tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-01 02:54:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

2013-06-04 Miguel de Dios <miguel.dedios@artica.es>

Browse Source 
* godmode/agentes/agent_manager.php, godmode/menu.php,
	godmode/alerts/configure_alert_template.php,
	godmode/alerts/configure_alert_action.php,
	godmode/alerts/alert_templates.php,
	godmode/alerts/alert_actions.php, godmode/groups/group_list.php,
	godmode/groups/configure_group.php, include/functions.php,
	include/functions_profile.php: fixed the ACLs.
	
	Fixes: #2256




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8254 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
mdtrooper 2013-06-04 16:06:58 +00:00
parent bf3dbc3836
commit dd6c1cc7be
11 changed files with 159 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pandora_console/ChangeLog
View File

@ -1,3 +1,15 @@
2013-06-04 Miguel de Dios <miguel.dedios@artica.es>
* godmode/agentes/agent_manager.php, godmode/menu.php,
godmode/alerts/configure_alert_template.php,
godmode/alerts/configure_alert_action.php,
godmode/alerts/alert_templates.php,
godmode/alerts/alert_actions.php, godmode/groups/group_list.php,
godmode/groups/configure_group.php, include/functions.php,
include/functions_profile.php: fixed the ACLs.
Fixes: #2256
2013-06-04 Miguel de Dios <miguel.dedios@artica.es> 2013-06-04 Miguel de Dios <miguel.dedios@artica.es>
* godmode/massive/massive_delete_alerts.php: fixed the delete * godmode/massive/massive_delete_alerts.php: fixed the delete

7
pandora_console/godmode/alerts/alert_actions.php
View File

@ -369,12 +369,19 @@ foreach ($actions as $action) {
$data[0] = '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_action&id='.$action['id'].'&pure='.$pure.'">'. $data[0] = '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_action&id='.$action['id'].'&pure='.$pure.'">'.
$action['name'].'</a>'; $action['name'].'</a>';
$data[1] = ui_print_group_icon ($action["id_group"], true) .'&nbsp;'; $data[1] = ui_print_group_icon ($action["id_group"], true) .'&nbsp;';
$hack_id_group_all = $action["id_group"];
if ($hack_id_group_all == 0) {
//To avoid check all groups instead the pseudo-group all
$hack_id_group_all = -1;
}
if (check_acl($config['id_user'], $hack_id_group_all, "LM")) {
$data[2] = '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/alert_actions&amp;copy_action=1&amp;id='.$action['id'].'&pure='.$pure.'" $data[2] = '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/alert_actions&amp;copy_action=1&amp;id='.$action['id'].'&pure='.$pure.'"
onClick="if (!confirm(\''.__('Are you sure?').'\')) return false;">' . onClick="if (!confirm(\''.__('Are you sure?').'\')) return false;">' .
html_print_image("images/copy.png", true) . '</a>'; html_print_image("images/copy.png", true) . '</a>';
$data[3] = '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/alert_actions&delete_action=1&id='.$action['id'].'&pure='.$pure.'" $data[3] = '<a href="index.php?sec='.$sec.'&sec2=godmode/alerts/alert_actions&delete_action=1&id='.$action['id'].'&pure='.$pure.'"
onClick="if (!confirm(\''.__('Are you sure?').'\')) return false;">'. onClick="if (!confirm(\''.__('Are you sure?').'\')) return false;">'.
html_print_image("images/cross.png", true) . '</a>'; html_print_image("images/cross.png", true) . '</a>';
}
array_push ($table->data, $data); array_push ($table->data, $data);
} }

13
pandora_console/godmode/alerts/alert_templates.php
View File

@ -304,6 +304,12 @@ foreach ($templates as $template) {
$data[1] = ui_print_group_icon ($template["id_group"], true); $data[1] = ui_print_group_icon ($template["id_group"], true);
$data[3] = alerts_get_alert_templates_type_name ($template['type']); $data[3] = alerts_get_alert_templates_type_name ($template['type']);
$hack_id_group_all = $template["id_group"];
if ($hack_id_group_all == 0) {
//To avoid check all groups instead the pseudo-group all
$hack_id_group_all = -1;
}
if (check_acl($config['id_user'], $hack_id_group_all, "LM")) {
$data[4] = '<form method="post" action="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_template&pure='.$pure.'" style="display: inline; float: left">'; $data[4] = '<form method="post" action="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_template&pure='.$pure.'" style="display: inline; float: left">';
$data[4] .= html_print_input_hidden ('duplicate_template', 1, true); $data[4] .= html_print_input_hidden ('duplicate_template', 1, true);
$data[4] .= html_print_input_hidden ('source_id', $template['id'], true); $data[4] .= html_print_input_hidden ('source_id', $template['id'], true);
@ -315,6 +321,10 @@ foreach ($templates as $template) {
$data[4] .= html_print_input_hidden ('id', $template['id'], true); $data[4] .= html_print_input_hidden ('id', $template['id'], true);
$data[4] .= html_print_input_image ('del', 'images/cross.png', 1, '', true, array ('title' => __('Delete'))); $data[4] .= html_print_input_image ('del', 'images/cross.png', 1, '', true, array ('title' => __('Delete')));
$data[4] .= '</form> '; $data[4] .= '</form> ';
}
else {
$data[4] = '';
}
array_push ($table->data, $data); array_push ($table->data, $data);
} }
@ -324,7 +334,8 @@ if (isset($data)) {
html_print_table ($table); html_print_table ($table);
} }
else { else {
echo "<div class='nf'>".__('No alert templates defined')."</div>"; echo "<div class='nf'>" . __('No alert templates defined') .
"</div>";
} }
echo '<div class="action-buttons" style="width: '.$table->width.'">'; echo '<div class="action-buttons" style="width: '.$table->width.'">';
echo '<form method="post" action="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_template&pure='.$pure.'">'; echo '<form method="post" action="index.php?sec='.$sec.'&sec2=godmode/alerts/configure_alert_template&pure='.$pure.'">';

37
pandora_console/godmode/alerts/configure_alert_action.php
View File

@ -40,46 +40,19 @@ else
$sec = 'galertas'; $sec = 'galertas';
if ($al_action !== false) { if ($al_action !== false) {
// If user tries to edit an action with group=ALL
if ($al_action['id_group'] == 0){
// then must have "PM" access privileges
if (! check_acl ($config['id_user'], 0, "PM")) {
db_pandora_audit("ACL Violation",
"Trying to access Alert Management");
require ("general/noaccess.php");
exit;
}
else {
// Header
if (defined('METACONSOLE'))
alerts_meta_print_header();
else
ui_print_page_header (__('Alerts').' &raquo; '.__('Configure alert action'), "images/gm_alerts.png", false, "", true);
}
} // If user tries to edit an action of others groups
else {
$own_info = get_user_info ($config['id_user']); $own_info = get_user_info ($config['id_user']);
if ($own_info['is_admin'] || check_acl ($config['id_user'], 0, "PM")) if ($own_info['is_admin'] || check_acl ($config['id_user'], 0, "PM"))
$own_groups = array_keys(users_get_groups($config['id_user'], "LM")); $own_groups = array_keys(users_get_groups($config['id_user'], "LM"));
else else
$own_groups = array_keys(users_get_groups($config['id_user'], "LM", false)); $own_groups = array_keys(users_get_groups($config['id_user'], "LM", false));
$is_in_group = in_array($al_action['id_group'], $own_groups); $is_in_group = in_array($al_action['id_group'], $own_groups);
// Then action group have to be in his own groups
if ($is_in_group) {
// Header // Header
if (defined('METACONSOLE')) if (defined('METACONSOLE'))
alerts_meta_print_header(); alerts_meta_print_header();
else else
ui_print_page_header (__('Alerts').' &raquo; '.__('Configure alert action'), "images/gm_alerts.png", false, "", true); ui_print_page_header (__('Alerts').' &raquo; '.__('Configure alert action'), "images/gm_alerts.png", false, "", true);
} }
else {
db_pandora_audit("ACL Violation",
"Trying to access Alert Management");
require ("general/noaccess.php");
exit;
}
}
}
else { else {
// Header // Header
if (defined('METACONSOLE')) if (defined('METACONSOLE'))
@ -129,7 +102,8 @@ else
$table->data[1][1] = html_print_select_groups(false, "LW", $display_all_group, 'group', $group, '', '', 0, true); $table->data[1][1] = html_print_select_groups(false, "LW", $display_all_group, 'group', $group, '', '', 0, true);
$table->data[2][0] = __('Command'); $table->data[2][0] = __('Command');
$table->data[2][1] = html_print_select_from_sql ('SELECT id, name FROM talert_commands', $table->data[2][1] = html_print_select_from_sql ('SELECT id, name
FROM talert_commands',
'id_command', $id_command, '', __('None'), 0, true); 'id_command', $id_command, '', __('None'), 0, true);
$table->data[2][1] .= ' '; $table->data[2][1] .= ' ';
if (check_acl ($config['id_user'], 0, "PM")) { if (check_acl ($config['id_user'], 0, "PM")) {
@ -159,9 +133,14 @@ html_print_table ($table);
echo '<div class="action-buttons" style="width: '.$table->width.'">'; echo '<div class="action-buttons" style="width: '.$table->width.'">';
if ($id) { if ($id) {
html_print_input_hidden ('id', $id); html_print_input_hidden ('id', $id);
if ($al_action['id_group'] == 0) {
// then must have "PM" access privileges
if (check_acl ($config['id_user'], 0, "PM")) {
html_print_input_hidden ('update_action', 1); html_print_input_hidden ('update_action', 1);
html_print_submit_button (__('Update'), 'create', false, 'class="sub upd"'); html_print_submit_button (__('Update'), 'create', false, 'class="sub upd"');
} }
}
}
else { else {
html_print_input_hidden ('create_action', 1); html_print_input_hidden ('create_action', 1);
html_print_submit_button (__('Create'), 'create', false, 'class="sub wand"'); html_print_submit_button (__('Create'), 'create', false, 'class="sub wand"');

49
pandora_console/godmode/alerts/configure_alert_template.php
View File

@ -52,25 +52,18 @@ else {
if ($a_template !== false) { if ($a_template !== false) {
// If user tries to duplicate/edit a template with group=ALL // If user tries to duplicate/edit a template with group=ALL
if ($a_template['id_group'] == 0) { if ($a_template['id_group'] == 0) {
// then must have "PM" access privileges
if (! check_acl ($config['id_user'], 0, "PM")) {
db_pandora_audit("ACL Violation",
"Trying to access Alert Management");
require ("general/noaccess.php");
exit;
}
else {
// Header // Header
if (defined('METACONSOLE')) { if (defined('METACONSOLE')) {
alerts_meta_print_header(); alerts_meta_print_header();
} }
else { else {
ui_print_page_header (__('Alerts').' &raquo; '.__('Configure alert template'), "", false, "conf_alert_template", true); ui_print_page_header (__('Alerts') .
' &raquo; ' . __('Configure alert template'), "",
false, "conf_alert_template", true);
} }
} }
} // If user tries to duplicate/edit a template of others groups
else { else {
// If user tries to duplicate/edit a template of others groups
$own_info = get_user_info ($config['id_user']); $own_info = get_user_info ($config['id_user']);
if ($own_info['is_admin'] || check_acl ($config['id_user'], 0, "PM")) if ($own_info['is_admin'] || check_acl ($config['id_user'], 0, "PM"))
$own_groups = array_keys(users_get_groups($config['id_user'], "LM")); $own_groups = array_keys(users_get_groups($config['id_user'], "LM"));
@ -332,6 +325,7 @@ define ('LAST_STEP', 3);
$step = (int) get_parameter ('step', 1); $step = (int) get_parameter ('step', 1);
$create_alert = (bool) get_parameter ('create_alert');
$create_template = (bool) get_parameter ('create_template'); $create_template = (bool) get_parameter ('create_template');
$update_template = (bool) get_parameter ('update_template'); $update_template = (bool) get_parameter ('update_template');
@ -359,7 +353,7 @@ for($i=1;$i<=10;$i++) {
$priority = 1; $priority = 1;
$min_alerts = 0; $min_alerts = 0;
$max_alerts = 1; $max_alerts = 1;
$threshold = 86400; $threshold = SECONDS_1DAY;
$recovery_notify = false; $recovery_notify = false;
$field2_recovery = ''; $field2_recovery = '';
$field3_recovery = ''; $field3_recovery = '';
@ -547,10 +541,16 @@ if ($step == 2) {
switch ($config['dbtype']){ switch ($config['dbtype']){
case "mysql": case "mysql":
case "postgresql": case "postgresql":
$sql_query = sprintf('SELECT id, name FROM talert_actions WHERE id_group IN (%s) ORDER BY name', $usr_groups); $sql_query = sprintf('SELECT id, name
FROM talert_actions
WHERE id_group IN (%s)
ORDER BY name', $usr_groups);
break; break;
case "oracle": case "oracle":
$sql_query = sprintf('SELECT id, dbms_lob.substr(name,4000,1) as nombre FROM talert_actions WHERE id_group IN (%s) ORDER BY dbms_lob.substr(name,4000,1)', $usr_groups); $sql_query = sprintf('SELECT id, dbms_lob.substr(name,4000,1) as nombre
FROM talert_actions
WHERE id_group IN (%s)
ORDER BY dbms_lob.substr(name,4000,1)', $usr_groups);
break; break;
} }
$table->data[4][1] = html_print_select_from_sql ($sql_query, $table->data[4][1] = html_print_select_from_sql ($sql_query,
@ -617,6 +617,7 @@ else {
$table->data[0][0] = __('Name'); $table->data[0][0] = __('Name');
$table->data[0][1] = html_print_input_text ('name', $name, '', 35, 255, true); $table->data[0][1] = html_print_input_text ('name', $name, '', 35, 255, true);
$table->data[0][1] .= "&nbsp;&nbsp;". __("Group"); $table->data[0][1] .= "&nbsp;&nbsp;". __("Group");
$groups = users_get_groups (); $groups = users_get_groups ();
$own_info = get_user_info($config['id_user']); $own_info = get_user_info($config['id_user']);
@ -625,7 +626,9 @@ else {
$display_all_group = true; $display_all_group = true;
else else
$display_all_group = false; $display_all_group = false;
$table->data[0][1] .= "&nbsp;".html_print_select_groups(false, "AR", $display_all_group, 'id_group', $id_group, '', '', 0, true); $table->data[0][1] .= "&nbsp;" .
html_print_select_groups(false, "AR", $display_all_group, 'id_group', $id_group, '', '', 0, true);
$table->data[1][0] = __('Description'); $table->data[1][0] = __('Description');
$table->data[1][1] = html_print_textarea ('description', 10, 30, $table->data[1][1] = html_print_textarea ('description', 10, 30,
@ -637,7 +640,8 @@ else {
if(defined('METACONSOLE')) { if(defined('METACONSOLE')) {
$table->data[3][0] = __('Wizard level'); $table->data[3][0] = __('Wizard level');
$wizard_levels = array('basic' => __('Basic'), $wizard_levels = array(
'basic' => __('Basic'),
'advanced' => __('Advanced')); 'advanced' => __('Advanced'));
$table->data[3][1] = html_print_select($wizard_levels,'wizard_level',$wizard_level,'','',-1,true, false, false); $table->data[3][1] = html_print_select($wizard_levels,'wizard_level',$wizard_level,'','',-1,true, false, false);
} }
@ -697,6 +701,17 @@ else {
html_print_input_hidden ('create_template', 1); html_print_input_hidden ('create_template', 1);
} }
$disabled = false;
if (!$create_alert && !$create_template) {
if ($a_template['id_group'] == 0) {
// then must have "PM" access privileges
if (! check_acl ($config['id_user'], 0, "PM")) {
$disabled = true;
}
}
}
if (!$disabled) {
if ($step >= LAST_STEP) { if ($step >= LAST_STEP) {
html_print_submit_button (__('Finish'), 'finish', false, 'class="sub upd"'); html_print_submit_button (__('Finish'), 'finish', false, 'class="sub upd"');
} }
@ -704,6 +719,8 @@ else {
html_print_input_hidden ('step', $step + 1); html_print_input_hidden ('step', $step + 1);
html_print_submit_button (__('Next'), 'next', false, 'class="sub next"'); html_print_submit_button (__('Next'), 'next', false, 'class="sub next"');
} }
}
echo '</div>'; echo '</div>';
echo '</form>'; echo '</form>';

2
pandora_console/godmode/groups/configure_group.php
View File

@ -18,7 +18,7 @@ global $config;
check_login (); check_login ();
if (! check_acl ($config['id_user'], 0, "PM")) { if (! check_acl ($config['id_user'], 0, "AW")) {
db_pandora_audit("ACL Violation", "Trying to access Group Management2"); db_pandora_audit("ACL Violation", "Trying to access Group Management2");
require ("general/noaccess.php"); require ("general/noaccess.php");
return; return;

10
pandora_console/godmode/groups/group_list.php
View File

@ -97,7 +97,7 @@ if (is_ajax ()) {
return; return;
} }
if (! check_acl($config['id_user'], 0, "PM")) { if (! check_acl($config['id_user'], 0, "AW")) {
db_pandora_audit("ACL Violation", db_pandora_audit("ACL Violation",
"Trying to access Group Management"); "Trying to access Group Management");
require ("general/noaccess.php"); require ("general/noaccess.php");
@ -126,7 +126,7 @@ $delete_group = (bool) get_parameter ('delete_group');
$pure = get_parameter('pure', 0); $pure = get_parameter('pure', 0);
/* Create group */ /* Create group */
if ($create_group) { if (($create_group) && (check_acl($config['id_user'], 0, "PM"))) {
$name = (string) get_parameter ('name'); $name = (string) get_parameter ('name');
$icon = (string) get_parameter ('icon'); $icon = (string) get_parameter ('icon');
$id_parent = (int) get_parameter ('id_parent'); $id_parent = (int) get_parameter ('id_parent');
@ -219,7 +219,7 @@ if ($update_group) {
} }
/* Delete group */ /* Delete group */
if ($delete_group) { if (($delete_group) && (check_acl($config['id_user'], 0, "PM"))) {
$id_group = (int) get_parameter ('id_group'); $id_group = (int) get_parameter ('id_group');
$usedGroup = groups_check_used($id_group); $usedGroup = groups_check_used($id_group);
@ -253,12 +253,14 @@ db_clean_cache();
$groups = users_get_groups_tree ($config['id_user'], "AR", true); $groups = users_get_groups_tree ($config['id_user'], "AR", true);
$table->width = '98%'; $table->width = '98%';
if (check_acl($config['id_user'], 0, "PM")) {
echo '<br />'; echo '<br />';
echo '<form method="post" action="index.php?sec='.$sec.'&sec2=godmode/groups/configure_group&pure='.$pure.'">'; echo '<form method="post" action="index.php?sec='.$sec.'&sec2=godmode/groups/configure_group&pure='.$pure.'">';
echo '<div class="action-buttons" style="width: '.$table->width.'">'; echo '<div class="action-buttons" style="width: '.$table->width.'">';
html_print_submit_button (__('Create group'), 'crt', false, 'class="sub next"'); html_print_submit_button (__('Create group'), 'crt', false, 'class="sub next"');
echo '</div>'; echo '</div>';
echo '</form>'; echo '</form>';
}
if (!empty($groups)) { if (!empty($groups)) {
$table->head = array (); $table->head = array ();
@ -429,11 +431,13 @@ else {
echo "<div class='nf'>".__('There are no defined groups')."</div>"; echo "<div class='nf'>".__('There are no defined groups')."</div>";
} }
if (check_acl($config['id_user'], 0, "PM")) {
echo '<form method="post" action="index.php?sec='.$sec.'&sec2=godmode/groups/configure_group&pure='.$pure.'">'; echo '<form method="post" action="index.php?sec='.$sec.'&sec2=godmode/groups/configure_group&pure='.$pure.'">';
echo '<div class="action-buttons" style="width: '.$table->width.'">'; echo '<div class="action-buttons" style="width: '.$table->width.'">';
html_print_submit_button (__('Create group'), 'crt', false, 'class="sub next"'); html_print_submit_button (__('Create group'), 'crt', false, 'class="sub next"');
echo '</div>'; echo '</div>';
echo '</form>'; echo '</form>';
}
enterprise_hook('close_meta_frame'); enterprise_hook('close_meta_frame');

4
pandora_console/godmode/menu.php
View File

@ -37,8 +37,10 @@ if (check_acl ($config['id_user'], 0, "AW") || check_acl ($config['id_user'], 0,
enterprise_hook("duplicate_confi_submenu"); enterprise_hook("duplicate_confi_submenu");
if (check_acl ($config["id_user"], 0, "PM")) { if (check_acl ($config["id_user"], 0, "AW")) {
$sub["godmode/groups/group_list"]["text"] = __('Manage groups'); $sub["godmode/groups/group_list"]["text"] = __('Manage groups');
}
if (check_acl ($config["id_user"], 0, "PM")) {
$sub["godmode/groups/modu_group_list"]["text"] = __('Module groups'); $sub["godmode/groups/modu_group_list"]["text"] = __('Module groups');
$sub["godmode/agentes/planned_downtime.list"]["text"] = __('Scheduled downtime'); $sub["godmode/agentes/planned_downtime.list"]["text"] = __('Scheduled downtime');
$sub["godmode/agentes/fields_manager"]["text"] = __('Manage custom fields'); $sub["godmode/agentes/fields_manager"]["text"] = __('Manage custom fields');

1
pandora_console/include/functions_profile.php
View File

@ -114,6 +114,7 @@ function profile_delete_user_profile ($id_user, $id_profile) {
$where = array( $where = array(
'id_usuario' => $id_user, 'id_usuario' => $id_user,
'id_up' => $id_profile); 'id_up' => $id_profile);
return (bool)db_process_sql_delete('tusuario_perfil', $where); return (bool)db_process_sql_delete('tusuario_perfil', $where);
} }