From bbbddf2fff07d372a52a4dedfcec598d356b6932 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Diaz Date: Mon, 13 Jul 2015 15:59:08 +0200 Subject: [PATCH 01/11] Acces to non-privilege user to planned downtime --- .../agentes/planned_downtime.export_csv.php | 2 +- .../godmode/agentes/planned_downtime.list.php | 16 ++++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/pandora_console/godmode/agentes/planned_downtime.export_csv.php b/pandora_console/godmode/agentes/planned_downtime.export_csv.php index bf7785c4fd..efb349caeb 100644 --- a/pandora_console/godmode/agentes/planned_downtime.export_csv.php +++ b/pandora_console/godmode/agentes/planned_downtime.export_csv.php @@ -22,7 +22,7 @@ require_once ("../../include/functions_users.php"); require_once ("../../include/functions_groups.php"); $config["id_user"] = $_SESSION["id_usuario"]; -if (! check_acl ($config['id_user'], 0, "AW")) { +if (! check_acl ($config['id_user'], 0, "AR")) { db_pandora_audit("ACL Violation", "Trying to access downtime scheduler"); require ("general/noaccess.php"); return; diff --git a/pandora_console/godmode/agentes/planned_downtime.list.php b/pandora_console/godmode/agentes/planned_downtime.list.php index f2cb14e0ba..1bc398859a 100755 --- a/pandora_console/godmode/agentes/planned_downtime.list.php +++ b/pandora_console/godmode/agentes/planned_downtime.list.php @@ -18,7 +18,7 @@ global $config; check_login(); -if (! check_acl ($config['id_user'], 0, "AW")) { +if (! check_acl ($config['id_user'], 0, "AR")) { db_pandora_audit("ACL Violation", "Trying to access downtime scheduler"); require ("general/noaccess.php"); @@ -541,9 +541,11 @@ else { if ($downtime["executed"] == 0) { $data[8] = '' . html_print_image("images/config.png", true, array("border" => '0', "alt" => __('Update'))) . ''; - $data[9] = '' . - html_print_image("images/cross.png", true, array("border" => '0', "alt" => __('Delete'))); + if (check_acl ($config['id_user'], 0, "AW")) { + $data[9] = '' . + html_print_image("images/cross.png", true, array("border" => '0', "alt" => __('Delete'))); + } } elseif ($downtime["executed"] == 1 && $downtime['type_execution'] == 'once') { @@ -580,8 +582,10 @@ else { "location.href='godmode/agentes/planned_downtime.export_csv.php?$filter_params_str'", 'class="sub next"'); echo ''; echo ' '; - echo '
'; - html_print_submit_button (__('Create'), 'create', false, 'class="sub next"'); + if (check_acl ($config['id_user'], 0, "AW")) { + echo ''; + html_print_submit_button (__('Create'), 'create', false, 'class="sub next"'); + } echo '
'; echo ''; } From 8906e050ae273b454e43543e4d9754d0eb0197ae Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Diaz Date: Mon, 13 Jul 2015 18:03:16 +0200 Subject: [PATCH 02/11] Change permissions to a non-privilege user in planned-downtimes-acl Ticket #2404 --- .../godmode/agentes/planned_downtime.list.php | 68 ++++++++++++------- 1 file changed, 43 insertions(+), 25 deletions(-) diff --git a/pandora_console/godmode/agentes/planned_downtime.list.php b/pandora_console/godmode/agentes/planned_downtime.list.php index 1bc398859a..51828cccb0 100755 --- a/pandora_console/godmode/agentes/planned_downtime.list.php +++ b/pandora_console/godmode/agentes/planned_downtime.list.php @@ -528,38 +528,56 @@ else { array ('width' => 20, 'height' => 20, 'alt' => __('Not executed'))); } - if ($downtime['type_execution'] == 'once' && $downtime["executed"] == 1) { + //If user have writting permissions + if ( check_acl ($config['id_user'], 0, "AW")) { + if ($downtime['type_execution'] == 'once' && $downtime["executed"] == 1) { + + $data[7] .= '' . + html_print_image("images/cancel.png", true, array("border" => '0', "alt" => __('Stop downtime'))); + } + else { + $data[7] = ""; + } - $data[7] .= '' . - html_print_image("images/cancel.png", true, array("border" => '0', "alt" => __('Stop downtime'))); + if ($downtime["executed"] == 0) { + $data[8] = '' . + html_print_image("images/config.png", true, array("border" => '0', "alt" => __('Update'))) . ''; + if (check_acl ($config['id_user'], 0, "AW")) { + $data[9] = '' . + html_print_image("images/cross.png", true, array("border" => '0', "alt" => __('Delete'))); + } + } + elseif ($downtime["executed"] == 1 + && $downtime['type_execution'] == 'once') { + + $data[8] = '' . + html_print_image("images/config.png", true, array("border" => '0', "alt" => __('Update'))) . ''; + $data[9]= "N/A"; + } + else { + $data[8]= "N/A"; + $data[9]= "N/A"; + } } - else { - $data[7] = ""; - } - - if ($downtime["executed"] == 0) { - $data[8] = '' . - html_print_image("images/config.png", true, array("border" => '0', "alt" => __('Update'))) . ''; - if (check_acl ($config['id_user'], 0, "AW")) { - $data[9] = '' . - html_print_image("images/cross.png", true, array("border" => '0', "alt" => __('Delete'))); + else{ + if ($downtime['type_execution'] == 'once' && $downtime["executed"] == 1) { + $data[7] .= ''; } } elseif ($downtime["executed"] == 1 && $downtime['type_execution'] == 'once') { - $data[8] = '' . - html_print_image("images/config.png", true, - array("border" => '0', "alt" => __('Update'))) . ''; - $data[9]= "N/A"; - } - else { - $data[8]= "N/A"; - $data[9]= "N/A"; - + if ($downtime["executed"] == 0) { + $data[8] = ''; + $data[9] = ''; + } + elseif ($downtime["executed"] == 1 && $downtime['type_execution'] == 'once') { + $data[8] = ''; + $data[9]= ''; + } } if (!empty($malformed_downtimes_exist) && isset($malformed_downtimes[$downtime['id']])) { From 595ffe8f5c9d57818b7df0d75e821b07f26e4f03 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Diaz Date: Tue, 14 Jul 2015 12:10:46 +0200 Subject: [PATCH 03/11] Planned downtime list changed. Ticket #2404 --- pandora_console/godmode/agentes/planned_downtime.list.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pandora_console/godmode/agentes/planned_downtime.list.php b/pandora_console/godmode/agentes/planned_downtime.list.php index 51828cccb0..347ad6b048 100755 --- a/pandora_console/godmode/agentes/planned_downtime.list.php +++ b/pandora_console/godmode/agentes/planned_downtime.list.php @@ -444,6 +444,9 @@ else { ui_pagination($downtimes_number, "index.php?sec=estado&sec2=godmode/agentes/planned_downtime.list&$filter_params_str", $offset); + $groupsAW = users_get_groups($config['id_user'], 'AW', true, false, null, 'id_grupo'); + $groupsAW = array_keys($groupsAW); + foreach ($downtimes as $downtime) { $data = array(); $total = db_get_sql ("SELECT COUNT(id_agent) @@ -528,8 +531,9 @@ else { array ('width' => 20, 'height' => 20, 'alt' => __('Not executed'))); } + $downtimeGroup = $downtime['id_group']; //If user have writting permissions - if ( check_acl ($config['id_user'], 0, "AW")) { + if ( in_array($downtimeGroup, $groupsAW) ){ if ($downtime['type_execution'] == 'once' && $downtime["executed"] == 1) { $data[7] .= '= '".date('d', strtotime($date_to))."')"; + $periodically_monthly_w = "type_periodicity = 'monthly' + AND ((periodically_day_from <= '".date('d', strtotime($date_from))."' AND periodically_day_to >= '".date('d', strtotime($date_to))."') + OR (periodically_day_from > periodically_day_to + AND (periodically_day_from <= '".date('d', strtotime($date_from))."' OR periodically_day_to >= '".date('d', strtotime($date_to))."')))"; $periodically_weekly_days = array(); $date_from_aux = strtotime($date_from); From 12334a3cd185541a78a79abb3fdecc4a38e77d67 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Diaz Date: Tue, 14 Jul 2015 16:15:04 +0200 Subject: [PATCH 05/11] Planned downtime list and edit changed. Ticket #2404 --- .../godmode/agentes/planned_downtime.editor.php | 11 ++++++++++- .../godmode/agentes/planned_downtime.list.php | 4 ++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/pandora_console/godmode/agentes/planned_downtime.editor.php b/pandora_console/godmode/agentes/planned_downtime.editor.php index 02dfa70f5a..c0ae46623a 100755 --- a/pandora_console/godmode/agentes/planned_downtime.editor.php +++ b/pandora_console/godmode/agentes/planned_downtime.editor.php @@ -557,6 +557,14 @@ if ($id_downtime > 0) { $filter_group = get_parameter("filter_group", 0); + $groupsAW = users_get_groups($config['id_user'], 'AW', true, false, null, 'id_grupo'); + $groupsAW = array_keys($groupsAW); + $id_groups_list = implode(",", $groupsAW); + + if (empty($id_groups_list)){ + $id_groups_list = -1; + } + $filter_cond = ''; if ($filter_group > 0) $filter_cond = " AND id_grupo = $filter_group "; @@ -569,7 +577,8 @@ if ($id_downtime > 0) { WHERE tplanned_downtime_agents.id_agent = tagente.id_agente AND tplanned_downtime_agents.id_downtime = %d ) AND disabled = 0 $filter_cond - ORDER by tagente.nombre", $id_downtime); + AND tagente.id_grupo IN (%s) + ORDER by tagente.nombre", $id_downtime, $id_groups_list); $downtimes = db_get_all_rows_sql ($sql); $data = array (); if ($downtimes) { diff --git a/pandora_console/godmode/agentes/planned_downtime.list.php b/pandora_console/godmode/agentes/planned_downtime.list.php index 347ad6b048..5d7794ec6f 100755 --- a/pandora_console/godmode/agentes/planned_downtime.list.php +++ b/pandora_console/godmode/agentes/planned_downtime.list.php @@ -447,6 +447,10 @@ else { $groupsAW = users_get_groups($config['id_user'], 'AW', true, false, null, 'id_grupo'); $groupsAW = array_keys($groupsAW); + if (empty($groupsAW)){ + $groupsAW = -1; + } + foreach ($downtimes as $downtime) { $data = array(); $total = db_get_sql ("SELECT COUNT(id_agent) From 52619f4e7c64995131245e9f94fe30b1a5aa9048 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Diaz Date: Tue, 14 Jul 2015 18:34:08 +0200 Subject: [PATCH 06/11] Planned downtime editor changed. Ticket #2404 --- .../godmode/agentes/planned_downtime.editor.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/pandora_console/godmode/agentes/planned_downtime.editor.php b/pandora_console/godmode/agentes/planned_downtime.editor.php index c0ae46623a..1945f6a7b1 100755 --- a/pandora_console/godmode/agentes/planned_downtime.editor.php +++ b/pandora_console/godmode/agentes/planned_downtime.editor.php @@ -81,8 +81,6 @@ $id_agent = (int) get_parameter ('id_agent'); $insert_downtime_agent = (int) get_parameter ('insert_downtime_agent'); $delete_downtime_agent = (int) get_parameter ('delete_downtime_agent'); -$groups = users_get_groups (); - // INSERT A NEW DOWNTIME_AGENT ASSOCIATION if ($insert_downtime_agent === 1) { $agents = (array) get_parameter ('id_agents'); @@ -356,10 +354,14 @@ if ($id_downtime > 0) { break; } + $groupsAW = users_get_groups($config['id_user'], 'AW', true, false, null, 'id_grupo'); + $groupsAW = array_keys($groupsAW); + $result = db_get_row_sql ($sql); $name = (string) $result["name"]; $id_group = (int) $result['id_group']; + $description = (string) $result["description"]; $type_downtime = (string) $result['type_downtime']; @@ -385,6 +387,13 @@ if ($id_downtime > 0) { $sunday = (bool) $result['sunday']; $executed = (bool) $result['executed']; + + if ( !in_array($id_group, $groupsAW) ){ + db_pandora_audit("ACL Violation", + "Trying to access downtime scheduler"); + require ("general/noaccess.php"); + return; + } } // when the planned down time is in execution, only action to postpone on once type is enabled and the other are disabled. From 970be457d679f7c4b4da5dee686ebb026699eb4f Mon Sep 17 00:00:00 2001 From: Alejandro Gallardo Escobar Date: Wed, 15 Jul 2015 18:39:47 +0200 Subject: [PATCH 07/11] Minos changes and improvements --- .../agentes/planned_downtime.export_csv.php | 172 +++++++----------- 1 file changed, 61 insertions(+), 111 deletions(-) diff --git a/pandora_console/godmode/agentes/planned_downtime.export_csv.php b/pandora_console/godmode/agentes/planned_downtime.export_csv.php index 0fb2bcd354..ea320fddc6 100644 --- a/pandora_console/godmode/agentes/planned_downtime.export_csv.php +++ b/pandora_console/godmode/agentes/planned_downtime.export_csv.php @@ -20,6 +20,7 @@ require_once ("../../include/functions.php"); require_once ("../../include/functions_db.php"); require_once ("../../include/functions_users.php"); require_once ("../../include/functions_groups.php"); +require_once ("../../include/functions_reporting.php"); $config["id_user"] = $_SESSION["id_usuario"]; if (! check_acl ($config['id_user'], 0, "AR")) { @@ -43,79 +44,81 @@ $module_name = !empty($module_id) ? (string) get_parameter('module_name') : ""; $separator = (string) get_parameter("separator", ";"); $items_separator = (string) get_parameter("items_separator", ","); -// SQL QUERY CREATION -$where_values = "1=1"; - $groups = users_get_groups(); -$groups_string = implode (",", array_keys ($groups)); -$where_values .= " AND id_group IN ($groups_string)"; +if (!empty($groups)) { + // SQL QUERY CREATION + $where_values = "1=1"; -if (!empty($search_text)) { - $where_values .= " AND (name LIKE '%$search_text%' OR description LIKE '%$search_text%')"; -} + $groups_string = implode (",", array_keys ($groups)); + $where_values .= " AND id_group IN ($groups_string)"; -if (!empty($execution_type)) { - $where_values .= " AND type_execution = '$execution_type'"; -} + if (!empty($search_text)) { + $where_values .= " AND (name LIKE '%$search_text%' OR description LIKE '%$search_text%')"; + } -if (!empty($date_from)) { - $where_values .= " AND (type_execution = 'periodically' OR (type_execution = 'once' AND date_from >= '".strtotime("$date_from 00:00:00")."'))"; -} + if (!empty($execution_type)) { + $where_values .= " AND type_execution = '$execution_type'"; + } -if (!empty($date_to)) { - $periodically_monthly_w = "type_periodicity = 'monthly' + if (!empty($date_from)) { + $where_values .= " AND (type_execution = 'periodically' OR (type_execution = 'once' AND date_from >= '".strtotime("$date_from 00:00:00")."'))"; + } + + if (!empty($date_to)) { + $periodically_monthly_w = "type_periodicity = 'monthly' AND ((periodically_day_from <= '".date('d', strtotime($date_from))."' AND periodically_day_to >= '".date('d', strtotime($date_to))."') OR (periodically_day_from > periodically_day_to AND (periodically_day_from <= '".date('d', strtotime($date_from))."' OR periodically_day_to >= '".date('d', strtotime($date_to))."')))"; - - $periodically_weekly_days = array(); - $date_from_aux = strtotime($date_from); - $date_end = strtotime($date_to); - $days_number = 0; - - while ($date_from_aux <= $date_end && $days_number < 7) { - $weekday_actual = strtolower(date('l', $date_from_aux)); - $periodically_weekly_days[] = "$weekday_actual = 1"; + $periodically_weekly_days = array(); + $date_from_aux = strtotime($date_from); + $date_end = strtotime($date_to); + $days_number = 0; - $date_from_aux = $date_from_aux + SECONDS_1DAY; - $days_number++; + while ($date_from_aux <= $date_end && $days_number < 7) { + $weekday_actual = strtolower(date('l', $date_from_aux)); + + $periodically_weekly_days[] = "$weekday_actual = 1"; + + $date_from_aux = $date_from_aux + SECONDS_1DAY; + $days_number++; + } + + $periodically_weekly_w = "type_periodicity = 'weekly' AND (".implode(" OR ", $periodically_weekly_days).")"; + + $periodically_w = "type_execution = 'periodically' AND (($periodically_monthly_w) OR ($periodically_weekly_w))"; + + $once_w = "type_execution = 'once' AND date_to <= '".strtotime("$date_to 23:59:59")."'"; + + $where_values .= " AND (($periodically_w) OR ($once_w))"; } - $periodically_weekly_w = "type_periodicity = 'weekly' AND (".implode(" OR ", $periodically_weekly_days).")"; - - $periodically_w = "type_execution = 'periodically' AND (($periodically_monthly_w) OR ($periodically_weekly_w))"; - - $once_w = "type_execution = 'once' AND date_to <= '".strtotime("$date_to 23:59:59")."'"; - - $where_values .= " AND (($periodically_w) OR ($once_w))"; -} + if (!$show_archived) { + $where_values .= " AND (type_execution = 'periodically' OR (type_execution = 'once' AND date_to >= '".time()."'))"; + } -if (!$show_archived) { - $where_values .= " AND (type_execution = 'periodically' OR (type_execution = 'once' AND date_to >= '".time()."'))"; -} + if (!empty($agent_id)) { + $where_values .= " AND id IN (SELECT id_downtime FROM tplanned_downtime_agents WHERE id_agent = $agent_id)"; + } -if (!empty($agent_id)) { - $where_values .= " AND id IN (SELECT id_downtime FROM tplanned_downtime_agents WHERE id_agent = $agent_id)"; -} + if (!empty($module_id)) { + $where_values .= " AND (id IN (SELECT id_downtime + FROM tplanned_downtime_modules + WHERE id_agent_module = $module_id) + OR id IN (SELECT id_downtime + FROM tplanned_downtime_agents tpda, tagente_modulo tam + WHERE tpda.id_agent = tam.id_agente + AND tam.id_agente_modulo = $module_id + AND tpda.all_modules = 1))"; + } -if (!empty($module_id)) { - $where_values .= " AND (id IN (SELECT id_downtime - FROM tplanned_downtime_modules - WHERE id_agent_module = $module_id) - OR id IN (SELECT id_downtime - FROM tplanned_downtime_agents tpda, tagente_modulo tam - WHERE tpda.id_agent = tam.id_agente - AND tam.id_agente_modulo = $module_id - AND tpda.all_modules = 1))"; + $sql = "SELECT * + FROM tplanned_downtime + WHERE $where_values + ORDER BY type_execution DESC, date_from DESC"; + $downtimes = @db_get_all_rows_sql($sql); } -$sql = "SELECT * - FROM tplanned_downtime - WHERE $where_values - ORDER BY type_execution DESC, date_from DESC"; -$downtimes = @db_get_all_rows_sql($sql); - if (!empty($downtimes)) { ob_clean(); // Show contentype header @@ -142,61 +145,8 @@ if (!empty($downtimes)) { $group = ucfirst(io_safe_output(groups_get_name($downtime['id_group']))); $type = ucfirst(io_safe_output($downtime['type_downtime'])); $execution_type = ucfirst(io_safe_output($downtime['type_execution'])); - - switch ($downtime['type_execution']) { - case 'once': - $execution_date = date ("Y-m-d H:i", $downtime['date_from']) . - " " . __('to') . " ". - date ("Y-m-d H:i", $downtime['date_to']); - break; - case 'periodically': - switch ($downtime['type_periodicity']) { - case 'weekly': - $execution_date = __('Weekly:'); - $execution_date .= " "; - if ($downtime['monday']) { - $execution_date .= __('Mon'); - $execution_date .= " "; - } - if ($downtime['tuesday']) { - $execution_date .= __('Tue'); - $execution_date .= " "; - } - if ($downtime['wednesday']) { - $execution_date .= __('Wed'); - $execution_date .= " "; - } - if ($downtime['thursday']) { - $execution_date .= __('Thu'); - $execution_date .= " "; - } - if ($downtime['friday']) { - $execution_date .= __('Fri'); - $execution_date .= " "; - } - if ($downtime['saturday']) { - $execution_date .= __('Sat'); - $execution_date .= " "; - } - if ($downtime['sunday']) { - $execution_date .= __('Sun'); - $execution_date .= " "; - } - $execution_date .= " (" . $downtime['periodically_time_from']; - $execution_date .= "-" . $downtime['periodically_time_to'] . ")"; - break; - case 'monthly': - $execution_date = __('Monthly:'); - $execution_date .= __('From day') . " " . $downtime['periodically_day_from']; - $execution_date .= "/" . __('To day') . " "; - $execution_date .= $downtime['periodically_day_to']; - $execution_date .= " (" . $downtime['periodically_time_from']; - $execution_date .= "-" . $downtime['periodically_time_to'] . ")"; - break; - } - break; - } - $execution_date = io_safe_output($execution_date); + + $execution_date = io_safe_output(reporting_format_planned_downtime_dates($downtime)); $affected_items = array(); From e8d68739b73e515703d3d4609d66dd05775ccf43 Mon Sep 17 00:00:00 2001 From: Alejandro Gallardo Escobar Date: Wed, 15 Jul 2015 18:41:58 +0200 Subject: [PATCH 08/11] Added a function to stop a planned downtime (once type) and recover the agent and modules status --- .../include/functions_planned_downtimes.php | 138 +++++++++++++++++- 1 file changed, 137 insertions(+), 1 deletion(-) diff --git a/pandora_console/include/functions_planned_downtimes.php b/pandora_console/include/functions_planned_downtimes.php index a4476651b6..b377c630d5 100644 --- a/pandora_console/include/functions_planned_downtimes.php +++ b/pandora_console/include/functions_planned_downtimes.php @@ -25,7 +25,7 @@ global $config; /** * Include the usual functions */ -// require_once($config["homedir"] . "/include/functions.php"); +require_once($config["homedir"] . "/include/functions_ui.php"); // enterprise_include_once('include/functions_inventory.php'); function planned_downtimes_check_dates ($type_execution = 'once', $type_periodicity = '', $datetime_from = false, $datetime_to = false, $periodically_time_from = false, $periodically_time_to = false, $periodically_day_from = false, $periodically_day_to = false) { @@ -518,4 +518,140 @@ function planned_downtimes_migrate_malformed_downtimes_copy_items ($original_dow return $new_planned_downtimes_exists; } +/** + * Stop a planned downtime. + * + * @param array Planned downtime data. + * + * @return mixes False on error or an array with the result and a message of the operation. + */ +function planned_downtimes_stop ($downtime) { + $result = false; + $message = ''; + + if (empty($downtime)) + return false; + + switch ($downtime['type_execution']) { + case 'once': + $values = array( + 'executed' => 0, + 'date_to' => time() + ); + + $result = db_process_sql_update('tplanned_downtime', + $values, array ('id' => $id_downtime)); + break; + case 'periodically': + return false; + break; + } + + $message .= ui_print_result_message($result, + __('Succesful stopped the Downtime'), + __('Unsuccesful stopped the Downtime'), + true); + + if ($result) { + events_create_event ("Manual stop downtime ". + $downtime['name'] . " (" . $downtime['id'] . ") by " . + $config['id_user'], 0, 0, EVENT_STATUS_NEW, $config["id_user"], + "system", 1); + db_pandora_audit("Planned Downtime management", + "Manual stop downtime " . $downtime['name'] . " (ID " . $downtime['id'] . ")", + false, true); + + //Reenabled the Agents or Modules or alerts...depends of type + switch ($downtime['type_downtime']) { + case 'quiet': + $agents = db_get_all_rows_filter( + 'tplanned_downtime_agents', + array('id_downtime' => $id_downtime)); + if (empty($agents)) + $agents = array(); + + $count = 0; + foreach ($agents as $agent) { + if ($agent['all_modules']) { + $result = db_process_sql_update('tagente', + array('quiet' => 0), + array('id_agente' => $agent['id_agent'])); + + if ($result) + $count++; + } + else { + $modules = db_get_all_rows_filter( + 'tplanned_downtime_modules', + array('id_agent' => $agent['id_agent'], + 'id_downtime' => $id_downtime)); + if (empty($modules)) + $modules = array(); + + foreach ($modules as $module) { + $result = db_process_sql_update( + 'tagente_modulo', + array('quiet' => 0), + array('id_agente_modulo' => + $module['id_agent_module'])); + + if ($result) + $count++; + } + } + } + break; + case 'disable_agents': + $agents = db_get_all_rows_filter( + 'tplanned_downtime_agents', + array('id_downtime' => $id_downtime)); + if (empty($agents)) + $agents = array(); + + $count = 0; + foreach ($agents as $agent) { + $result = db_process_sql_update('tagente', + array('disabled' => 0), + array('id_agente' => $agent['id_agent'])); + + if ($result) + $count++; + } + break; + case 'disable_agents_alerts': + $agents = db_get_all_rows_filter( + 'tplanned_downtime_agents', + array('id_downtime' => $id_downtime)); + if (empty($agents)) + $agents = array(); + + $count = 0; + foreach ($agents as $agent) { + $modules = db_get_all_rows_filter( + 'tagente_modulo', + array('id_agente' => $agent['id_agent'])); + if (empty($modules)) + $modules = array(); + + foreach ($modules as $module) { + $result = db_process_sql_update( + 'talert_template_modules', + array('disabled' => 0), + array('id_agent_module' => + $module['id_agente_modulo'])); + + if ($result) + $count++; + } + } + break; + } + + $message .= ui_print_info_message( + sprintf(__('Enabled %s elements from the downtime'), $count), true); + } + + return array('result' => $result, 'message' => $message); +} + ?> \ No newline at end of file From 95d0794ae0c537dfa7301e93fbb9eace37b5f99e Mon Sep 17 00:00:00 2001 From: Alejandro Gallardo Escobar Date: Wed, 15 Jul 2015 18:47:58 +0200 Subject: [PATCH 09/11] Fixed syntax and ACL errors and improved some pieces of code Some of the ACL checks added are: -Permission check before stopping. -Running check before deleting. -Permission check before deleting. -Permission check before adding specific table columns. --- .../godmode/agentes/planned_downtime.list.php | 375 ++++++------------ 1 file changed, 116 insertions(+), 259 deletions(-) diff --git a/pandora_console/godmode/agentes/planned_downtime.list.php b/pandora_console/godmode/agentes/planned_downtime.list.php index 5d7794ec6f..592850167a 100755 --- a/pandora_console/godmode/agentes/planned_downtime.list.php +++ b/pandora_console/godmode/agentes/planned_downtime.list.php @@ -18,7 +18,10 @@ global $config; check_login(); -if (! check_acl ($config['id_user'], 0, "AR")) { +$read_permisson = check_acl ($config['id_user'], 0, "AR"); +$write_permisson = check_acl ($config['id_user'], 0, "AW"); + +if (! $read_permisson) { db_pandora_audit("ACL Violation", "Trying to access downtime scheduler"); require ("general/noaccess.php"); @@ -28,6 +31,7 @@ if (! check_acl ($config['id_user'], 0, "AR")) { require_once ('include/functions_users.php'); require_once ('include/functions_events.php'); require_once ('include/functions_planned_downtimes.php'); +require_once ('include/functions_reporting.php'); $malformed_downtimes = planned_downtimes_get_malformed(); $malformed_downtimes_exist = !empty($malformed_downtimes) ? true : false; @@ -52,7 +56,6 @@ ui_print_page_header( true, ""); -$delete_downtime = (int) get_parameter ('delete_downtime'); $id_downtime = (int) get_parameter ('id_downtime', 0); $stop_downtime = (bool) get_parameter ('stop_downtime'); @@ -60,138 +63,47 @@ $stop_downtime = (bool) get_parameter ('stop_downtime'); if ($stop_downtime) { $downtime = db_get_row('tplanned_downtime', 'id', $id_downtime); - switch ($downtime['type_execution']) { - case 'once': - $date_stop = date ("Y-m-j", get_system_time ()); - $time_stop = date ("h:iA", get_system_time ()); - - $values = array( - 'executed' => 0, - 'date_to' => strtotime($date_stop . ' ' . $time_stop) - ); - - $result = db_process_sql_update('tplanned_downtime', - $values, array ('id' => $id_downtime)); - break; - case 'periodically': - break; + // Check AW permission on the downtime + if (empty($downtime) || ! check_acl ($config['id_user'], $downtime['id_group'], "AW")) { + db_pandora_audit("ACL Violation", + "Trying to access downtime scheduler"); + require ("general/noaccess.php"); + return; } - ui_print_result_message($result, - __('Succesful stopped the Downtime'), - __('Unsuccesful stopped the Downtime')); + $result = planned_downtimes_stop($downtime); - if ($result) { - events_create_event ("Manual stop downtime ". - $downtime['name'] . " (" . $downtime['id'] . ") by " . - $config['id_user'], 0, 0, EVENT_STATUS_NEW, $config["id_user"], - "system", 1); - db_pandora_audit("Planned Downtime management", - "Manual stop downtime " . $downtime['name'] . " (ID " . $downtime['id'] . ")", - false, true); - - //Reenabled the Agents or Modules or alerts...depends of type - $downtime = db_get_row('tplanned_downtime', 'id', $id_downtime); - - switch ($downtime['type_downtime']) { - case 'quiet': - $agents = db_get_all_rows_filter( - 'tplanned_downtime_agents', - array('id_downtime' => $id_downtime)); - if (empty($agents)) - $agents = array(); - - $count = 0; - foreach ($agents as $agent) { - if ($agent['all_modules']) { - $result = db_process_sql_update('tagente', - array('quiet' => 0), - array('id_agente' => $agent['id_agent'])); - - if ($result) - $count++; - } - else { - $modules = db_get_all_rows_filter( - 'tplanned_downtime_modules', - array('id_agent' => $agent['id_agent'], - 'id_downtime' => $id_downtime)); - if (empty($modules)) - $modules = array(); - - foreach ($modules as $module) { - $result = db_process_sql_update( - 'tagente_modulo', - array('quiet' => 0), - array('id_agente_modulo' => - $module['id_agent_module'])); - - if ($result) - $count++; - } - } - } - break; - case 'disable_agents': - $agents = db_get_all_rows_filter( - 'tplanned_downtime_agents', - array('id_downtime' => $id_downtime)); - if (empty($agents)) - $agents = array(); - - $count = 0; - foreach ($agents as $agent) { - $result = db_process_sql_update('tagente', - array('disabled' => 0), - array('id_agente' => $agent['id_agent'])); - - if ($result) - $count++; - } - break; - case 'disable_agents_alerts': - $agents = db_get_all_rows_filter( - 'tplanned_downtime_agents', - array('id_downtime' => $id_downtime)); - if (empty($agents)) - $agents = array(); - - $count = 0; - foreach ($agents as $agent) { - $modules = db_get_all_rows_filter( - 'tagente_modulo', - array('id_agente' => $agent['id_agent'])); - if (empty($modules)) - $modules = array(); - - foreach ($modules as $module) { - $result = db_process_sql_update( - 'talert_template_modules', - array('disabled' => 0), - array('id_agent_module' => - $module['id_agente_modulo'])); - - if ($result) - $count++; - } - } - break; - } - - ui_print_info_message( - sprintf(__('Enabled %s elements from the downtime'), $count)); + if ($result === false) { + ui_print_error_message(__('An error occurred stopping the planned downtime')); + } + else { + echo $result['message']; } } +$delete_downtime = (int) get_parameter ('delete_downtime'); // DELETE WHOLE DOWNTIME! if ($delete_downtime) { - $result = db_process_sql_delete('tplanned_downtime', array('id' => $id_downtime)); + $downtime = db_get_row('tplanned_downtime', 'id', $id_downtime); - if ($result === false) { - ui_print_error_message(__('Not deleted. Error deleting data')); + // Check AW permission on the downtime + if (empty($downtime) || ! check_acl ($config['id_user'], $downtime['id_group'], "AW")) { + db_pandora_audit("ACL Violation", + "Trying to access downtime scheduler"); + require ("general/noaccess.php"); + return; + } + + // The downtime shouldn't be running!! + if ($downtime['executed']) { + ui_print_error_message(__('This planned downtime is running')); } else { - ui_print_success_message(__('Successfully deleted')); + $result = db_process_sql_delete('tplanned_downtime', array('id' => $id_downtime)); + + ui_print_result_message($result, + __('Successfully deleted'), + __('Not deleted. Error deleting data')); } } @@ -263,31 +175,7 @@ $row[] = __('Module') . ' ' . html_print_autocomplete_modules('module_name' $row[] = html_print_submit_button('Search', 'search', false, 'class="sub search"', true); $table_form->data[] = $row; - - -// View available downtimes present in database (if any of them) -$table = new StdClass(); -$table->class = 'databox data'; -//Start Overview of existing planned downtime -$table->width = '100%'; -$table->cellstyle = array(); -$table->data = array(); -$table->head = array(); -$table->head[0] = __('Name #Ag.'); -$table->head[1] = __('Description'); -$table->head[2] = __('Group'); -$table->head[3] = __('Type'); -$table->head[4] = __('Execution'); -$table->head[5] = __('Configuration'); -$table->head[6] = __('Running'); -$table->head[7] = __('Stop downtime'); -$table->head[8] = __('Edit'); -$table->head[9] = __('Delete'); -$table->align[2] = "center"; -$table->align[6] = "center"; -$table->align[7] = "center"; -$table->align[8] = "center"; -$table->align[9] = "center"; +// End of table filter $groups = users_get_groups (); if (!empty($groups)) { @@ -443,149 +331,115 @@ else { echo ""; ui_pagination($downtimes_number, "index.php?sec=estado&sec2=godmode/agentes/planned_downtime.list&$filter_params_str", $offset); - - $groupsAW = users_get_groups($config['id_user'], 'AW', true, false, null, 'id_grupo'); + + // User groups with AW permission + $groupsAW = users_get_groups($config['id_user'], 'AW'); $groupsAW = array_keys($groupsAW); - - if (empty($groupsAW)){ - $groupsAW = -1; + + // View available downtimes present in database (if any of them) + $table = new StdClass(); + $table->class = 'databox data'; + $table->width = '100%'; + $table->cellstyle = array(); + + $table->head = array(); + $table->head['name'] = __('Name #Ag.'); + $table->head['description'] = __('Description'); + $table->head['group'] = __('Group'); + $table->head['type'] = __('Type'); + $table->head['execution'] = __('Execution'); + $table->head['configuration'] = __('Configuration'); + $table->head['running'] = __('Running'); + + if ($write_permisson) { + $table->head['stop'] = __('Stop downtime'); + $table->head['edit'] = __('Edit'); + $table->head['delete'] = __('Delete'); } - + + $table->align = array(); + $table->align['group'] = "center"; + $table->align['running'] = "center"; + + if ($write_permisson) { + $table->align['stop'] = "center"; + $table->align['edit'] = "center"; + $table->align['delete'] = "center"; + } + + $table->data = array(); + foreach ($downtimes as $downtime) { $data = array(); $total = db_get_sql ("SELECT COUNT(id_agent) FROM tplanned_downtime_agents WHERE id_downtime = ".$downtime["id"]); - $data[0] = $downtime['name']. " ($total)"; - $data[1] = $downtime['description']; - $data[2] = ui_print_group_icon ($downtime['id_group'], true); + $data['name'] = $downtime['name']. " ($total)"; + $data['description'] = $downtime['description']; + $data['group'] = ui_print_group_icon ($downtime['id_group'], true); $type_text = array('quiet' => __('Quiet'), 'disable_agents' => __('Disabled Agents'), 'disable_agents_alerts' => __('Disabled only Alerts')); - $data[3] = $type_text[$downtime['type_downtime']]; + $data['type'] = $type_text[$downtime['type_downtime']]; $execution_text = array('once' => __('once'), 'periodically' => __('Periodically')); - $data[4] = $execution_text[$downtime['type_execution']]; + $data['execution'] = $execution_text[$downtime['type_execution']]; - switch ($downtime['type_execution']) { - case 'once': - $data[5] = date ("Y-m-d H:i:s", $downtime['date_from']) . - " " . __('to') . " ". - date ("Y-m-d H:i:s", $downtime['date_to']); - break; - case 'periodically': - switch ($downtime['type_periodicity']) { - case 'weekly': - $data[5] = __('Weekly:'); - $data[5] .= " "; - if ($downtime['monday']) { - $data[5] .= __('Mon'); - $data[5] .= " "; - } - if ($downtime['tuesday']) { - $data[5] .= __('Tue'); - $data[5] .= " "; - } - if ($downtime['wednesday']) { - $data[5] .= __('Wed'); - $data[5] .= " "; - } - if ($downtime['thursday']) { - $data[5] .= __('Thu'); - $data[5] .= " "; - } - if ($downtime['friday']) { - $data[5] .= __('Fri'); - $data[5] .= " "; - } - if ($downtime['saturday']) { - $data[5] .= __('Sat'); - $data[5] .= " "; - } - if ($downtime['sunday']) { - $data[5] .= __('Sun'); - $data[5] .= " "; - } - $data[5] .= " (" . $downtime['periodically_time_from']; - $data[5] .= "-" . $downtime['periodically_time_to'] . ")"; - break; - case 'monthly': - $data[5] = __('Monthly:'); - $data[5] .= __('From day') . " " . $downtime['periodically_day_from']; - $data[5] .= "/" . __('To day') . " "; - $data[5] .= $downtime['periodically_day_to']; - $data[5] .= " (" . $downtime['periodically_time_from']; - $data[5] .= "-" . $downtime['periodically_time_to'] . ")"; - break; - } - break; - } + $data['configuration'] = reporting_format_planned_downtime_dates($downtime); if ($downtime["executed"] == 0) { - $data[6] = html_print_image ("images/pixel_red.png", true, - array ('width' => 20, 'height' => 20, 'alt' => __('Executed'))); + $data['running'] = html_print_image ("images/pixel_red.png", true, + array ('width' => 20, 'height' => 20, 'title' => __('Not running'))); } else { - $data[6] = html_print_image ("images/pixel_green.png", true, - array ('width' => 20, 'height' => 20, 'alt' => __('Not executed'))); + $data['running'] = html_print_image ("images/pixel_green.png", true, + array ('width' => 20, 'height' => 20, 'title' => __('Running'))); } - $downtimeGroup = $downtime['id_group']; - //If user have writting permissions - if ( in_array($downtimeGroup, $groupsAW) ){ + // If user have writting permissions + if (in_array($downtime['id_group'], $groupsAW)) { + // Stop button if ($downtime['type_execution'] == 'once' && $downtime["executed"] == 1) { - $data[7] .= '' . - html_print_image("images/cancel.png", true, array("border" => '0', "alt" => __('Stop downtime'))); + html_print_image("images/cancel.png", true, array("title" => __('Stop downtime'))); } else { - $data[7] = ""; + $data['stop'] = ""; } + // Edit & delete buttons if ($downtime["executed"] == 0) { - $data[8] = '' . - html_print_image("images/config.png", true, array("border" => '0', "alt" => __('Update'))) . ''; - if (check_acl ($config['id_user'], 0, "AW")) { - $data[9] = '' . - html_print_image("images/cross.png", true, array("border" => '0', "alt" => __('Delete'))); - } + // Edit + $data['edit'] = '' . + html_print_image("images/config.png", true, array("title" => __('Update'))) . ''; + // Delete + $data['delete'] = '' . + html_print_image("images/cross.png", true, array("title" => __('Delete'))); } - elseif ($downtime["executed"] == 1 - && $downtime['type_execution'] == 'once') { - - $data[8] = '' . - html_print_image("images/config.png", true, array("border" => '0', "alt" => __('Update'))) . ''; - $data[9]= "N/A"; + else if ($downtime["executed"] == 1 && $downtime['type_execution'] == 'once') { + // Edit + $data['edit'] = '' . + html_print_image("images/config.png", true, array("title" => __('Update'))) . ''; + // Delete + $data['delete']= __('N/A'); } else { - $data[8]= "N/A"; - $data[9]= "N/A"; + $data['edit']= ''; + $data['delete']= ''; } } - else{ - if ($downtime['type_execution'] == 'once' && $downtime["executed"] == 1) { - $data[7] .= ''; - } - } - elseif ($downtime["executed"] == 1 - && $downtime['type_execution'] == 'once') { - - if ($downtime["executed"] == 0) { - $data[8] = ''; - $data[9] = ''; - } - elseif ($downtime["executed"] == 1 && $downtime['type_execution'] == 'once') { - $data[8] = ''; - $data[9]= ''; - } + else { + $data['stop'] = ''; + $data['edit'] = ''; + $data['delete'] = ''; } if (!empty($malformed_downtimes_exist) && isset($malformed_downtimes[$downtime['id']])) { @@ -599,25 +453,28 @@ else { array_push ($table->data, $data); } + html_print_table ($table); echo '
'; echo '
'; + // CSV export button echo '
'; html_print_button(__('Export to CSV'), 'csv_export', false, "location.href='godmode/agentes/planned_downtime.export_csv.php?$filter_params_str'", 'class="sub next"'); echo '
'; - echo ' '; - if (check_acl ($config['id_user'], 0, "AW")) { + + // Create button + if ($write_permisson) { + echo ' '; echo '
'; html_print_submit_button (__('Create'), 'create', false, 'class="sub next"'); + echo '
'; } - echo ''; + echo '
'; } - - ui_require_jquery_file("ui.datepicker-" . get_user_language(), "include/javascript/i18n/"); ?> From cbd4b60aca965bfd8a05b8c07df2ee7907cf4331 Mon Sep 17 00:00:00 2001 From: Alejandro Gallardo Escobar Date: Thu, 16 Jul 2015 13:27:11 +0200 Subject: [PATCH 10/11] Fixed an error in the function 'extract_column' --- pandora_console/include/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index ef73eca18c..efba4b030d 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -2457,7 +2457,7 @@ function array2XML($data, $root = null, $xml = NULL) { function extract_column ($array, $column) { $column_is_arr = is_array($column); - return array_map(function($item) { + return array_map(function($item) use ($column_is_arr, $column) { if ($column_is_arr) { return array_reduce($column, function($carry, $col) use ($item) { $carry[$col] = $item[$col]; From 4d43033d466fd9ba52594162c9aa24fd7dce8e91 Mon Sep 17 00:00:00 2001 From: Alejandro Gallardo Escobar Date: Thu, 16 Jul 2015 13:53:57 +0200 Subject: [PATCH 11/11] Fixed some general and ACL errors and improved some pieces of code Downtime editor. Some of the ACL checks added are: -Permission check on downtime before adding an agent -Permission check on agent before adding an agent -Permission check on downtime before deleting an agent -Permission check on agent before deleting an agent -Permission check on downtime before creating or updating the downtime -Removed the ACL check for every result item (it is done before, into the query) -Permission check on the query for the agents added to the downtime Downtime editor ajax. Some of the ACL checks added are: -Permission check on downtime before retrieving the modules -Permission check on agent before retrieving the modules -Permission check on downtime before deleting the modules -Permission check on agent before deleting the modules -Permission check on downtime before adding the modules -Permission check on agent before adding the modules --- .../agentes/planned_downtime.editor.php | 281 +++++++++++------- .../include/ajax/planned_downtime.ajax.php | 172 +++++++---- 2 files changed, 293 insertions(+), 160 deletions(-) diff --git a/pandora_console/godmode/agentes/planned_downtime.editor.php b/pandora_console/godmode/agentes/planned_downtime.editor.php index 1945f6a7b1..e78088e7b0 100755 --- a/pandora_console/godmode/agentes/planned_downtime.editor.php +++ b/pandora_console/godmode/agentes/planned_downtime.editor.php @@ -25,7 +25,8 @@ if (! check_acl ($config['id_user'], 0, "AW")) { return; } -$config["past_planned_downtimes"] = isset($config["past_planned_downtimes"]) ? $config["past_planned_downtimes"] : 1; +// Default +set_unless_defined ($config["past_planned_downtimes"], 1); require_once ('include/functions_users.php'); @@ -81,43 +82,59 @@ $id_agent = (int) get_parameter ('id_agent'); $insert_downtime_agent = (int) get_parameter ('insert_downtime_agent'); $delete_downtime_agent = (int) get_parameter ('delete_downtime_agent'); +// User groups with AW permission for ACL checks +$user_groups_aw = array_keys(users_get_groups($config['id_user'], 'AW')); + // INSERT A NEW DOWNTIME_AGENT ASSOCIATION if ($insert_downtime_agent === 1) { + + // Check AW permission on downtime + $downtime_group = db_get_value('id_group', 'tplanned_downtime', 'id', $id_downtime); + + if ($downtime_group === false || !in_array($downtime_group, $user_groups_aw)) { + db_pandora_audit("ACL Violation", + "Trying to access downtime scheduler"); + require ("general/noaccess.php"); + return; + } + $agents = (array) get_parameter ('id_agents'); $module_names = (array) get_parameter ('module'); - $all_modules = false; - if (empty($module_names)) { - $all_modules = true; - } - else { - //It is empty. - if ($module_names[0] == "0") - $all_modules = true; - } + $all_modules = (empty($module_names) || in_array(0, $module_names)); - $executed = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime); - if ($executed == 1) { + // 'Is running' check + $is_running = (bool) db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime); + if ($is_running) { ui_print_error_message(__("This elements cannot be modified while the downtime is being executed")); } else { - $num_agents = count($agents); - for ($a = 0; $a < $num_agents; $a++) { - $id_agente_dt = $agents[$a]; + foreach ($agents as $agent_id) { + + // Check AW permission on agent + $agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $agent_id); + + if ($agent_group === false || !in_array($agent_group, $user_groups_aw)) { + continue; + } $values = array( 'id_downtime' => $id_downtime, - 'id_agent' => $id_agente_dt, + 'id_agent' => $agent_id, 'all_modules' => $all_modules ); - $result = db_process_sql_insert('tplanned_downtime_agents', $values); + if ($result && !$all_modules) { foreach ($module_names as $module_name) { - $module = modules_get_agentmodule_id($module_name, $id_agente_dt); + $module = modules_get_agentmodule_id($module_name, $agent_id); + + if (empty($module)) + continue; + $values = array( 'id_downtime' => $id_downtime, - 'id_agent' => $id_agente_dt, + 'id_agent' => $agent_id, 'id_agent_module' => $module["id_agente_modulo"] ); $result = db_process_sql_insert('tplanned_downtime_modules', $values); @@ -138,8 +155,29 @@ if ($delete_downtime_agent === 1) { $id_da = (int) get_parameter ('id_downtime_agent'); - $executed = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime); - if ($executed == 1) { + // Check AW permission on downtime + $downtime_group = db_get_value('id_group', 'tplanned_downtime', 'id', $id_downtime); + + if ($downtime_group === false || !in_array($downtime_group, $user_groups_aw)) { + db_pandora_audit("ACL Violation", + "Trying to access downtime scheduler"); + require ("general/noaccess.php"); + return; + } + + // Check AW permission on agent + $agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $id_agent); + + if ($agent_group === false || !in_array($agent_group, $user_groups_aw)) { + db_pandora_audit("ACL Violation", + "Trying to access downtime scheduler"); + require ("general/noaccess.php"); + return; + } + + // 'Is running' check + $is_running = (bool) db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime); + if ($is_running) { ui_print_error_message(__("This elements cannot be modified while the downtime is being executed")); } else { @@ -158,11 +196,11 @@ if ($delete_downtime_agent === 1) { // UPDATE OR CREATE A DOWNTIME (MAIN DATA, NOT AGENT ASSOCIATION) if ($create_downtime || $update_downtime) { - $check = db_get_value ('name', 'tplanned_downtime', 'name', $name); + $check = (bool) db_get_value ('name', 'tplanned_downtime', 'name', $name); $datetime_from = strtotime ($once_date_from . ' ' . $once_time_from); $datetime_to = strtotime ($once_date_to . ' ' . $once_time_to); - $now = strtotime(date(DATE_FORMAT). ' ' . date(TIME_FORMAT)); + $now = time(); if ($type_execution == 'once' && !$config["past_planned_downtimes"] && $datetime_from < $now) { ui_print_error_message(__('Not created. Error inserting data. Start time must be higher than the current time' )); @@ -184,6 +222,15 @@ if ($create_downtime || $update_downtime) { else { $sql = ''; if ($create_downtime) { + + // Check AW permission on new downtime + if (!in_array($id_group, $user_groups_aw)) { + db_pandora_audit("ACL Violation", + "Trying to access downtime scheduler"); + require ("general/noaccess.php"); + return; + } + if (trim(io_safe_output($name)) != '') { if (!$check) { $values = array( @@ -228,44 +275,65 @@ if ($create_downtime || $update_downtime) { } } else if ($update_downtime) { - $has_been_executed = db_get_value ('executed', 'tplanned_downtime', 'name', $name); + $old_downtime = db_get_row('tplanned_downtime', 'id', $id_downtime); + + // Check AW permission on OLD downtime + if (empty($old_downtime) || !in_array($old_downtime['id_group'], $user_groups_aw)) { + db_pandora_audit("ACL Violation", + "Trying to access downtime scheduler"); + require ("general/noaccess.php"); + return; + } + + // Check AW permission on NEW downtime group + if (!in_array($id_group, $user_groups_aw)) { + db_pandora_audit("ACL Violation", + "Trying to access downtime scheduler"); + require ("general/noaccess.php"); + return; + } + + // 'Is running' check + $is_running = (bool) $old_downtime['executed']; + $values = array(); if (trim(io_safe_output($name)) == '') { ui_print_error_message(__('Planned downtime must have a name')); } - else if ($has_been_executed == 1 && $type_execution == 'once') { + // When running only certain items can be modified for the 'once' type + else if ($is_running && $type_execution == 'once') { $values = array( 'description' => $description, 'date_to' => $datetime_to, 'id_user' => $config['id_user'] ); } - else if ($has_been_executed == 1) { - ui_print_error_message(__('No updates. Planned Downtime has been executed')); + else if ($is_running) { + ui_print_error_message(__('Cannot be modified while the downtime is being executed')); } else { $values = array( - 'name' => $name, - 'description' => $description, - 'date_from' => $datetime_from, - 'date_to' => $datetime_to, - 'id_group' => $id_group, - 'only_alerts' => 0, - 'monday' => $monday, - 'tuesday' => $tuesday, - 'wednesday' => $wednesday, - 'thursday' => $thursday, - 'friday' => $friday, - 'saturday' => $saturday, - 'sunday' => $sunday, - 'periodically_time_from' => $periodically_time_from, - 'periodically_time_to' => $periodically_time_to, - 'periodically_day_from' => $periodically_day_from, - 'periodically_day_to' => $periodically_day_to, - 'type_downtime' => $type_downtime, - 'type_execution' => $type_execution, - 'type_periodicity' => $type_periodicity, - 'id_user' => $config['id_user'] + 'name' => $name, + 'description' => $description, + 'date_from' => $datetime_from, + 'date_to' => $datetime_to, + 'id_group' => $id_group, + 'only_alerts' => 0, + 'monday' => $monday, + 'tuesday' => $tuesday, + 'wednesday' => $wednesday, + 'thursday' => $thursday, + 'friday' => $friday, + 'saturday' => $saturday, + 'sunday' => $sunday, + 'periodically_time_from' => $periodically_time_from, + 'periodically_time_to' => $periodically_time_to, + 'periodically_day_from' => $periodically_day_from, + 'periodically_day_to' => $periodically_day_to, + 'type_downtime' => $type_downtime, + 'type_execution' => $type_execution, + 'type_periodicity' => $type_periodicity, + 'id_user' => $config['id_user'] ); if ($config["dbtype"] == 'oracle') { $values['periodically_time_from'] = '1970/01/01 ' . $values['periodically_time_from']; @@ -354,11 +422,16 @@ if ($id_downtime > 0) { break; } - $groupsAW = users_get_groups($config['id_user'], 'AW', true, false, null, 'id_grupo'); - $groupsAW = array_keys($groupsAW); - $result = db_get_row_sql ($sql); + // Permission check for the downtime with the AW user groups + if (empty($result) || !in_array($result['id_group'], $user_groups_aw) ){ + db_pandora_audit("ACL Violation", + "Trying to access downtime scheduler"); + require ("general/noaccess.php"); + return; + } + $name = (string) $result["name"]; $id_group = (int) $result['id_group']; @@ -386,18 +459,11 @@ if ($id_downtime > 0) { $saturday = (bool) $result['saturday']; $sunday = (bool) $result['sunday']; - $executed = (bool) $result['executed']; - - if ( !in_array($id_group, $groupsAW) ){ - db_pandora_audit("ACL Violation", - "Trying to access downtime scheduler"); - require ("general/noaccess.php"); - return; - } + $running = (bool) $result['executed']; } -// when the planned down time is in execution, only action to postpone on once type is enabled and the other are disabled. -$disabled_in_execution = $executed ? 1 : 0; +// when the planned downtime is in execution, only action to postpone on once type is enabled and the other are disabled. +$disabled_in_execution = (int) $running; $table = new StdClass(); $table->class = 'databox filters'; @@ -564,42 +630,42 @@ if ($id_downtime > 0) { // Show available agents to include into downtime echo '

' . __('Available agents') . ':

'; - $filter_group = get_parameter("filter_group", 0); + $filter_group = (int) get_parameter("filter_group", 0); - $groupsAW = users_get_groups($config['id_user'], 'AW', true, false, null, 'id_grupo'); - $groupsAW = array_keys($groupsAW); - $id_groups_list = implode(",", $groupsAW); - - if (empty($id_groups_list)){ - $id_groups_list = -1; + // User AW groups to str for the filter + $id_groups_str = implode(",", $user_groups_aw); + + if (empty($id_groups_str)) { + // Restrictive filter on error. This will filter all the downtimes + $id_groups_str = '-1'; } - + $filter_cond = ''; if ($filter_group > 0) $filter_cond = " AND id_grupo = $filter_group "; - $sql = sprintf ("SELECT tagente.id_agente, tagente.nombre, - tagente.id_grupo + $sql = sprintf("SELECT tagente.id_agente, tagente.nombre FROM tagente WHERE tagente.id_agente NOT IN ( SELECT tagente.id_agente FROM tagente, tplanned_downtime_agents WHERE tplanned_downtime_agents.id_agent = tagente.id_agente AND tplanned_downtime_agents.id_downtime = %d - ) AND disabled = 0 $filter_cond + ) AND disabled = 0 %s AND tagente.id_grupo IN (%s) - ORDER by tagente.nombre", $id_downtime, $id_groups_list); - $downtimes = db_get_all_rows_sql ($sql); - $data = array (); - if ($downtimes) { - foreach ($downtimes as $downtime) { - if (check_acl ($config["id_user"], $downtime['id_grupo'], "AW")) { - $data[$downtime['id_agente']] = $downtime['nombre']; - } - } - } + ORDER BY tagente.nombre", $id_downtime, $filter_cond, $id_groups_str); + $agents = db_get_all_rows_sql ($sql); + if (empty($agents)) + $agents = array(); + + $agent_ids = extract_column($agents, 'id_agente'); + $agent_names = extract_column($agents, 'nombre'); + // item[] = ; + $agents = array_combine($agent_ids, $agent_names); + if ($agents === false) + $agents = array(); $disabled_add_button = false; - if (empty($data) || $disabled_in_execution) { + if (empty($agents) || $disabled_in_execution) { $disabled_add_button = true; } @@ -613,7 +679,7 @@ if ($id_downtime > 0) { echo "
"; - echo html_print_select ($data, "id_agents[]", '', '', '', 0, false, true, true, '', false, 'width: 180px;'); + echo html_print_select ($agents, "id_agents[]", '', '', '', 0, false, true, true, '', false, 'width: 180px;'); echo '

' . __('Available modules:') . ui_print_help_tip (__('Only for type Quiet for downtimes.'), true) . '

'; @@ -631,17 +697,20 @@ if ($id_downtime > 0) { //Start Overview of existing planned downtime echo '

'.__('Agents planned for this downtime').':

'; - $sql = sprintf ("SELECT tagente.nombre, tplanned_downtime_agents.id, - tagente.id_os, tagente.id_agente, tagente.id_grupo, - tagente.ultimo_contacto, tplanned_downtime_agents.all_modules - FROM tagente, tplanned_downtime_agents - WHERE tplanned_downtime_agents.id_agent = tagente.id_agente - AND tplanned_downtime_agents.id_downtime = %d ", $id_downtime); + // User the $id_groups_str built before + $sql = sprintf("SELECT ta.nombre, tpda.id, + ta.id_os, ta.id_agente, ta.id_grupo, + ta.ultimo_contacto, tpda.all_modules + FROM tagente ta + INNER JOIN tplanned_downtime_agents tpda + ON ta.id_agente = tpda.id_agent + AND tpda.id_downtime = %d + WHERE ta.id_grupo IN (%s)", + $id_downtime, $id_groups_str); + $downtimes_agents = db_get_all_rows_sql ($sql); - $downtimes = db_get_all_rows_sql ($sql); - if ($downtimes === false) { - echo '
' . - __('There are no scheduled downtimes') . '
'; + if (empty($downtimes_agents)) { + echo '
' . __('There are no agents') . '
'; } else { $table = new stdClass(); @@ -656,24 +725,24 @@ if ($id_downtime > 0) { $table->head[3] = __('Last contact'); $table->head['count_modules'] = __('Modules'); - if (!$executed) { + if (!$running) { $table->head[5] = __('Actions'); $table->align[5] = "center"; $table->size[5] = "5%"; } - foreach ($downtimes as $downtime) { + foreach ($downtimes_agents as $downtime_agent) { $data = array (); - $data[0] = $downtime['nombre']; + $data[0] = $downtime_agent['nombre']; $data[1] = db_get_sql ("SELECT nombre FROM tgrupo - WHERE id_grupo = " . $downtime["id_grupo"]); + WHERE id_grupo = " . $downtime_agent["id_grupo"]); - $data[2] = ui_print_os_icon($downtime["id_os"], true, true); + $data[2] = ui_print_os_icon($downtime_agent["id_os"], true, true); - $data[3] = $downtime["ultimo_contacto"]; + $data[3] = $downtime_agent["ultimo_contacto"]; if ($type_downtime == 'disable_agents_alerts') { $data['count_modules'] = __("All alerts"); @@ -682,7 +751,7 @@ if ($id_downtime > 0) { $data['count_modules'] = __("Entire agent"); } else { - if ($downtime["all_modules"]) { + if ($downtime_agent["all_modules"]) { $data['count_modules'] = __("All modules"); } else { @@ -690,19 +759,19 @@ if ($id_downtime > 0) { } } - if (!$executed) { + if (!$running) { $data[5] = ''; if ($type_downtime != 'disable_agents_alerts' && $type_downtime != 'disable_agents') { - $data[5] = '' . + $data[5] = '' . html_print_image("images/config.png", true, array("border" => '0', "alt" => __('Delete'))) . ""; } - $data[5] .= '' . + $data[5] .= '' . html_print_image("images/cross.png", true, array("border" => '0', "alt" => __('Delete'))) . ""; } - $table->data['agent_' . $downtime["id_agente"]] = $data; + $table->data['agent_' . $downtime_agent["id_agente"]] = $data; } html_print_table ($table); } diff --git a/pandora_console/include/ajax/planned_downtime.ajax.php b/pandora_console/include/ajax/planned_downtime.ajax.php index bf032431c9..c8bf78ddd4 100644 --- a/pandora_console/include/ajax/planned_downtime.ajax.php +++ b/pandora_console/include/ajax/planned_downtime.ajax.php @@ -17,10 +17,16 @@ include_once($config['homedir'] . "/include/functions_io.php"); include_once($config['homedir'] . "/include/functions_db.php"); include_once($config['homedir'] . "/include/functions_modules.php"); +include_once($config['homedir'] . "/include/functions_groups.php"); -$get_modules_downtime = (bool)get_parameter('get_modules_downtime', 0); -$delete_module_from_downtime = (bool)get_parameter('delete_module_from_downtime', 0); -$add_module_into_downtime = (bool)get_parameter('add_module_into_downtime', 0); +ob_clean(); + +$get_modules_downtime = (bool)get_parameter('get_modules_downtime', 0); +$delete_module_from_downtime = (bool)get_parameter('delete_module_from_downtime', 0); +$add_module_into_downtime = (bool)get_parameter('add_module_into_downtime', 0); + +// User groups with AW permission for ACL checks +$user_groups_aw = array_keys(users_get_groups($config['id_user'], 'AW')); if ($get_modules_downtime) { $return = array(); @@ -28,38 +34,58 @@ if ($get_modules_downtime) { $return['in_agent'] = array(); $return['in_downtime'] = array(); - $id_agent = (int)get_parameter('id_agent', 0); - $id_downtime = (int)get_parameter('id_downtime', 0); - $none_value = (bool)get_parameter('none_value', false); + $id_agent = (int) get_parameter('id_agent', 0); + $id_downtime = (int) get_parameter('id_downtime', 0); + $none_value = (bool) get_parameter('none_value', false); - $rows = db_get_all_rows_filter('tplanned_downtime_modules', - array('id_agent' => $id_agent, 'id_downtime' => $id_downtime)); - if (empty($rows)) - $rows = array(); - $id_modules_downtime = array(); - foreach ($rows as $row) { - $id_modules_downtime[$row['id_agent_module']] = true; + // Check AW permission on downtime + $downtime_group = db_get_value('id_group', 'tplanned_downtime', 'id', $id_downtime); + + if ($downtime_group === false || !in_array($downtime_group, $user_groups_aw)) { + $return['correct'] = 0; + echo json_encode($return); + return; } - $modules = db_get_all_rows_filter('tagente_modulo', array('id_agente' => $id_agent)); + // Check AW permission on agent + $agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $id_agent); + + if ($agent_group === false || !in_array($agent_group, $user_groups_aw)) { + $return['correct'] = 0; + echo json_encode($return); + return; + } + + $filter = array( + 'id_agent' => $id_agent, + 'id_downtime' => $id_downtime + ); + $downtime_modules = db_get_all_rows_filter('tplanned_downtime_modules', $filter); + if (empty($downtime_modules)) + $downtime_modules = array(); + + $downtime_module_ids = extract_column($downtime_modules, 'id_agent_module'); + $downtime_modules = array_fill_keys($downtime_module_ids, true); + + $filter = array( + 'id_agente' => $id_agent + ); + $modules = db_get_all_rows_filter('tagente_modulo', $filter); if (empty($modules)) $modules = array(); - foreach ($modules as $module) { - if (empty($id_modules_downtime[$module['id_agente_modulo']])) { - $return['in_agent'][$module['id_agente_modulo']] = io_safe_output($module['nombre']); - } - else { - $return['in_downtime'][$module['id_agente_modulo']] = io_safe_output($module['nombre']); - } - } + $module_ids = extract_column($modules, 'id_agente_modulo'); + $module_names = extract_column($modules, 'nombre'); + $modules = array_combine($module_ids, $module_names); - if ($none_value) { + $return['in_downtime'] = array_intersect_key($modules, $downtime_modules); + $return['in_agent'] = array_diff($modules, $return['in_downtime']); + + if ($none_value) $return['in_agent'][0] = __('None'); - } echo json_encode($return); - exit; + return; } if ($delete_module_from_downtime) { @@ -68,45 +94,65 @@ if ($delete_module_from_downtime) { $return['all_modules'] = 0; $return['id_agent'] = 0; - $id_module = (int)get_parameter('id_module', 0); - $id_downtime = (int)get_parameter('id_downtime', 0); + $id_module = (int) get_parameter('id_module', 0); + $id_downtime = (int) get_parameter('id_downtime', 0); + $id_agent = db_get_value('id_agente', 'tagente_modulo', 'id_agente_modulo', $id_module); - $executed = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime); - if ($executed) { + // Check AW permission on downtime + $downtime_group = db_get_value('id_group', 'tplanned_downtime', 'id', $id_downtime); + + if ($downtime_group === false || !in_array($downtime_group, $user_groups_aw)) { + $return['correct'] = 0; + echo json_encode($return); + return; + } + + // Check AW permission on agent + $agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $id_agent); + + if ($id_agent === false || $agent_group === false || !in_array($agent_group, $user_groups_aw)) { + $return['correct'] = 0; + echo json_encode($return); + return; + } + + $is_running = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime); + if ($is_running) { $return['executed'] = 1; echo json_encode($return); - exit; + return; } - - $row = db_get_row_filter('tplanned_downtime_modules', - array('id_agent_module' => $id_module, - 'id_downtime' => $id_downtime)); - $return['id_agent'] = $row['id_agent']; - $result = db_process_sql_delete('tplanned_downtime_modules', - array('id_downtime' => $id_downtime, - 'id_agent_module' => $id_module)); + $return['id_agent'] = $id_agent; + + $filter = array( + 'id_agent_module' => $id_module, + 'id_downtime' => $id_downtime + ); + $result = db_process_sql_delete('tplanned_downtime_modules', $filter); if ($result) { - $rows = db_get_all_rows_filter('tplanned_downtime_modules', - array('id_downtime' => $id_downtime, - 'id_agent' => $row['id_agent'])); + db_clean_cache(); + + $filter = array( + 'id_agent' => $id_agent, + 'id_downtime' => $id_downtime + ); + $rows = db_get_all_rows_filter('tplanned_downtime_modules', $filter); if (empty($rows)) { - db_process_sql_update('tplanned_downtime_agents', - array('all_modules' => 1), - array('id_agent' => $row['id_agent'], - 'id_downtime' => $id_downtime)); + $values = array('all_modules' => 1); + db_process_sql_update('tplanned_downtime_agents', $values, $filter); $return['all_modules'] = 1; - $return['id_agent'] = $row['id_agent']; + $return['id_agent'] = $id_agent; } $return['correct'] = 1; } echo json_encode($return); - exit; + return; } if ($add_module_into_downtime) { @@ -114,15 +160,33 @@ if ($add_module_into_downtime) { $return['correct'] = 0; $return['name'] = ''; - $id_agent = (int)get_parameter('id_agent', 0); - $id_module = (int)get_parameter('id_module', 0); - $id_downtime = (int)get_parameter('id_downtime', 0); + $id_agent = (int) get_parameter('id_agent', 0); + $id_module = (int) get_parameter('id_module', 0); + $id_downtime = (int) get_parameter('id_downtime', 0); - $executed = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime); - if ($executed) { + // Check AW permission on downtime + $downtime_group = db_get_value('id_group', 'tplanned_downtime', 'id', $id_downtime); + + if ($downtime_group === false || !in_array($downtime_group, $user_groups_aw)) { + $return['correct'] = 0; + echo json_encode($return); + return; + } + + // Check AW permission on agent + $agent_group = db_get_value('id_grupo', 'tagente', 'id_agente', $id_agent); + + if ($agent_group === false || !in_array($agent_group, $user_groups_aw)) { + $return['correct'] = 0; + echo json_encode($return); + return; + } + + $is_running = db_get_value ('executed', 'tplanned_downtime', 'id', $id_downtime); + if ($is_running) { $return['executed'] = 1; echo json_encode($return); - exit; + return; } $values = array(); @@ -144,7 +208,7 @@ if ($add_module_into_downtime) { } echo json_encode($return); - exit; + return; } ?>