From f5e48d06f603a2cb06d918782d0838c63f386400 Mon Sep 17 00:00:00 2001 From: juanmanuelr Date: Fri, 14 Feb 2014 13:20:38 +0000 Subject: [PATCH] 2014-02-14 Juan Manuel Ramon * include/functions_tags.php: Fixed several bugs with ACL propagation and ACL tags. * include/functions_graph.php: Implemented ACL tags in graph_event_module function. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@9438 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 8 ++ pandora_console/include/functions_graph.php | 8 +- pandora_console/include/functions_tags.php | 85 ++++++++++++++++----- 3 files changed, 78 insertions(+), 23 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 722989c29e..8299cf36e5 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,11 @@ +2014-02-14 Juan Manuel Ramon + + * include/functions_tags.php: Fixed several bugs with + ACL propagation and ACL tags. + + * include/functions_graph.php: Implemented ACL tags in + graph_event_module function. + 2014-02-12 Sergio Martin * mobile/operation/events.php: Fix order of the event diff --git a/pandora_console/include/functions_graph.php b/pandora_console/include/functions_graph.php index 83519f7d5c..f107673d7f 100755 --- a/pandora_console/include/functions_graph.php +++ b/pandora_console/include/functions_graph.php @@ -1463,6 +1463,10 @@ function graph_agent_status ($id_agent = false, $width = 300, $height = 200, $re function graph_event_module ($width = 300, $height = 200, $id_agent) { global $config; global $graphic_type; + + // Fix: tag filters implemented! for tag functionality groups have to be all user_groups (propagate ACL funct!) + $groups = users_get_groups($config["id_user"]); + $tags_condition = tags_get_acl_tags($config['id_user'], array_keys($groups), 'ER', 'event_condition', 'AND'); $data = array (); $max_items = 6; @@ -1472,8 +1476,8 @@ function graph_event_module ($width = 300, $height = 200, $id_agent) { $sql = sprintf ('SELECT COUNT(id_evento) AS count_number, id_agentmodule FROM tevento - WHERE tevento.id_agente = %d - GROUP BY id_agentmodule ORDER BY count_number DESC LIMIT %d', $id_agent, $max_items); + WHERE tevento.id_agente = %d %s + GROUP BY id_agentmodule ORDER BY count_number DESC LIMIT %d', $id_agent, $tags_condition, $max_items); break; case "oracle": $sql = sprintf ('SELECT COUNT(id_evento) AS count_number, diff --git a/pandora_console/include/functions_tags.php b/pandora_console/include/functions_tags.php index 0daece071d..6bcf1e2ab9 100644 --- a/pandora_console/include/functions_tags.php +++ b/pandora_console/include/functions_tags.php @@ -780,8 +780,10 @@ function tags_get_acl_tags_module_condition($acltags, $modules_table = '') { $condition .= ' ( '; // Group condition (The module belongs to an agent of the group X) - if (!array_key_exists(0, array_keys($acltags))) { - $group_condition = sprintf('%sid_agente IN (SELECT id_agente FROM tagente WHERE id_grupo = %d)', $modules_table, $group_id); + // Fix: Now group and tag is checked at the same time, before only tag was checked due to a bad condition + if (!array_key_exists(0, $acltags)) { + // Fix: get all groups recursively (Acl proc func!) + $group_condition = sprintf('%sid_agente IN (SELECT id_agente FROM tagente WHERE id_grupo IN (%s))', $modules_table, implode(',', array_values(groups_get_id_recursive($group_id)))); } else { //Avoid the user profiles with all group access. @@ -823,10 +825,16 @@ function tags_get_acl_tags_event_condition($acltags) { // Get all tags of the system $all_tags = tags_get_all_tags(false); + // Fix : Will have all groups retrieved (also propagated ones) + $_groups_not_in = ''; + foreach ($acltags as $group_id => $group_tags) { // Group condition (The module belongs to an agent of the group X) - $group_condition = sprintf('id_grupo = %d',$group_id); + // Fix : Get all groups (children also, Propagate ACL func!) + $group_condition = sprintf('id_grupo IN (%s)', implode(',', array_values(groups_get_id_recursive($group_id)))); + $_groups_not_in .= implode(',', array_values(groups_get_id_recursive($group_id))) . ','; + // Tags condition (The module has at least one of the restricted tags) $tags_condition = ''; foreach ($group_tags as $tag) { @@ -862,7 +870,9 @@ function tags_get_acl_tags_event_condition($acltags) { } if (!empty($condition)) { - $condition = sprintf("\n((%s) OR id_grupo NOT IN (%s))", $condition, implode(',',array_keys($acltags))); + // Fix : Also add events of other groups (taking care of propagate ACLs func!) + if (!empty($_groups_not_in)) + $condition = sprintf("\n((%s) OR id_grupo NOT IN (%s))", $condition, rtrim($_groups_not_in, ',')); } return $condition; @@ -1004,31 +1014,64 @@ function tags_check_acl($id_user, $id_group, $access, $tags = array()) { return true; } - if($id_group > 0) { - if(isset($acls[$id_group])) { - foreach($tags as $tag) { - $tag = tags_get_id($tag); + # Fix: If user profile has more than one group, due to ACL propagation then id_group can be an array + if (is_array($id_group)) { - if(in_array($tag, $acls[$id_group])) { - return true; + foreach ($id_group as $group) { + + if($group > 0) { + if(isset($acls[$group])) { + foreach($tags as $tag) { + $tag = tags_get_id($tag); + + if(in_array($tag, $acls[$group])) { + return true; + } + } + } + else { + return false; + } + } else { + foreach($acls as $acl_tags) { + foreach($tags as $tag) { + $tag = tags_get_id($tag); + if(in_array($tag, $acl_tags)) { + return true; + } + } + } + } + + } + + } else { + if($id_group > 0) { + if(isset($acls[$id_group])) { + foreach($tags as $tag) { + $tag = tags_get_id($tag); + + if(in_array($tag, $acls[$id_group])) { + return true; + } } } + else { + return false; + } } else { - return false; - } - } - else { - foreach($acls as $acl_tags) { - foreach($tags as $tag) { - $tag = tags_get_id($tag); - if(in_array($tag, $acl_tags)) { - return true; + foreach($acls as $acl_tags) { + foreach($tags as $tag) { + $tag = tags_get_id($tag); + if(in_array($tag, $acl_tags)) { + return true; + } } } } - } - + } + return false; } ?>