From c74e4a3d6ada19dcee3f2188d65cc1443c6e148b Mon Sep 17 00:00:00 2001 From: fermin831 Date: Thu, 11 Oct 2018 15:45:11 +0200 Subject: [PATCH 1/2] Fixed agent filter on agents/module view to see secondary groups --- .../operation/agentes/ver_agente.php | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/pandora_console/operation/agentes/ver_agente.php b/pandora_console/operation/agentes/ver_agente.php index f98af59772..438132240e 100644 --- a/pandora_console/operation/agentes/ver_agente.php +++ b/pandora_console/operation/agentes/ver_agente.php @@ -68,14 +68,18 @@ if (is_ajax ()) { } } else { - $groups_orig = users_get_groups(false, $privilege); + $groups_orig = users_get_groups(false, $privilege, false); $groups = array_keys($groups_orig); } - + // Build filter $filter = array(); - $filter['id_grupo'] = $groups; - + // Group filter (primary and secondary) + $filter[] = "(" .db_format_array_where_clause_sql( + array('id_grupo' => $groups, 'id_group' => $groups), + 'OR' + ) . ")"; + if (!empty($id_os)) $filter['id_os'] = $id_os; if (!empty($agent_name)) @@ -158,12 +162,17 @@ if (is_ajax ()) { } } - + $filter['group'] = 'id_agente'; + // Build fields $fields = array('id_agente', 'alias'); // Perform search - $agents = db_get_all_rows_filter('tagente', $filter, $fields); + $agents = db_get_all_rows_filter( + 'tagente LEFT JOIN tagent_secondary_group ON id_agente=id_agent', + $filter, + $fields + ); if (empty($agents)) $agents = array(); foreach ($agents as $k => $v) { From 0747a5b263f7a8b81487507da0b9331ed6eb4dd1 Mon Sep 17 00:00:00 2001 From: fermin831 Date: Thu, 11 Oct 2018 16:00:49 +0200 Subject: [PATCH 2/2] Fixed secondary groups privileges in agent popup in tree view --- pandora_console/include/functions_treeview.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pandora_console/include/functions_treeview.php b/pandora_console/include/functions_treeview.php index 2f2e899143..544c66b35a 100755 --- a/pandora_console/include/functions_treeview.php +++ b/pandora_console/include/functions_treeview.php @@ -468,8 +468,6 @@ function treeview_printTable($id_agente, $server_data = array(), $no_head = fals enterprise_include_once ('meta/include/functions_ui_meta.php'); include_graphs_dependencies(); - $strict_user = (bool) db_get_value("strict_acl", "tusuario", "id_user", $config['id_user']); - $is_extra = enterprise_hook('policies_is_agent_extra_policy', array($id_agente)); if ($is_extra === ENTERPRISE_NOT_HOOK) { @@ -483,9 +481,13 @@ function treeview_printTable($id_agente, $server_data = array(), $no_head = fals return; } + // Get the agent info $agent = db_get_row ("tagente", "id_agente", $id_agente); - - if (! check_acl ($config["id_user"], $agent["id_grupo"], "AR") && ! check_acl ($config["id_user"], $agent["id_grupo"], "AW") && !$is_extra) { + if ($agent == false) return; + + // Check all groups + $groups = agents_get_all_groups_agent($id_agente, $agent["id_grupo"], is_metaconsole()); + if (! check_acl_one_of_groups ($config["id_user"], $groups, "AR") && ! check_acl_one_of_groups ($config["id_user"], $groups, "AW") && !$is_extra) { db_pandora_audit("ACL Violation", "Trying to access Agent General Information"); require_once ("general/noaccess.php");