2011-02-15 Juan Manuel Ramon <juanmanuel.ramon@artica.es>

* godmode/menu.php: "godmode > manage alert > commands" tab only 
	displayed when user privileges are "PM".
	* pandoradb_data.sql 
	 pandoradb.data.postgreSQL.sql: Changed "Alert management" field to 1 in 
	"Chief Operator" row of tperfil table.
	* godmode/alerts/alert_templates.php: If user tries to delete a 
	template with group=ALL then must have "PM" access privileges.
	* godmode/alerts/configure_alert_template.php: If user tries to duplicate
	/edit a template with group=ALL then must have "PM" access privileges.
	* godmode/alerts/alert_actions.php: If user tries to duplicate/delete an 
	action with group=ALL then must have "PM" access privileges.
	* godmode/alerts/configure_alert_action.php: If user tries to edit an 
	action with group=ALL then must have "PM" access privileges.

	Fixes: #3180735	



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3845 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,3 +1,21 @@
+2011-02-15 Juan Manuel Ramon <juanmanuel.ramon@artica.es>
+
+	* godmode/menu.php: "godmode > manage alert > commands" tab only 
+	displayed when user privileges are "PM".
+	* pandoradb_data.sql 
+	 pandoradb.data.postgreSQL.sql: Changed "Alert management" field to 1 in 
+	"Chief Operator" row of tperfil table.
+	* godmode/alerts/alert_templates.php: If user tries to delete a 
+	template with group=ALL then must have "PM" access privileges.
+	* godmode/alerts/configure_alert_template.php: If user tries to duplicate
+	/edit a template with group=ALL then must have "PM" access privileges.
+	* godmode/alerts/alert_actions.php: If user tries to duplicate/delete an 
+	action with group=ALL then must have "PM" access privileges.
+	* godmode/alerts/configure_alert_action.php: If user tries to edit an 
+	action with group=ALL then must have "PM" access privileges.
+
+	Fixes: #3180735	
+
 2011-02-15 Javier Lanz <javier.lanz@artica.es>
 	* godmode/users/configure_user.php: Truncated group name on user detail
 	editor

pandora_console/godmode/alerts/alert_actions.php

@@ -39,16 +39,37 @@ if (is_ajax ()) {
 	return;
 }
 
-// Header
-print_page_header (__('Alerts').' » '.__('Alert actions'), "images/god2.png", false, "", true);
-
 $update_action = (bool) get_parameter ('update_action');
 $create_action = (bool) get_parameter ('create_action');
 $delete_action = (bool) get_parameter ('delete_action');
 $copy_action = (bool) get_parameter ('copy_action');
 
+if ((!$copy_action) && (!$delete_action))
+	// Header
+	print_page_header (__('Alerts').' » '.__('Alert actions'), "images/god2.png", false, "", true);
+
 if ($copy_action) {
 	$id = get_parameter ('id');
+
+	$al_action = get_alert_action ($id);
+
+	if ($al_action !== false){
+		if ($al_action['id_group'] == 0){
+			if (! give_acl ($config['id_user'], 0, "PM")) {
+				pandora_audit("ACL Violation",
+					"Trying to access Alert Management");
+				require ("general/noaccess.php");
+				exit;
+			}else
+				// Header
+				print_page_header (__('Alerts').' » '.__('Alert actions'), "images/god2.png", false, "", true);
+		}else
+			// Header
+			print_page_header (__('Alerts').' » '.__('Alert actions'), "images/god2.png", false, "", true);		
+	}else
+		// Header
+		print_page_header (__('Alerts').' » '.__('Alert actions'), "images/god2.png", false, "", true);
+
 	
 	$result = clone_alert_action ($id);
 	
@@ -95,6 +116,25 @@ if ($create_action) {
 
 if ($update_action) {
 	$id = (string) get_parameter ('id');
+
+	$al_action = get_alert_action ($id);
+
+	if ($al_action !== false){
+		if ($al_action['id_group'] == 0){
+			if (! give_acl ($config['id_user'], 0, "PM")) {
+				pandora_audit("ACL Violation",
+					"Trying to access Alert Management");
+				require ("general/noaccess.php");
+				exit;
+			}else
+				// Header
+				print_page_header (__('Alerts').' » '.__('Alert actions'), "images/god2.png", false, "", true);
+		}
+	}else
+		// Header
+		print_page_header (__('Alerts').' » '.__('Alert actions'), "images/god2.png", false, "", true);
+
+
 	$name = (string) get_parameter ('name');
 	$id_alert_command = (int) get_parameter ('id_command');
 	$field1 = (string) get_parameter ('field1');
@@ -129,7 +169,27 @@ if ($update_action) {
 
 if ($delete_action) {
 	$id = get_parameter ('id');
-	
+
+	$al_action = get_alert_action ($id);
+
+	if ($al_action !== false){
+		if ($al_action['id_group'] == 0){
+			if (! give_acl ($config['id_user'], 0, "PM")) {
+				pandora_audit("ACL Violation",
+					"Trying to access Alert Management");
+				require ("general/noaccess.php");
+				exit;
+			}else
+				// Header
+				print_page_header (__('Alerts').' » '.__('Alert actions'), "images/god2.png", false, "", true);
+		}else
+				// Header
+				print_page_header (__('Alerts').' » '.__('Alert actions'), "images/god2.png", false, "", true);	
+	}else
+		// Header
+		print_page_header (__('Alerts').' » '.__('Alert actions'), "images/god2.png", false, "", true);
+
+
 	$result = delete_alert_action ($id);
 	
 	if ($result) {

pandora_console/godmode/alerts/alert_templates.php

@@ -106,12 +106,14 @@ if (! give_acl ($config['id_user'], 0, "LM")) {
 	exit;
 }
 
-// Header
-print_page_header (__('Alerts')." » ". __('Alert templates'), "images/god2.png", false, "", true);
-
 $update_template = (bool) get_parameter ('update_template');
 $delete_template = (bool) get_parameter ('delete_template');
 
+// This prevents to duplicate the header in case delete_templete action is performed
+if (!$delete_template) 
+// Header
+print_page_header (__('Alerts')." » ". __('Alert templates'), "images/god2.png", false, "", true);
+
 if ($update_template) {
 	$id = (int) get_parameter ('id');
 	
@@ -129,9 +131,28 @@ if ($update_template) {
 		__('Could not be updated'));
 }
 
+// If user tries to delete a template with group=ALL then must have "PM" access privileges
 if ($delete_template) {
 	$id = get_parameter ('id');
-	
+	$al_template = get_alert_template($id);
+
+	if ($al_template !== false){
+		if ($al_template['id_group'] == 0){
+			if (! give_acl ($config['id_user'], 0, "PM")) {
+				pandora_audit("ACL Violation",
+					"Trying to access Alert Management");
+				require ("general/noaccess.php");
+				exit;
+			}else
+				// Header
+				print_page_header (__('Alerts')." » ". __('Alert templates'), "images/god2.png", false, "", true);
+		}else
+			// Header
+			print_page_header (__('Alerts')." » ". __('Alert templates'), "images/god2.png", false, "", true);		
+	}else
+		// Header
+		print_page_header (__('Alerts')." » ". __('Alert templates'), "images/god2.png", false, "", true);
+
 	$result = delete_alert_template ($id);
 	
 	if ($result) {

pandora_console/godmode/alerts/configure_alert_action.php

@@ -29,6 +29,26 @@ if (! give_acl ($config['id_user'], 0, "LM")) {
 
 $id = (int) get_parameter ('id');
 
+$al_action = get_alert_action ($id);
+
+if ($al_action !== false){
+	if ($al_action['id_group'] == 0){
+		if (! give_acl ($config['id_user'], 0, "PM")) {
+			pandora_audit("ACL Violation",
+				"Trying to access Alert Management");
+			require ("general/noaccess.php");
+			exit;
+		}else
+			// Header
+			print_page_header (__('Alerts').' » '.__('Configure alert action'), "images/god2.png", false, "", true);
+	
+	}else
+		// Header
+		print_page_header (__('Alerts').' » '.__('Configure alert action'), "images/god2.png", false, "", true);
+}else
+	// Header
+	print_page_header (__('Alerts').' » '.__('Configure alert action'), "images/god2.png", false, "", true);	
+
 $name = '';
 $id_command = '';
 $field1 = '';
@@ -45,8 +65,6 @@ if ($id) {
 	$field3 = $action['field3'];
 	$group = $action ['id_group'];
 }
-// Header
-print_page_header (__('Alerts').' » '.__('Configure alert action'), "images/god2.png", false, "", true);
 
 $table->width = '90%';
 $table->style = array ();

pandora_console/godmode/alerts/configure_alert_template.php

@@ -26,13 +26,37 @@ if (! give_acl ($config['id_user'], 0, "LM")) {
 	exit;
 }
 
-// Header
-print_page_header (__('Alerts').' » '.__('Configure alert template'), "", false, "", true);
-
 
 $duplicate_template = (bool) get_parameter ('duplicate_template');
 $id = (int) get_parameter ('id');
 
+// If user tries to duplicate/edit a template with group=ALL then must have "PM" access privileges 
+if ($duplicate_template) {
+	$source_id = (int) get_parameter ('source_id');
+	$a_template = get_alert_template($source_id);
+}else{
+	$a_template = get_alert_template($id);
+}
+
+if ($a_template !== false){
+	if ($a_template['id_group'] == 0){
+		if (! give_acl ($config['id_user'], 0, "PM")) {
+			pandora_audit("ACL Violation",
+				"Trying to access Alert Management");
+			require ("general/noaccess.php");
+			exit;
+		}else
+			// Header
+			print_page_header (__('Alerts').' » '.__('Configure alert template'), "", false, "", true);
+	}else
+		// Header
+		print_page_header (__('Alerts').' » '.__('Configure alert template'), "", false, "", true);		
+// This prevents to duplicate the header in case duplicate/edit_template action is performed
+}else
+	// Header
+	print_page_header (__('Alerts').' » '.__('Configure alert template'), "", false, "", true);
+
+
 if ($duplicate_template) {
 	$source_id = (int) get_parameter ('source_id');
 	

pandora_console/godmode/menu.php

@@ -93,10 +93,11 @@ if (give_acl ($config['id_user'], 0, "LM")) {
 	
 	$sub["godmode/alerts/alert_actions"]["text"] = __('Actions');
 	
-	$sub["godmode/alerts/alert_commands"]["text"] = __('Commands');
-	
+	if (give_acl ($config['id_user'], 0, "PM")) {
+		$sub["godmode/alerts/alert_commands"]["text"] = __('Commands');
+	}
 	$sub["godmode/alerts/alert_compounds"]["text"] = __('Correlation');
-	
+
 	$menu["galertas"]["sub"] = $sub;
 }
 

pandora_console/pandoradb.data.postgreSQL.sql

@@ -246,7 +246,7 @@ INSERT INTO "tusuario_perfil" VALUES (1,'admin',5,0,'admin');
 --
 -- Dumping data for table "tperfil"
 --
-INSERT INTO "tperfil" VALUES (1,'Operator (Read)',0,1,0,1,0,0,0,0,0,0),(2,'Operator (Write)',1,1,0,1,0,0,0,0,0,0),(3,'Chief Operator',1,1,1,1,0,0,0,0,0,0),(4,'Group coordinator',1,1,1,1,1,1,1,0,0,0),(5,'Pandora Administrator',1,1,1,1,1,1,1,1,1,1);
+INSERT INTO "tperfil" VALUES (1,'Operator (Read)',0,1,0,1,0,0,0,0,0,0),(2,'Operator (Write)',1,1,0,1,0,0,0,0,0,0),(3,'Chief Operator',1,1,1,1,0,0,0,0,1,0),(4,'Group coordinator',1,1,1,1,1,1,1,0,0,0),(5,'Pandora Administrator',1,1,1,1,1,1,1,1,1,1);
 
 INSERT INTO "tnews" ("id_news", "author", "subject", "text", "timestamp") VALUES (1,'admin','Welcome to Pandora FMS 3.2!','This is the new Pandora FMS Console. A lot of new features have been added since last version. Please read the documentation about it, and feel free to test any option.\r\n\r\nThe Pandora FMS Team.',NOW()),
 (2,'admin','New GIS Feature','Try our new GIS representation, activate GIS in Setup to see new available options.',NOW());

pandora_console/pandoradb_data.sql

@@ -259,7 +259,7 @@ INSERT INTO `tusuario_perfil` VALUES (1,'admin',5,0,'admin');
 -- Dumping data for table `tperfil`
 --
 
-INSERT INTO `tperfil` VALUES (1,'Operator (Read)',0,1,0,1,0,0,0,0,0,0),(2,'Operator (Write)',1,1,0,1,0,0,0,0,0,0),(3,'Chief Operator',1,1,1,1,0,0,0,0,0,0),(4,'Group coordinator',1,1,1,1,1,1,1,0,0,0),(5,'Pandora Administrator',1,1,1,1,1,1,1,1,1,1);
+INSERT INTO `tperfil` VALUES (1,'Operator (Read)',0,1,0,1,0,0,0,0,0,0),(2,'Operator (Write)',1,1,0,1,0,0,0,0,0,0),(3,'Chief Operator',1,1,1,1,0,0,0,0,0,0),(4,'Group coordinator',1,1,1,1,1,1,1,0,1,0),(5,'Pandora Administrator',1,1,1,1,1,1,1,1,1,1);
 
 INSERT INTO `tnews` VALUES (1,'admin','Welcome to Pandora FMS 3.2!','This is the new Pandora FMS Console. A l/ot of new features have been added since last version. Please read the documentation about it, and feel free to test any option.\r\n\r\nThe Pandora FMS Team.',NOW()),
 (2,'admin','New GIS Feature','Try our new GIS representation, activate GIS in Setup to see new available options.',NOW());