tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-30 01:05:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

2011-02-17 Juan Manuel Ramon <juanmanuel.ramon@artica.es>

Browse Source 
* godmode/alerts/configure_alert_template.php
	  godmode/alerts/alert_templates.php
	  godmode/alerts/configure_alert_action.php
	  godmode/alerts/alert_actions.php
          godmode/alerts/alert_list.builder.php: If user is not admin then can't
	edit/delete/copy alerts/templates of other groups.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3895 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
juanmanuelr 2011-02-17 15:00:19 +00:00
parent f4e2888590
commit fe7738e007
6 changed files with 113 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pandora_console/ChangeLog
View File

@ -1,3 +1,12 @@
2011-02-17 Juan Manuel Ramon <juanmanuel.ramon@artica.es>
* godmode/alerts/configure_alert_template.php
godmode/alerts/alert_templates.php
godmode/alerts/configure_alert_action.php
godmode/alerts/alert_actions.php
godmode/alerts/alert_list.builder.php: If user is not admin then can't
edit/delete/copy alerts/templates of other groups.
2011-02-17 Miguel de Dios <miguel.dedios@artica.es> 2011-02-17 Miguel de Dios <miguel.dedios@artica.es>
* godmode/reporting/visual_console_builder.editor.js: fixed the type of icon * godmode/reporting/visual_console_builder.editor.js: fixed the type of icon

40
pandora_console/godmode/alerts/alert_actions.php
View File

@ -54,7 +54,9 @@ if ($copy_action) {
$al_action = get_alert_action ($id); $al_action = get_alert_action ($id);
if ($al_action !== false){ if ($al_action !== false){
// If user tries to copy an action with group=ALL
if ($al_action['id_group'] == 0){ if ($al_action['id_group'] == 0){
// then must have "PM" access privileges
if (! give_acl ($config['id_user'], 0, "PM")) { if (! give_acl ($config['id_user'], 0, "PM")) {
pandora_audit("ACL Violation", pandora_audit("ACL Violation",
"Trying to access Alert Management"); "Trying to access Alert Management");
@ -63,9 +65,25 @@ if ($copy_action) {
}else }else
// Header // Header
print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true); print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true);
}else // If user tries to copy an action of others groups
}else{
$own_info = get_user_info ($config['id_user']);
if ($own_info['is_admin'] || give_acl ($config['id_user'], 0, "PM"))
$own_groups = array_keys(get_user_groups($config['id_user'], "LM"));
else
$own_groups = array_keys(get_user_groups($config['id_user'], "LM", false));
$is_in_group = in_array($al_action['id_group'], $own_groups);
// Then action group have to be in his own groups
if ($is_in_group)
// Header // Header
print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true); print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true);
else{
pandora_audit("ACL Violation",
"Trying to access Alert Management");
require ("general/noaccess.php");
exit;
}
}
}else }else
// Header // Header
print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true); print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true);
@ -179,7 +197,9 @@ if ($delete_action) {
$al_action = get_alert_action ($id); $al_action = get_alert_action ($id);
if ($al_action !== false){ if ($al_action !== false){
// If user tries to delete an action with group=ALL
if ($al_action['id_group'] == 0){ if ($al_action['id_group'] == 0){
// then must have "PM" access privileges
if (! give_acl ($config['id_user'], 0, "PM")) { if (! give_acl ($config['id_user'], 0, "PM")) {
pandora_audit("ACL Violation", pandora_audit("ACL Violation",
"Trying to access Alert Management"); "Trying to access Alert Management");
@ -188,9 +208,25 @@ if ($delete_action) {
}else }else
// Header // Header
print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true); print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true);
}else // If user tries to delete an action of others groups
}else{
$own_info = get_user_info ($config['id_user']);
if ($own_info['is_admin'] || give_acl ($config['id_user'], 0, "PM"))
$own_groups = array_keys(get_user_groups($config['id_user'], "LM"));
else
$own_groups = array_keys(get_user_groups($config['id_user'], "LM", false));
$is_in_group = in_array($al_action['id_group'], $own_groups);
// Then action group have to be in his own groups
if ($is_in_group)
// Header // Header
print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true); print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true);
else{
pandora_audit("ACL Violation",
"Trying to access Alert Management");
require ("general/noaccess.php");
exit;
}
}
}else }else
// Header // Header
print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true); print_page_header (__('Alerts').' &raquo; '.__('Alert actions'), "images/god2.png", false, "", true);

2
pandora_console/godmode/alerts/alert_list.builder.php
View File

@ -65,7 +65,7 @@ $table->data[1][0] = __('Template');
$table->data[1][0] = __('Template'); $table->data[1][0] = __('Template');
$own_info = get_user_info ($config['id_user']); $own_info = get_user_info ($config['id_user']);
if ($own_info['is_admin']) if ($own_info['is_admin'] || give_acl ($config['id_user'], 0, "PM"))
$templates = get_alert_templates (false, array ('id', 'name')); $templates = get_alert_templates (false, array ('id', 'name'));
else{ else{
$usr_groups = get_user_groups($config['id_user'], 'LW', false); $usr_groups = get_user_groups($config['id_user'], 'LW', false);

19
pandora_console/godmode/alerts/alert_templates.php
View File

@ -137,6 +137,7 @@ if ($delete_template) {
$al_template = get_alert_template($id); $al_template = get_alert_template($id);
if ($al_template !== false){ if ($al_template !== false){
// If user tries to delete a template with group=ALL then must have "PM" access privileges
if ($al_template['id_group'] == 0){ if ($al_template['id_group'] == 0){
if (! give_acl ($config['id_user'], 0, "PM")) { if (! give_acl ($config['id_user'], 0, "PM")) {
pandora_audit("ACL Violation", pandora_audit("ACL Violation",
@ -146,9 +147,25 @@ if ($delete_template) {
}else }else
// Header // Header
print_page_header (__('Alerts')." &raquo; ". __('Alert templates'), "images/god2.png", false, "", true); print_page_header (__('Alerts')." &raquo; ". __('Alert templates'), "images/god2.png", false, "", true);
}else // If user tries to delete a template of others groups
}else{
$own_info = get_user_info ($config['id_user']);
if ($own_info['is_admin'] || give_acl ($config['id_user'], 0, "PM"))
$own_groups = array_keys(get_user_groups($config['id_user'], "LM"));
else
$own_groups = array_keys(get_user_groups($config['id_user'], "LM", false));
$is_in_group = in_array($al_template['id_group'], $own_groups);
// Then template group have to be is his own groups
if ($is_in_group)
// Header // Header
print_page_header (__('Alerts')." &raquo; ". __('Alert templates'), "images/god2.png", false, "", true); print_page_header (__('Alerts')." &raquo; ". __('Alert templates'), "images/god2.png", false, "", true);
else{
pandora_audit("ACL Violation",
"Trying to access Alert Management");
require ("general/noaccess.php");
exit;
}
}
}else }else
// Header // Header
print_page_header (__('Alerts')." &raquo; ". __('Alert templates'), "images/god2.png", false, "", true); print_page_header (__('Alerts')." &raquo; ". __('Alert templates'), "images/god2.png", false, "", true);

21
pandora_console/godmode/alerts/configure_alert_action.php
View File

@ -32,7 +32,9 @@ $id = (int) get_parameter ('id');
$al_action = get_alert_action ($id); $al_action = get_alert_action ($id);
if ($al_action !== false){ if ($al_action !== false){
// If user tries to edit an action with group=ALL
if ($al_action['id_group'] == 0){ if ($al_action['id_group'] == 0){
// then must have "PM" access privileges
if (! give_acl ($config['id_user'], 0, "PM")) { if (! give_acl ($config['id_user'], 0, "PM")) {
pandora_audit("ACL Violation", pandora_audit("ACL Violation",
"Trying to access Alert Management"); "Trying to access Alert Management");
@ -41,10 +43,25 @@ if ($al_action !== false){
}else }else
// Header // Header
print_page_header (__('Alerts').' &raquo; '.__('Configure alert action'), "images/god2.png", false, "", true); print_page_header (__('Alerts').' &raquo; '.__('Configure alert action'), "images/god2.png", false, "", true);
// If user tries to edit an action of others groups
}else }else{
$own_info = get_user_info ($config['id_user']);
if ($own_info['is_admin'] || give_acl ($config['id_user'], 0, "PM"))
$own_groups = array_keys(get_user_groups($config['id_user'], "LM"));
else
$own_groups = array_keys(get_user_groups($config['id_user'], "LM", false));
$is_in_group = in_array($al_action['id_group'], $own_groups);
// Then action group have to be in his own groups
if ($is_in_group)
// Header // Header
print_page_header (__('Alerts').' &raquo; '.__('Configure alert action'), "images/god2.png", false, "", true); print_page_header (__('Alerts').' &raquo; '.__('Configure alert action'), "images/god2.png", false, "", true);
else{
pandora_audit("ACL Violation",
"Trying to access Alert Management");
require ("general/noaccess.php");
exit;
}
}
}else }else
// Header // Header
print_page_header (__('Alerts').' &raquo; '.__('Configure alert action'), "images/god2.png", false, "", true); print_page_header (__('Alerts').' &raquo; '.__('Configure alert action'), "images/god2.png", false, "", true);

20
pandora_console/godmode/alerts/configure_alert_template.php
View File

@ -39,7 +39,9 @@ if ($duplicate_template) {
} }
if ($a_template !== false){ if ($a_template !== false){
// If user tries to duplicate/edit a template with group=ALL
if ($a_template['id_group'] == 0){ if ($a_template['id_group'] == 0){
// then must have "PM" access privileges
if (! give_acl ($config['id_user'], 0, "PM")) { if (! give_acl ($config['id_user'], 0, "PM")) {
pandora_audit("ACL Violation", pandora_audit("ACL Violation",
"Trying to access Alert Management"); "Trying to access Alert Management");
@ -48,9 +50,25 @@ if ($a_template !== false){
}else }else
// Header // Header
print_page_header (__('Alerts').' &raquo; '.__('Configure alert template'), "", false, "", true); print_page_header (__('Alerts').' &raquo; '.__('Configure alert template'), "", false, "", true);
}else // If user tries to duplicate/edit a template of others groups
}else{
$own_info = get_user_info ($config['id_user']);
if ($own_info['is_admin'] || give_acl ($config['id_user'], 0, "PM"))
$own_groups = array_keys(get_user_groups($config['id_user'], "LM"));
else
$own_groups = array_keys(get_user_groups($config['id_user'], "LM", false));
$is_in_group = in_array($a_template['id_group'], $own_groups);
// Then template group have to be in his own groups
if ($is_in_group)
// Header // Header
print_page_header (__('Alerts').' &raquo; '.__('Configure alert template'), "", false, "", true); print_page_header (__('Alerts').' &raquo; '.__('Configure alert template'), "", false, "", true);
else{
pandora_audit("ACL Violation",
"Trying to access Alert Management");
require ("general/noaccess.php");
exit;
}
}
// This prevents to duplicate the header in case duplicate/edit_template action is performed // This prevents to duplicate the header in case duplicate/edit_template action is performed
}else }else
// Header // Header