Fixed problems with acl's. Ticket: #3912

This commit is contained in:
m-lopez-f 2016-09-08 12:59:41 +02:00
parent 3d24f0ecba
commit f3b9703242
18 changed files with 28 additions and 27 deletions

View File

@ -19,7 +19,7 @@ check_login();
$agent_d = check_acl ($config['id_user'], 0, "AD");
$agent_w = check_acl ($config['id_user'], 0, "AW");
$access = ($agent_d == true) ? 'AD' : ($agent_w == true) ? 'AW' : 'AD';
$access = ($agent_d == true) ? 'AD' : (($agent_w == true) ? 'AW' : 'AD');
if (!$agent_d && !$agent_w) {
db_pandora_audit("ACL Violation",
"Trying to access downtime scheduler");

View File

@ -21,7 +21,7 @@ check_login();
$read_permisson = check_acl ($config['id_user'], 0, "AR");
$write_permisson = check_acl ($config['id_user'], 0, "AD");
$manage_permisson = check_acl ($config['id_user'], 0, "AW");
$access = ($read_permisson == true) ? 'AR' : ($write_permisson == true) ? 'AD' : ($manage_permisson == true) ? 'AW' : 'AR';
$access = ($read_permisson == true) ? 'AR' : (($write_permisson == true) ? 'AD' : (($manage_permisson == true) ? 'AW' : 'AR'));
if (! $read_permisson && !$manage_permisson) {
db_pandora_audit("ACL Violation",

View File

@ -20,7 +20,7 @@ check_login ();
$event_w = check_acl ($config['id_user'], 0, "EW");
$event_m = check_acl ($config['id_user'], 0, "EM");
$access = ($event_w == true) ? 'EW' : ($event_m == true) ? 'EM' : 'EW';
$access = ($event_w == true) ? 'EW' : (($event_m == true) ? 'EM' : 'EW');
if (!$event_w && !$event_m) {
db_pandora_audit("ACL Violation",

View File

@ -19,7 +19,7 @@ check_login ();
$gis_w = check_acl ($config['id_user'], 0, 'MW');
$gis_m = check_acl ($config['id_user'], 0, 'MM')
$access = ($gis_w == true) ? 'MW' : ($gis_m == true) ? 'MM' : 'MW';
$access = ($gis_w == true) ? 'MW' : (($gis_m == true) ? 'MM' : 'MW');
if (!$gis_w && !$gis_m ) {
db_pandora_audit("ACL Violation", "Trying to access map builder");

View File

@ -23,7 +23,7 @@ check_login ();
$report_r = check_acl ($config['id_user'], 0, "RR");
$report_w = check_acl ($config['id_user'], 0, "RW");
$report_m = check_acl ($config['id_user'], 0, "RM");
$access = ($report_r == true) ? 'RR' : ($report_w == true) ? 'RW' : ($report_m == true) ? 'RM' : 'RR';
$access = ($report_r == true) ? 'RR' : (($report_w == true) ? 'RW' : (($report_m == true) ? 'RM' : 'RR'));
if (!$report_r && !$report_w && !$report_m) {
db_pandora_audit("ACL Violation",
"Trying to access Inventory Module Management");

View File

@ -24,7 +24,7 @@ enterprise_hook('open_meta_frame');
$report_r = check_acl ($config['id_user'], 0, "RR");
$report_w = check_acl ($config['id_user'], 0, "RW");
$report_m = check_acl ($config['id_user'], 0, "RM");
$access = ($report_r == true) ? 'RR' : ($report_w == true) ? 'RW' : ($report_m == true) ? 'RM' : 'RR';
$access = ($report_r == true) ? 'RR' : (($report_w == true) ? 'RW' : (($report_m == true) ? 'RM' : 'RR'));
if (!$report_r && !$report_w && !$report_m) {
db_pandora_audit("ACL Violation",
"Trying to access report builder");

View File

@ -409,7 +409,7 @@ if ($list_modules) {
$agent_a = check_acl ($config['id_user'], 0, "AR");
$agent_w = check_acl ($config['id_user'], 0, "AW");
$access = ($agent_a == true) ? 'AR' : ($agent_w == true) ? 'AW' : 'AR';
$access = ($agent_a == true) ? 'AR' : (($agent_w == true) ? 'AW' : 'AR');
$id_agente = $id_agent = (int)get_parameter('id_agente', 0);
$url = 'index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=' . $id_agent;

View File

@ -49,7 +49,7 @@ if (is_ajax ()) {
$agent_a = check_acl ($config['id_user'], 0, "AR");
$agent_w = check_acl ($config['id_user'], 0, "AW");
$access = ($agent_a == true) ? 'AR' : ($agent_w == true) ? 'AW' : 'AR';
$access = ($agent_a == true) ? 'AR' : (($agent_w == true) ? 'AW' : 'AR');
if (class_exists('TreeEnterprise')) {
$tree = new TreeEnterprise($type, $rootType, $id, $rootID, $serverID, $childrenMethod, $access);
}

View File

@ -408,7 +408,7 @@ $table->align = array ();
if ($isFunctionPolicies !== ENTERPRISE_NOT_HOOK) {
if ($print_agent) {
if (!is_metaconsole() {
if (!is_metaconsole()) {
$table->head[0] = "<span title='" . __('Policy') . "'>" .
__('P.') . "</span>";
}

View File

@ -120,9 +120,10 @@ $recursion = get_parameter('recursion', 0);
$status = (int) get_parameter ('status', -1);
$strict_user = db_get_value('strict_acl', 'tusuario', 'id_user', $config['id_user']);
$agent_a = check_acl ($config['id_user'], 0, "AR");
$agent_w = check_acl ($config['id_user'], 0, "AW");
$access = ($agent_a == true) ? 'AR' : ($agent_w == true) ? 'AW' : 'AR';
$agent_a = (bool) check_acl ($config['id_user'], 0, "AR");
$agent_w = (bool) check_acl ($config['id_user'], 0, "AW");
$access = ($agent_a === true) ? 'AR' : (($agent_w === true) ? 'AW' : 'AR');
$onheader = array();
if (check_acl ($config['id_user'], 0, "AW")) {
@ -166,6 +167,7 @@ echo '<tr><td style="white-space:nowrap;">';
echo __('Group') . '&nbsp;';
$groups = users_get_groups (false, $access);
html_print_select_groups(false, $access, true, 'group_id', $group_id, 'this.form.submit()', '', '', false, false, true, '', false, 'width:150px');
echo '</td><td style="white-space:nowrap;">';

View File

@ -442,11 +442,10 @@ function print_form_filter_monitors($id_agent, $status_filter_monitor = -1,
$table->data[0][3] = html_print_input_text('status_text_monitor', $status_text_monitor, '', 30, 100, true);
$table->data[0][4] = __('Module group');
$rows = db_get_all_rows_sql("SELECT *
FROM tmodule_group where id_mg in (SELECT id_module_group from tagente_modulo where id_agente = $id_agent ) ORDER BY name");
$rows = db_get_all_rows_sql("SELECT * FROM tmodule_group where id_mg in (SELECT id_module_group from tagente_modulo where id_agente = $id_agent ) ORDER BY name");
$rows_select[-1] = __('All');
if (!empty($rows)) {
$rows_select[-1] = __('All');
foreach ($rows as $module_group)
$rows_select[$module_group['id_mg']] = __($module_group['name']);
}

View File

@ -746,7 +746,7 @@ if (empty ($id_agente)) {
}
$agent_a = check_acl ($config['id_user'], 0, "AR");
$agent_w = check_acl ($config['id_user'], 0, "AW");
$access = ($agent_a == true) ? 'AR' : ($agent_w == true) ? 'AW' : 'AR';
$access = ($agent_a == true) ? 'AR' : (($agent_w == true) ? 'AW' : 'AR');
$agent = db_get_row ('tagente', 'id_agente', $id_agente);
// get group for this id_agente
$id_grupo = $agent['id_grupo'];

View File

@ -31,7 +31,7 @@ check_login ();
$event_a = check_acl ($config['id_user'], 0, "ER");
$event_w = check_acl ($config['id_user'], 0, "EW");
$event_m = check_acl ($config['id_user'], 0, "EM");
$access = ($event_a == true) ? 'ER' : ($event_w == true) ? 'EW' : ($event_m == true) ? 'EM' : 'ER';
$access = ($event_a == true) ? 'ER' : (($event_w == true) ? 'EW' : (($event_m == true) ? 'EM' : 'ER'));
if (!$event_a && !$event_w && !$event_m) {
db_pandora_audit("ACL Violation",

View File

@ -40,6 +40,11 @@ $config["id_user"] = $_SESSION["id_usuario"];
// Session locking concurrency speedup!
check_login ();
$event_a = check_acl ($config['id_user'], 0, "ER");
$event_w = check_acl ($config['id_user'], 0, "EW");
$event_m = check_acl ($config['id_user'], 0, "EM");
$access = ($event_a == true) ? 'ER' : (($event_w == true) ? 'EW' : (($event_m == true) ? 'EM' : 'ER'));
if (!isInACL($_SERVER['REMOTE_ADDR'])) {
db_pandora_audit("ACL Violation",
"Trying to access marquee without ACL Access");
@ -47,12 +52,7 @@ if (!isInACL($_SERVER['REMOTE_ADDR'])) {
exit;
}
if (check_acl ($config['id_user'], 0, "ER"))
$groups = users_get_groups ($config["id_user"], "ER");
elseif (check_acl ($config['id_user'], 0, "EW"))
$groups = users_get_groups ($config["id_user"], "EW");
elseif (check_acl ($config['id_user'], 0, "EM"))
$groups = users_get_groups ($config["id_user"], "EM");
$groups = users_get_groups ($config["id_user"], $access);
//Otherwise select all groups the user has rights to.
if (!empty($groups)) {

View File

@ -35,7 +35,7 @@ $config["id_user"] = $_SESSION["id_usuario"];
$event_a = check_acl ($config['id_user'], 0, "ER");
$event_w = check_acl ($config['id_user'], 0, "EW");
$event_m = check_acl ($config['id_user'], 0, "EM");
$access = ($event_a == true) ? 'ER' : ($event_w == true) ? 'EW' : ($event_m == true) ? 'EM' : 'ER';
$access = ($event_a == true) ? 'ER' : (($event_w == true) ? 'EW' : (($event_m == true) ? 'EM' : 'ER'));
if (! check_acl ($config['id_user'], 0, "ER") && ! check_acl ($config['id_user'], 0, "EW") && ! check_acl ($config['id_user'], 0, "EM")) {
db_pandora_audit("ACL Violation","Trying to access event viewer");

View File

@ -21,7 +21,7 @@ check_login ();
$incident_r = check_acl ($config['id_user'], 0, "IR");
$incident_w = check_acl ($config['id_user'], 0, "IW");
$incident_m = check_acl ($config['id_user'], 0, "IM");
$access = ($incident_r == true) ? 'IR' : ($incident_w == true) ? 'IW' : ($incident_m == true) ? 'IM' : 'IR';
$access = ($incident_r == true) ? 'IR' : (($incident_w == true) ? 'IW' : (($incident_m == true) ? 'IM' : 'IR'));
if (!$incident_r && !$incident_w && !$incident_m) {
db_pandora_audit("ACL Violation","Trying to access incident viewer");

View File

@ -170,7 +170,7 @@ if (check_acl ($config['id_user'], 0, "VR") || check_acl ($config['id_user'], 0,
$sub["godmode/reporting/map_builder"]["sub2"] = $sub2;
}
}
// GIS MAPS DESACTIVATE THIS PART; LIBRARY DOESN'T WORK CORRECTLY.
if (check_acl ($config['id_user'], 0, "MR") || check_acl ($config['id_user'], 0, "MW") || check_acl ($config['id_user'], 0, "MM")) {

View File

@ -24,7 +24,7 @@ require_once("include/functions_snmp.php");
check_login ();
$agent_a = check_acl ($config['id_user'], 0, "AR");
$agent_w = check_acl ($config['id_user'], 0, "AW");
$access = ($agent_a == true) ? 'AR' : ($agent_w == true) ? 'AW' : 'AR';
$access = ($agent_a == true) ? 'AR' : (($agent_w == true) ? 'AW' : 'AR');
if (!$agent_a && !$agent_w) {
db_pandora_audit("ACL Violation",
"Trying to access SNMP Console");