fix(poller): Fixed SQL and added access rights checking (#10839)

centreon · Mar 17, 2022 · b875a1c · b875a1c
1 parent f989c2b
commit b875a1c
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 4 deletions.
diff --git a/src/Centreon/Application/Controller/Configuration/MonitoringServerController.php b/src/Centreon/Application/Controller/Configuration/MonitoringServerController.php
@@ -22,6 +22,7 @@
 
 namespace Centreon\Application\Controller\Configuration;
 
+use Centreon\Domain\Contact\Contact;
 use Centreon\Domain\Exception\EntityNotFoundException;
 use Centreon\Domain\Exception\TimeoutException;
 use Centreon\Domain\Log\LoggerTrait;
@@ -37,6 +38,7 @@
 use Centreon\Domain\RequestParameters\Interfaces\RequestParametersInterface;
 use Centreon\Domain\MonitoringServer\Interfaces\MonitoringServerServiceInterface;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 
 /**
  * This class is designed to manage all requests concerning monitoring servers
@@ -206,14 +208,22 @@ function () use ($generateAllConfigurations, $reloadAllConfigurations) {
      */
     private function execute(callable $callable): void
     {
+        /**
+         * @var Contact $user
+         */
+        $user = $this->getUser();
         try {
+            if (! $user->isAdmin() && ! $user->hasRole(Contact::ROLE_GENERATE_CONFIGURATION)) {
+                throw new AccessDeniedException('Insufficient rights (required: ROLE_GENERATE_CONFIGURATION)');
+            }
             $callable();
         } catch (TimeoutException $ex) {
             $this->error($ex->getMessage());
             throw new MonitoringServerException(
                 'The operation timed out - please use the legacy export menu to workaround this problem'
             );
-        } catch (EntityNotFoundException $ex) {
+        } catch (EntityNotFoundException | AccessDeniedException $ex) {
+            $this->error($ex->getMessage());
             throw $ex;
         } catch (\Exception $ex) {
             $this->error($ex->getMessage());

diff --git a/src/Centreon/Domain/Contact/Contact.php b/src/Centreon/Domain/Contact/Contact.php
@@ -49,6 +49,7 @@ class Contact implements UserInterface, ContactInterface
     public const ROLE_HOST_ADD_COMMENT = 'ROLE_HOST_ADD_COMMENT';
     public const ROLE_SERVICE_ADD_COMMENT = 'ROLE_SERVICE_ADD_COMMENT';
     public const ROLE_DISPLAY_COMMAND = 'ROLE_DISPLAY_COMMAND';
+    public const ROLE_GENERATE_CONFIGURATION = 'ROLE_GENERATE_CONFIGURATION';
 
     // user pages access
     public const ROLE_CONFIGURATION_HOSTS_WRITE = 'ROLE_CONFIGURATION_HOSTS_HOSTS_RW';

diff --git a/src/Centreon/Infrastructure/Contact/ContactRepositoryRDB.php b/src/Centreon/Infrastructure/Contact/ContactRepositoryRDB.php
@@ -438,6 +438,9 @@ private function addActionRule(Contact $contact, string $ruleName): void
             case 'service_display_command':
                 $contact->addRole(Contact::ROLE_DISPLAY_COMMAND);
                 break;
+            case 'generate_cfg':
+                $contact->addRole(Contact::ROLE_GENERATE_CONFIGURATION);
+                break;
         }
     }
 

diff --git a/www/include/configuration/configGenerate/xml/moveFiles.php b/www/include/configuration/configGenerate/xml/moveFiles.php
@@ -111,10 +111,11 @@
     $centreon = $_SESSION['centreon'];
 }
 
-if (!isset($_POST['poller'])) {
+if (!isset($_POST['poller']) || ! $centreon->user->access->checkAction('generate_cfg')) {
     exit;
 }
 
+
 /**
  * List of error from php
  */
@@ -126,8 +127,10 @@
 
 // Add task to export files if there is a remote
 $pollerParams = [];
-foreach ($pollers as $pollerId) {
-    $pollerParams[':poller_' . $pollerId] = $pollerId;
+foreach ($pollers as $index => $pollerId) {
+    if (is_numeric($pollerId)) {
+        $pollerParams[':poller_' . $index] = $pollerId;
+    }
 }
 
 // SELECT Remote Servers from selected pollers
@@ -235,6 +238,9 @@ function log_error($errno, $errstr, $errfile, $errline)
      * Copying image in logos directory
      */
     if (isset($centreon->optGen["nagios_path_img"]) && $centreon->optGen["nagios_path_img"]) {
+        /**
+         * @var CentreonDBStatement $DBRESULT_imgs
+         */
         $DBRESULT_imgs = $pearDB->query(
             "SELECT `dir_alias`, `img_path` " .
             "FROM `view_img`, `view_img_dir`, `view_img_dir_relation` " .