function get_wizard_perms($dbconn) { define("NO_PERMS", 0); define("VISION_PERMS", 1); define("EDITING_PERMS", 2); $perms = array("entity_perms" => array(), "user_perms" => array()); $user_vision = !isset($_SESSION['_user_vision']) ? Acl::get_user_vision($dbconn) : $_SESSION['_user_vision']; //User permission $perms['user_perms'] = $user_vision['user']; //Entity permissions if (Session::am_i_admin()) { $perms['entity_perms'] = $user_vision['entity']; } else { foreach ($user_vision['entity'] as $entity_id => $perm) { $perms['entity_perms'][$entity_id] = NO_PERMS; //Initial permissions } $my_entities = Acl::get_my_entities($dbconn, '', FALSE); $my_entities_admin = $user_vision['entity_admin']; foreach ($my_entities as $entity_id => $entity) { if (!empty($my_entities_admin[$entity_id])) { $perms['entity_perms'][$entity_id] = EDITING_PERMS; } else { if ($perms['entity_perms'][$entity_id] < EDITING_PERMS) { $perms['entity_perms'][$entity_id] = VISION_PERMS; } } foreach ($entity['children'] as $entity_child_id) { if (!empty($my_entities_admin[$entity_id]) || !empty($my_entities_admin[$entity_child_id])) { $perms['entity_perms'][$entity_child_id] = EDITING_PERMS; } else { if ($perms['entity_perms'][$entity_child_id] < EDITING_PERMS) { $perms['entity_perms'][$entity_child_id] = VISION_PERMS; } } } } } return $perms; }
$cond_2 = $perms_check[$mainmenu][$key] == TRUE; if ($cond_1 && $cond_2) { $perms[$key] = TRUE; } } } } if ($mode == 'insert') { $msg = 'created'; if ($insert_menu == TRUE) { //New template $template_id = Session::update_template($conn, $login . "_perms", $perms); } Session::insert($conn, $login, $login_method, $pass1, $user_name, $email, $template_id, $entities, $sel_sensors, $sel_assets, $company, $department, $language, $first_login, $tzone, $is_admin); User_config::copy_panel($conn, $login); $_SESSION['_user_vision'] = $pro ? Acl::get_user_vision($conn) : Session::get_user_vision($conn); Util::memcacheFlush(); Session::log_pass_history($login, hash('sha256', $pass1)); } else { $msg = 'updated'; if ($insert_menu == TRUE) { Session::update_template($conn, $login . '_perms', $perms, $template_id); } $error = 0; if (($am_i_admin || $am_i_proadmin) && !$is_my_profile) { Session::update($conn, $login, $login_method, $user_name, $email, $template_id, $entities, $sel_sensors, $sel_assets, $company, $department, $language, $first_login, $tzone, $is_admin); Util::memcacheFlush(); } else { $error = Session::update_user_light($conn, $login, $login_method, $user_name, $email, $company, $department, $language, $first_login, $is_admin, $tzone); if ($error == 0) { Util::memcacheFlush();
} else { if ($action == 'delete_scan') { $query = 'SELECT username, name, id, scan_SERVER, report_id, status FROM vuln_jobs WHERE id=?'; $params = array($job_id); $result = $conn->execute($query, $params); $username = $result->fields['username']; $job_name = $result->fields['name']; $kill_id = $result->fields['id']; $nserver_id = $result->fields['scan_SERVER']; $report_id = $result->fields['report_id']; $can_i_delete = FALSE; if (Session::am_i_admin() || Session::get_session_user() == $username) { $can_i_delete = TRUE; } else { if (Session::is_pro() && Acl::am_i_proadmin()) { $user_vision = !isset($_SESSION['_user_vision']) ? Acl::get_user_vision($conn) : $_SESSION['_user_vision']; $my_entities_admin = array_keys($user_vision['entity_admin']); if (in_array($username, $my_entities_admin)) { $can_i_delete = TRUE; } } } if ($can_i_delete) { $query = 'DELETE FROM vuln_jobs WHERE id=?'; $params = array($kill_id); $result = $conn->execute($query, $params); $query = 'DELETE FROM vuln_nessus_reports WHERE report_id=?'; $params = array($report_id); $result = $conn->execute($query, $params); $query = 'DELETE FROM vuln_nessus_report_stats WHERE report_id=?'; $params = array($report_id);
$new->add_new_ctx($ctx, $ctx); } // try to attach a component // Only when modifying a remote sensor if ($cproperties['version'] != '' && !empty($_POST['rpass'])) { $new->set_component($conn); } $new->save_in_db($conn); if ($location != '') { Locations::insert_related_sensor($conn, $location, $sensor_id); } } catch (Exception $e) { if (Session::is_pro() && $new_context_uuid != '' && preg_match("/password/", $e->getMessage())) { Acl::delete_entities($conn, $new_context_uuid); // Refresh current permissions $_SESSION['_user_vision'] = Acl::get_user_vision($conn); } $config_nt = array('content' => $e->getMessage(), 'options' => array('type' => 'nf_error', 'cancel_button' => FALSE), 'style' => 'width: 80%; margin: 20px auto; text-align:center;'); $nt = new Notification('nt_1', $config_nt); $nt->show(); $db->close(); // Detected sensor not inserted yet, back to rpass mode if (!empty($_POST['rpass'])) { Util::make_form("POST", "newsensorform.php?ip={$ip}"); } else { Util::make_form("POST", "newsensorform.php?id={$sensor_id}&ip={$ip}&sname={$sname}"); } exit; } $db->close(); unset($_SESSION['_sensor_list']);