool)$other['data'][21] ? 1 : 0, + 'vconsole_management' => $other['data'][22] == '' ? $profile['vconsole_management'] : (bool)$other['data'][22] ? 1 : 0, + 'pandora_management' => $other['data'][23] == '' ? $profile['pandora_management'] : (bool)$other['data'][23] ? 1 : 0 + ); + + $return = db_process_sql_update('tperfil', $values, array('id_perfil' => $id_profile)); + + if ($return === false) { + returnError('error_update_user_profile_info', __('Error updating user profile')); + } else { + returnData($returnType, array('type' => 'array', 'data' => 1)); + } +} + /** * Create new incident in Pandora. * From c7a624000e09b9fa0bb5cc2ea6dc41d1bea0e433 Mon Sep 17 00:00:00 2001 From: fermin831 <fermin.hernandez@artica.es> Date: Mon, 29 Oct 2018 13:34:30 +0100 Subject: [PATCH 4/4] Added API function set delete_user_profile_info --- .../godmode/users/profile_list.php | 41 +++++-------------- pandora_console/include/functions_api.php | 39 ++++++++++++++++-- pandora_console/include/functions_profile.php | 14 +++++++ 3 files changed, 60 insertions(+), 34 deletions(-) diff --git a/pandora_console/godmode/users/profile_list.php b/pandora_console/godmode/users/profile_list.php index c009da746f..38c18f4303 100644 --- a/pandora_console/godmode/users/profile_list.php +++ b/pandora_console/godmode/users/profile_list.php @@ -66,40 +66,19 @@ $id_profile = (int) get_parameter ('id'); // Profile deletion if ($delete_profile) { - - $count_users_admin_in_profile = db_get_value_sql(" - SELECT COUNT(*) - FROM tusuario - WHERE is_admin = 1 AND id_user IN ( - SELECT id_usuario - FROM tusuario_perfil - WHERE id_perfil = " . $id_profile . ")"); - - if ($count_users_admin_in_profile >= 1) { - ui_print_error_message( - __('Unsucessful delete profile. Because the profile is used by some admin users.')); + // Delete profile + $profile = db_get_row('tperfil', 'id_perfil', $id_profile); + $ret = profile_delete_profile_and_clean_users ($id_profile); + if ($ret === false) { + ui_print_error_message(__('There was a problem deleting the profile')); } else { - // Delete profile - $profile = db_get_row('tperfil', 'id_perfil', $id_profile); - $sql = sprintf ('DELETE FROM tperfil WHERE id_perfil = %d', $id_profile); - $ret = db_process_sql ($sql); - if ($ret === false) { - ui_print_error_message(__('There was a problem deleting the profile')); - } - else { - db_pandora_audit("Profile management", - "Delete profile ". $profile['name']); - - ui_print_success_message(__('Successfully deleted')); - } - - //Delete profile from user data - $sql = sprintf ('DELETE FROM tusuario_perfil WHERE id_perfil = %d', $id_profile); - db_process_sql ($sql); - - $id_profile = 0; + db_pandora_audit("Profile management", + "Delete profile ". $profile['name']); + ui_print_success_message(__('Successfully deleted')); } + + $id_profile = 0; } // Store the variables when create or update diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index 834f25c199..e34148bd42 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -8835,13 +8835,13 @@ function api_set_create_user_profile_info ($thrash1, $thrash2, $other, $returnTy * Update an user profile. * * @param int Profile id - * @param Reserved $thrash2 + * @param Reserved $thrash1 * @param array parameters in array: name|IR|IW|IM|AR|AW|AD|LW|LM|UM|DM|ER|EW|EM|RR|RW|RM|MR|MW|MM|VR|VW|VM|PM * @param string Return type (csv, json, string...) * - * api.php?op=set&op2=create_user_profile_info&return_type=json&other=API_profile%7C1%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C1%7C0%7C0%7C0&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora + * api.php?op=set&op2=update_user_profile_info&return_type=json&id=6&other=API_profile_updated%7C%7C%7C%7C1%7C1%7C1%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora */ -function api_set_update_user_profile_info ($id_profile, $thrash2, $other, $returnType) { +function api_set_update_user_profile_info ($id_profile, $thrash1, $other, $returnType) { global $config; if (!check_acl($config['id_user'], 0, "PM")){ @@ -8891,6 +8891,39 @@ function api_set_update_user_profile_info ($id_profile, $thrash2, $other, $retur } } +/** + * Delete an user profile. + * + * @param int Profile id + * @param Reserved $thrash1 + * @param Reserved $thrash2 + * @param string Return type (csv, json, string...) + * + * api.php?op=set&op2=delete_user_profile_info&return_type=json&id=7&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora + */ +function api_set_delete_user_profile_info ($id_profile, $thrash1, $thrash2, $returnType) { + global $config; + + if (!check_acl($config['id_user'], 0, "PM")){ + returnError('forbidden', 'string'); + return; + } + + $profile = db_get_value ('id_perfil', 'tperfil', 'id_perfil', $id_profile); + if ($profile === false) { + returnError('id_not_found', 'string'); + return; + } + + $return = profile_delete_profile_and_clean_users($id_profile); + + if ($return === false) { + returnError('error_delete_user_profile_info', __('Error deleting user profile')); + } else { + returnData($returnType, array('type' => 'array', 'data' => 1)); + } +} + /** * Create new incident in Pandora. * diff --git a/pandora_console/include/functions_profile.php b/pandora_console/include/functions_profile.php index 62306ec060..e449b6cd75 100644 --- a/pandora_console/include/functions_profile.php +++ b/pandora_console/include/functions_profile.php @@ -144,6 +144,20 @@ function profile_delete_profile ($id_profile) { return (bool)db_process_sql_delete('tperfil', array('id_perfil' => $id_profile)); } +/** + * Delete profile from database and remove from the assigned users (tusuario_perfil) + * + * @param int Profile ID + * + * @return bool Whether or not it's deleted in both tables + */ +function profile_delete_profile_and_clean_users ($id_profile) { + return + (bool)db_process_sql_delete('tperfil', array('id_perfil' => $id_profile)) && + (bool)db_process_sql_delete('tusuario_perfil', array('id_perfil' => $id_profile)) + ; +} + /** * Print the table to display, create and delete profiles *