diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index e428124fe6..56cc2c81f2 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,10 @@ +2011-02-15 Miguel de Dios + + * include/functions_alerts.php, operation/agentes/estado_agente.php: added + check ACL in the show actions in the creation and edit of alerts. + + Fixes: #3166657 + 2011-02-15 Javier Lanz * godmode/groups/group_list.php: Fixed ACL checkings diff --git a/pandora_console/include/functions_alerts.php b/pandora_console/include/functions_alerts.php index 6c5e714708..b810979d0c 100644 --- a/pandora_console/include/functions_alerts.php +++ b/pandora_console/include/functions_alerts.php @@ -204,8 +204,23 @@ function clone_alert_action ($id_alert_action) { } -function get_alert_actions ($only_names = true) { - $all_actions = get_db_all_rows_in_table ('talert_actions'); +/** + * Get all alert actions in Pandora DB. + * + * @param bool $only_names Return only names, by default is true. + * @param bool $acl Check the ACL, by default is false + * + * @return array The list of actions. + */ +function get_alert_actions ($only_names = true, $acl = false) { + $groups = get_user_groups(false, "AR", true); + + if ($groups === false) { + $groups = array(); + } + $id_groups = array_keys($groups); + + $all_actions = get_db_all_rows_filter('talert_actions', array('id_group' => $id_groups)); if ($all_actions === false) return array (); diff --git a/pandora_console/operation/agentes/estado_agente.php b/pandora_console/operation/agentes/estado_agente.php index 6ce6d52d47..99fea272a1 100644 --- a/pandora_console/operation/agentes/estado_agente.php +++ b/pandora_console/operation/agentes/estado_agente.php @@ -30,6 +30,12 @@ if (is_ajax ()) { $get_agent_module_last_value = (bool) get_parameter ('get_agent_module_last_value'); $get_actions_alert_template = (bool) get_parameter("get_actions_alert_template"); + $groups = get_user_groups(false, "AR", true); + if ($groups === false) { + $groups = array(); + } + $id_groups = array_keys($groups); + if ($get_actions_alert_template) { $id_template = get_parameter("id_template"); $sql = sprintf ("SELECT t1.id, t1.name, @@ -37,7 +43,8 @@ if (is_ajax ()) { FROM talert_templates AS t2 WHERE t2.id = %d AND t2.id_alert_action = t1.id) as 'sort_order' - FROM talert_actions AS t1 + FROM talert_actions AS t1 + WHERE id_group IN (" . implode(',', $id_groups) . ") ORDER BY sort_order DESC", $id_template); $rows = get_db_all_rows_sql($sql);