tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 16:24:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Visual Console Refactor: acl improvements

Browse Source 
Former-commit-id: f2cd4e7dd12a02eb4cee34f5947566ae37c35e9d
This commit is contained in:
Alejandro Gallardo Escobar 2019-04-12 13:12:12 +02:00
parent 75d0e11dac
commit dc4396622d
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pandora_console/include/rest-api/index.php
View File

@ -17,7 +17,24 @@ $getVisualConsoleItems = (bool) get_parameter('getVisualConsoleItems');
ob_clean(); ob_clean();
if ($getVisualConsole === true) { if ($getVisualConsole === true) {
echo VisualConsole::fromDB(['id' => $visualConsoleId]); $visualConsole = VisualConsole::fromDB(['id' => $visualConsoleId]);
$visualConsoleData = $visualConsole->toArray();
$groupId = $visualConsoleData['groupId'];
// ACL.
$aclRead = check_acl($config['id_user'], $groupId, 'VR');
$aclWrite = check_acl($config['id_user'], $groupId, 'VW');
$aclManage = check_acl($config['id_user'], $groupId, 'VM');
if (!$aclRead && !$aclWrite && !$aclManage) {
db_pandora_audit(
'ACL Violation',
'Trying to access visual console without group access'
);
exit;
}
echo $visualConsole;
} else if ($getVisualConsoleItems === true) { } else if ($getVisualConsoleItems === true) {
echo '['.implode(VisualConsole::getItemsFromDB($visualConsoleId), ',').']'; echo '['.implode(VisualConsole::getItemsFromDB($visualConsoleId), ',').']';
} }