From c16992f69a1d86a024e05db3d23ff1f5f9b4a172 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Thu, 23 Nov 2023 15:29:26 +0100 Subject: [PATCH 1/4] #12517 hide allowlist if token is disabled --- .../godmode/users/user_management.php | 67 ++++++++++++------- 1 file changed, 41 insertions(+), 26 deletions(-) diff --git a/pandora_console/godmode/users/user_management.php b/pandora_console/godmode/users/user_management.php index 8d9efea97b..0dc0a90044 100644 --- a/pandora_console/godmode/users/user_management.php +++ b/pandora_console/godmode/users/user_management.php @@ -857,10 +857,34 @@ $userManagementTable->data['fields_addSettings'][0] = html_print_textarea( '' ); -$userManagementTable->data['captions_addSettings'][1] = __('Login allowed IP list'); -$userManagementTable->data['fields_addSettings'][1] = html_print_div( +$allowAllIpsContent = []; +$allowAllIpsContent[] = ''.__('Enable IP allowlist').''; +$allowAllIpsContent[] = html_print_div( [ - 'class' => 'edit_user_allowed_ip', + 'content' => html_print_checkbox_switch( + 'allowed_ip_active', + 0, + ($user_info['allowed_ip_active'] ?? 0), + true, + false, + 'handleIpAllowlist(this)' + ), + ], + true +); + +$userManagementTable->data['captions_addSettings'][1] = html_print_div( + [ + 'class' => 'margin-top-10', + 'style' => 'display: flex; flex-direction: row-reverse; align-items: center;', + 'content' => implode('', $allowAllIpsContent), + ], + true +); + +$userManagementTable->data['fields_addSettings'][1] .= html_print_div( + [ + 'class' => 'edit_user_allowed_ip '.(((int) $user_info['allowed_ip_active'] === 1) ? '' : 'invisible'), 'content' => html_print_textarea( 'allowed_ip_list', 5, @@ -875,30 +899,11 @@ $userManagementTable->data['fields_addSettings'][1] = html_print_div( $userManagementTable->data['fields_addSettings'][1] .= ui_print_input_placeholder( __('Add the source IPs that will allow console access. Each IP must be separated only by comma. * allows all.'), - true -); - -$allowAllIpsContent = []; -$allowAllIpsContent[] = ''.__('Allow all IPs').''; -$allowAllIpsContent[] = html_print_div( + true, [ - 'content' => html_print_checkbox_switch( - 'allowed_ip_active', - 0, - ($user_info['allowed_ip_active'] ?? 0), - true - ), - ], - true -); - -$userManagementTable->data['fields_addSettings'][1] .= html_print_div( - [ - 'class' => 'margin-top-10', - 'style' => 'display: flex; flex-direction: row-reverse; align-items: center;', - 'content' => implode('', $allowAllIpsContent), - ], - true + 'id' => 'info_allowed_ip', + 'class' => ((int) $user_info['allowed_ip_active'] === 1) ? 'input_sub_placeholder' : 'input_sub_placeholder invisible', + ] ); @@ -1038,4 +1043,14 @@ $(document).ready(function () { } }) }); + +function handleIpAllowlist(e){ + if(e.checked === true) { + $('.edit_user_allowed_ip').show(); + $('#info_allowed_ip').show(); + } else { + $('.edit_user_allowed_ip').hide(); + $('#info_allowed_ip').hide(); + } +} \ No newline at end of file From afa6a7d415624d7e96593254f136eb439a540685 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Mon, 27 Nov 2023 13:55:08 +0100 Subject: [PATCH 2/4] #12517 allow ip limited to user admin --- .../godmode/users/user_management.php | 93 ++++++++++--------- 1 file changed, 47 insertions(+), 46 deletions(-) diff --git a/pandora_console/godmode/users/user_management.php b/pandora_console/godmode/users/user_management.php index 0dc0a90044..3e0a030195 100644 --- a/pandora_console/godmode/users/user_management.php +++ b/pandora_console/godmode/users/user_management.php @@ -857,55 +857,56 @@ $userManagementTable->data['fields_addSettings'][0] = html_print_textarea( '' ); -$allowAllIpsContent = []; -$allowAllIpsContent[] = ''.__('Enable IP allowlist').''; -$allowAllIpsContent[] = html_print_div( - [ - 'content' => html_print_checkbox_switch( - 'allowed_ip_active', - 0, - ($user_info['allowed_ip_active'] ?? 0), - true, - false, - 'handleIpAllowlist(this)' - ), - ], - true -); +if (users_is_admin($config['id_user']) === true || check_acl($config['id_user'], 0, 'PM') === true) { + $allowAllIpsContent = []; + $allowAllIpsContent[] = ''.__('Enable IP allowlist').''; + $allowAllIpsContent[] = html_print_div( + [ + 'content' => html_print_checkbox_switch( + 'allowed_ip_active', + 0, + ($user_info['allowed_ip_active'] ?? 0), + true, + false, + 'handleIpAllowlist(this)' + ), + ], + true + ); -$userManagementTable->data['captions_addSettings'][1] = html_print_div( - [ - 'class' => 'margin-top-10', - 'style' => 'display: flex; flex-direction: row-reverse; align-items: center;', - 'content' => implode('', $allowAllIpsContent), - ], - true -); + $userManagementTable->data['captions_addSettings'][1] = html_print_div( + [ + 'class' => 'margin-top-10', + 'style' => 'display: flex; flex-direction: row-reverse; align-items: center;', + 'content' => implode('', $allowAllIpsContent), + ], + true + ); -$userManagementTable->data['fields_addSettings'][1] .= html_print_div( - [ - 'class' => 'edit_user_allowed_ip '.(((int) $user_info['allowed_ip_active'] === 1) ? '' : 'invisible'), - 'content' => html_print_textarea( - 'allowed_ip_list', - 5, - 65, - ($user_info['allowed_ip_list'] ?? ''), - (((bool) $view_mode === true) ? 'readonly="readonly"' : ''), - true - ), - ], - true -); - -$userManagementTable->data['fields_addSettings'][1] .= ui_print_input_placeholder( - __('Add the source IPs that will allow console access. Each IP must be separated only by comma. * allows all.'), - true, - [ - 'id' => 'info_allowed_ip', - 'class' => ((int) $user_info['allowed_ip_active'] === 1) ? 'input_sub_placeholder' : 'input_sub_placeholder invisible', - ] -); + $userManagementTable->data['fields_addSettings'][1] .= html_print_div( + [ + 'class' => 'edit_user_allowed_ip '.(((int) $user_info['allowed_ip_active'] === 1) ? '' : 'invisible'), + 'content' => html_print_textarea( + 'allowed_ip_list', + 5, + 65, + ($user_info['allowed_ip_list'] ?? ''), + (((bool) $view_mode === true) ? 'readonly="readonly"' : ''), + true + ), + ], + true + ); + $userManagementTable->data['fields_addSettings'][1] .= ui_print_input_placeholder( + __('Add the source IPs that will allow console access. Each IP must be separated only by comma. * allows all.'), + true, + [ + 'id' => 'info_allowed_ip', + 'class' => ((int) $user_info['allowed_ip_active'] === 1) ? 'input_sub_placeholder' : 'input_sub_placeholder invisible', + ] + ); +} if ($config['ITSM_enabled'] && $config['ITSM_user_level_conf']) { // Pandora ITSM user remote login. From 139d88452521403a659358f0b6146fc035e26296 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Mon, 27 Nov 2023 16:59:21 +0100 Subject: [PATCH 3/4] #12517 fixed permission --- pandora_console/godmode/users/user_management.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/godmode/users/user_management.php b/pandora_console/godmode/users/user_management.php index 3e0a030195..322a71d79d 100644 --- a/pandora_console/godmode/users/user_management.php +++ b/pandora_console/godmode/users/user_management.php @@ -857,7 +857,7 @@ $userManagementTable->data['fields_addSettings'][0] = html_print_textarea( '' ); -if (users_is_admin($config['id_user']) === true || check_acl($config['id_user'], 0, 'PM') === true) { +if (users_is_admin($config['id_user']) === true || (bool) check_acl($config['id_user'], 0, 'PM') === true) { $allowAllIpsContent = []; $allowAllIpsContent[] = ''.__('Enable IP allowlist').''; $allowAllIpsContent[] = html_print_div( From dde1146ccb10b9720a3fcc6966c3ecfa906c1127 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Mon, 27 Nov 2023 17:54:05 +0100 Subject: [PATCH 4/4] #fixed delete allow ip when edit user --- pandora_console/godmode/users/configure_user.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pandora_console/godmode/users/configure_user.php b/pandora_console/godmode/users/configure_user.php index fd62dde741..3b5bb1c9be 100644 --- a/pandora_console/godmode/users/configure_user.php +++ b/pandora_console/godmode/users/configure_user.php @@ -596,8 +596,11 @@ if ($update_user) { $values['email'] = (string) get_parameter('email'); $values['phone'] = (string) get_parameter('phone'); $values['comments'] = io_safe_input(strip_tags(io_safe_output((string) get_parameter('comments')))); - $values['allowed_ip_active'] = ((int) get_parameter('allowed_ip_active', -1) === 0); - $values['allowed_ip_list'] = io_safe_input(strip_tags(io_safe_output((string) get_parameter('allowed_ip_list')))); + if (users_is_admin($config['id_user']) === true || (bool) check_acl($config['id_user'], 0, 'PM') === true) { + $values['allowed_ip_active'] = ((int) get_parameter('allowed_ip_active', -1) === 0); + $values['allowed_ip_list'] = io_safe_input(strip_tags(io_safe_output((string) get_parameter('allowed_ip_list')))); + } + $values['is_admin'] = (get_parameter('is_admin', 0) === 0) ? 0 : 1; $values['language'] = (string) get_parameter('language'); $values['timezone'] = (string) get_parameter('timezone');