From cd06c4c69dcf8d386e542e4f38dc5c5644dcc083 Mon Sep 17 00:00:00 2001 From: Kevin Duret Date: Thu, 22 Mar 2018 16:34:24 +0100 Subject: [PATCH] fix(acl): manage filters (poller, host, service) on servicegroup acl --- cron/centAcl-Func.php | 32 -------------------------------- cron/centAcl.php | 41 ++++++++++++++++++++++++++++------------- 2 files changed, 28 insertions(+), 45 deletions(-) diff --git a/cron/centAcl-Func.php b/cron/centAcl-Func.php index 200b05601f7..5f39d512ff0 100644 --- a/cron/centAcl-Func.php +++ b/cron/centAcl-Func.php @@ -136,7 +136,6 @@ function getFilteredHostCategories($host, $acl_group_id, $res_id) /* * Return enable categories for this resource access */ - function getAuthorizedCategories($groupstr, $res_id) { global $pearDB; @@ -219,37 +218,6 @@ function getACLSGForHost($pearDB, $host_id, $groupstr) } } return $svc; - - /* - * Init Acl Table - */ - $svc = array(); - $condition = ""; - if ($groupstr != "") { - $condition = " WHERE `acl_group_id` IN (" . $groupstr . ") AND "; - } else { - $condition = " WHERE "; - } - - $DBRESULT = $pearDB->query("SELECT argr.`acl_res_id` FROM `acl_res_group_relations` argr, `acl_resources` ar " . $condition . " " . - "argr.acl_res_id = ar.acl_res_id " . - "AND ar.acl_res_activate = '1'"); - while ($res = $DBRESULT->fetchRow()) { - $DBRESULT2 = $pearDB->query("SELECT `service_service_id` " . - "FROM `servicegroup`, `acl_resources_sg_relations`, `servicegroup_relation` " . - "WHERE `acl_res_id` = '" . $res["acl_res_id"] . "' " . - "AND `acl_resources_sg_relations`.`sg_id` = `servicegroup`.`sg_id` " . - "AND `servicegroup_relation`.`servicegroup_sg_id` = `servicegroup`.`sg_id` " . - "AND `servicegroup_relation`.`host_host_id` = '" . $host_id . "'"); - while ($service = $DBRESULT2->fetchRow()) { - if (isset($svcCache[$service["service_service_id"]])) { - $svc[$svcCache[$service["service_service_id"]]] = $service["service_service_id"]; - } - } - $DBRESULT2->free(); - } - $DBRESULT->free(); - return $svc; } /** diff --git a/cron/centAcl.php b/cron/centAcl.php index cf40139c838..de3d0a34e3d 100644 --- a/cron/centAcl.php +++ b/cron/centAcl.php @@ -479,18 +479,18 @@ function programExit($msg) } } } - + if (isset($hostExclCache[$res2["acl_res_id"]])) { foreach ($hostExclCache[$res2["acl_res_id"]] as $host_id => $host_name) { unset($Host[$host_id]); } } - + /* * Give Authorized Categories */ $authorizedCategories = getAuthorizedCategories($acl_group_id, $res2["acl_res_id"]); - + /* * get all Service groups */ @@ -511,10 +511,12 @@ function programExit($msg) AND servicegroup_relation.servicegroup_sg_id = acl_resources_sg_relations.sg_id AND service_activate = '1'"; $DBRESULT3 = $pearDB->query($sgReq); + $sgElem = array(); $tmpH = array(); if ($DBRESULT3->numRows()) { while ($h = $DBRESULT3->fetchRow()) { + if (!isset($sgElem[$h["host_name"]])) { $sgElem[$h["host_name"]] = array(); $tmpH[$h['host_id']] = $h['host_name']; @@ -523,19 +525,32 @@ function programExit($msg) } } $DBRESULT3->free(); - - foreach ($tmpH as $key => $value) { - $tab = getAuthorizedServicesHost($key, $acl_group_id, $res2["acl_res_id"], $authorizedCategories); - foreach ($tab as $desc => $id) { - if (isset($sgElem[$value]) && isset($sgElem[$value][$desc])) { - if (!isset($tabElem[$value])) { - $tabElem[$value] = array(); + + $tmpH = getFilteredHostCategories($tmpH, $acl_group_id, $res2["acl_res_id"]); + $tmpH = getFilteredPollers($tmpH, $acl_group_id, $res2["acl_res_id"]); + + foreach ($sgElem as $key => $value) { + if (in_array($key, $tmpH)) { + if (count($authorizedCategories) == 0) { // no category filter + $tabElem[$key] = $value; + } else { + // subkey = , subvalue = , + foreach ($value as $subkey => $subvalue) { + if (preg_match('/\d+,(\d+)/', $subvalue, $matches)) { // get service id + $linkedServiceCategories = getServiceTemplateCategoryList($matches[1]); + foreach ($linkedServiceCategories as $linkedServiceCategory) { + // Check if category linked to service is allowed + if (in_array($linkedServiceCategory, $authorizedCategories)) { + $tabElem[$key][$subkey] = $subvalue; + break; + } + } + } } - $tabElem[$value][$desc] = $key . "," . $id; } } - unset($tab); } + unset($tmpH); unset($sgElem); @@ -557,7 +572,7 @@ function programExit($msg) unset($tab); } unset($Host); - + /* * Set meta services */