fix(acl): manage filters (poller, host, service) on servicegroup acl (#…

…6163)
centreon · Mar 26, 2018 · ecef853 · ecef853
1 parent cad6845
commit ecef853
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 45 deletions.
diff --git a/cron/centAcl-Func.php b/cron/centAcl-Func.php
@@ -136,7 +136,6 @@ function getFilteredHostCategories($host, $acl_group_id, $res_id)
 /*
  * Return enable categories for this resource access
  */
-
 function getAuthorizedCategories($groupstr, $res_id)
 {
     global $pearDB;
@@ -219,37 +218,6 @@ function getACLSGForHost($pearDB, $host_id, $groupstr)
         }
     }
     return $svc;
-
-    /*
-     * Init Acl Table
-     */
-    $svc = array();
-    $condition = "";
-    if ($groupstr != "") {
-        $condition = " WHERE `acl_group_id` IN (" . $groupstr . ") AND ";
-    } else {
-        $condition = " WHERE ";
-    }
-
-    $DBRESULT = $pearDB->query("SELECT argr.`acl_res_id` FROM `acl_res_group_relations` argr, `acl_resources` ar " . $condition . " " .
-            "argr.acl_res_id = ar.acl_res_id " .
-            "AND ar.acl_res_activate = '1'");
-    while ($res = $DBRESULT->fetchRow()) {
-        $DBRESULT2 = $pearDB->query("SELECT `service_service_id` " .
-                "FROM `servicegroup`, `acl_resources_sg_relations`, `servicegroup_relation` " .
-                "WHERE `acl_res_id` = '" . $res["acl_res_id"] . "' " .
-                "AND `acl_resources_sg_relations`.`sg_id` = `servicegroup`.`sg_id` " .
-                "AND `servicegroup_relation`.`servicegroup_sg_id` = `servicegroup`.`sg_id` " .
-                "AND `servicegroup_relation`.`host_host_id` = '" . $host_id . "'");
-        while ($service = $DBRESULT2->fetchRow()) {
-            if (isset($svcCache[$service["service_service_id"]])) {
-                $svc[$svcCache[$service["service_service_id"]]] = $service["service_service_id"];
-            }
-        }
-        $DBRESULT2->free();
-    }
-    $DBRESULT->free();
-    return $svc;
 }
 
 /**

diff --git a/cron/centAcl.php b/cron/centAcl.php
@@ -479,18 +479,18 @@ function programExit($msg)
                         }
                     }
                 }
-                
+
                 if (isset($hostExclCache[$res2["acl_res_id"]])) {
                     foreach ($hostExclCache[$res2["acl_res_id"]] as $host_id => $host_name) {
                         unset($Host[$host_id]);
                     }
                 }
-                
+
                 /*
                  * Give Authorized Categories
                  */
                 $authorizedCategories = getAuthorizedCategories($acl_group_id, $res2["acl_res_id"]);
-                
+
                 /*
                  * get all Service groups
                  */
@@ -511,10 +511,12 @@ function programExit($msg)
                 		        AND servicegroup_relation.servicegroup_sg_id = acl_resources_sg_relations.sg_id
                 		        AND service_activate = '1'";
                 $DBRESULT3 = $pearDB->query($sgReq);
+
                 $sgElem = array();
                 $tmpH = array();
                 if ($DBRESULT3->numRows()) {
                     while ($h = $DBRESULT3->fetchRow()) {
+
                         if (!isset($sgElem[$h["host_name"]])) {
                             $sgElem[$h["host_name"]] = array();
                             $tmpH[$h['host_id']] = $h['host_name'];
@@ -523,19 +525,32 @@ function programExit($msg)
                     }
                 }
                 $DBRESULT3->free();
-
-                foreach ($tmpH as $key => $value) {
-                    $tab = getAuthorizedServicesHost($key, $acl_group_id, $res2["acl_res_id"], $authorizedCategories);
-                    foreach ($tab as $desc => $id) {
-                        if (isset($sgElem[$value]) && isset($sgElem[$value][$desc])) {
-                            if (!isset($tabElem[$value])) {
-                                $tabElem[$value] = array();
+
+                $tmpH = getFilteredHostCategories($tmpH, $acl_group_id, $res2["acl_res_id"]);
+                $tmpH = getFilteredPollers($tmpH, $acl_group_id, $res2["acl_res_id"]);
+
+                foreach ($sgElem as $key => $value) {
+                    if (in_array($key, $tmpH)) {
+                        if (count($authorizedCategories) == 0) { // no category filter
+                            $tabElem[$key] = $value;
+                        } else {
+                            // subkey = <service_description>, subvalue = <host_id>,<service_id>
+                            foreach ($value as $subkey => $subvalue) {
+                                if (preg_match('/\d+,(\d+)/', $subvalue, $matches)) { // get service id
+                                    $linkedServiceCategories = getServiceTemplateCategoryList($matches[1]);
+                                    foreach ($linkedServiceCategories as $linkedServiceCategory) {
+                                        // Check if category linked to service is allowed
+                                        if (in_array($linkedServiceCategory, $authorizedCategories)) {
+                                            $tabElem[$key][$subkey] = $subvalue;
+                                            break;
+                                        }
+                                    }
+                                }
                             }
-                            $tabElem[$value][$desc] = $key . "," . $id;
                         }
                     }
-                    unset($tab);
                 }
+
                 unset($tmpH);
                 unset($sgElem);
 
@@ -557,7 +572,7 @@ function programExit($msg)
                     unset($tab);
                 }
                 unset($Host);
-                    
+
                 /*
                  * Set meta services
                  */