fix(acl): in CSV's exports (#7518)

* fix(acl): export hostgroup CSV * fix(acl): export host CSV * fix(acl): export servicegroup CSV * fix(acl): export services CSV
centreon · May 15, 2019 · a2944fa · a2944fa
1 parent d87913b
commit a2944fa
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 8 deletions.
diff --git a/www/include/reporting/dashboard/csvExport/csv_HostGroupLogs.php b/www/include/reporting/dashboard/csvExport/csv_HostGroupLogs.php
@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2016 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -80,6 +80,18 @@
 isset($_GET["hostgroup"]) ? $id = htmlentities($_GET["hostgroup"], ENT_QUOTES, "UTF-8") : $id = "NULL";
 isset($_POST["hostgroup"]) ? $id = htmlentities($_POST["hostgroup"], ENT_QUOTES, "UTF-8") : $id;
 
+// finding the user's allowed hostgroups
+$allowedHostgroups = $centreon->user->access->getHostGroupAclConf(null, 'broker');
+//checking if the user has ACL rights for this resource
+if (!$centreon->user->admin
+    && $id !== null
+    && !array_key_exists($id, $allowedHostgroups)
+) {
+    echo '<div align="center" style="color:red">' .
+        '<b>You are not allowed to access this host group</b></div>';
+    exit();
+}
+
 /*
  * Getting time interval to report
  */

diff --git a/www/include/reporting/dashboard/csvExport/csv_HostLogs.php b/www/include/reporting/dashboard/csvExport/csv_HostLogs.php
@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2016 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -83,6 +83,18 @@
 isset($_GET["host"]) ? $id = htmlentities($_GET["host"], ENT_QUOTES, "UTF-8") : $id = null;
 isset($_POST["host"]) ? $id = htmlentities($_POST["host"], ENT_QUOTES, "UTF-8") : $id;
 
+// finding the user's allowed hosts
+$allowedHosts = $centreon->user->access->getHostAclConf(null, 'broker');
+//checking if the user has ACL rights for this resource
+if (!$centreon->user->admin
+    && $id !== null
+    && !array_key_exists($id, $allowedHosts)
+) {
+    echo '<div align="center" style="color:red">' .
+        '<b>You are not allowed to access this host</b></div>';
+    exit();
+}
+
 /*
  * Getting time interval to report
  */

diff --git a/www/include/reporting/dashboard/csvExport/csv_ServiceGroupLogs.php b/www/include/reporting/dashboard/csvExport/csv_ServiceGroupLogs.php
@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2016 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -77,6 +77,18 @@
 isset($_GET["servicegroup"]) ? $id = htmlentities($_GET["servicegroup"], ENT_QUOTES, "UTF-8") : $id = "NULL";
 isset($_POST["servicegroup"]) ? $id = htmlentities($_POST["servicegroup"], ENT_QUOTES, "UTF-8") : $id = $id;
 
+// finding the user's allowed servicegroup
+$allowedServicegroups = $centreon->user->access->getServiceGroupAclConf(null, 'broker');
+//checking if the user has ACL rights for this resource
+if (!$centreon->user->admin
+    && $id !== null
+    && !array_key_exists($id, $allowedServicegroups)
+) {
+    echo '<div align="center" style="color:red">' .
+        '<b>You are not allowed to access this service group</b></div>';
+    exit();
+}
+
 /*
  * Getting time interval to report
  */

diff --git a/www/include/reporting/dashboard/csvExport/csv_ServiceLogs.php b/www/include/reporting/dashboard/csvExport/csv_ServiceLogs.php
@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2016 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -74,6 +74,18 @@
 isset($_GET["service"]) ? $service_id =  htmlentities($_GET["service"], ENT_QUOTES, "UTF-8") : $service_id = "NULL";
 isset($_POST["service"]) ? $service_id =  htmlentities($_POST["service"], ENT_QUOTES, "UTF-8") : $service_id;
 
+// finding the user's allowed resources
+$allowedServices = $centreon->user->access->getHostServiceAclConf($host_id, 'broker', null);
+//checking if the user has ACL rights for this resource
+if (!$centreon->user->admin
+    && $service_id !== null
+    && (!array_key_exists($service_id, $allowedServices))
+) {
+    echo '<div align="center" style="color:red">' .
+        '<b>You are not allowed to access this service</b></div>';
+    exit();
+}
+
 /*
  * Getting time interval to report
  */