function reportOrgPermission($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $arrCredentiasls)
{
$pACL = new paloACL($pDB);
$pORGZ = new paloSantoOrganization($pDB);
$arrGroups = array();
$arrOrgz = array();
$filter_resource = getParameter("filter_resource");
$idOrgFil = getParameter("idOrganization");
$orgTmp = $pORGZ->getOrganization(array());
if ($orgTmp === false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr($pORGZ->errMsg));
} elseif (count($orgTmp) == 0) {
$smarty->assign("mb_title", _tr("MESSAGE"));
$msg = _tr("You haven't created any organization");
$smarty->assign("mb_message", $msg);
} else {
//si el usuario a selecionado una organizacion comprobamos que esta exista
//caso contrario procedemos a sellecionar la primera disponible
$flag = false;
foreach ($orgTmp as $value) {
$arrOrgz[$value["id"]] = $value["name"];
if ($value["id"] == $idOrgFil) {
$flag = true;
}
}
if (!$flag) {
$idOrgFil = $orgTmp[0]['id'];
}
}
$filter_resource = htmlentities($filter_resource);
//buscamos en el arreglo del lenguaje la traduccion del recurso en caso de que exista
$lang = get_language();
//lenguage que esta siendo usado
$parameter_to_find = null;
if (isset($filter_resource)) {
if (trim($filter_resource) != "") {
if ($lang != "en") {
global $arrLang;
$filter_value = strtolower(trim($filter_resource));
$parameter_to_find[] = $filter_value;
//parametro de busqueda sin traduccion
foreach ($arrLang as $key => $value) {
$langValue = strtolower(trim($value));
if (preg_match("/^[[:alnum:]| ]*\$/", $filter_value)) {
if (strpos($langValue, $filter_value) !== FALSE) {
$parameter_to_find[] = $key;
}
}
}
} else {
$parameter_to_find[] = $filter_resource;
}
}
}
//obtenemos el numero de recursos disponibles del sistema
$total = 0;
if (count($arrOrgz) > 0) {
$total = $pACL->getNumResources($parameter_to_find, 'yes');
}
if ($total == false && $pACL->errMsg != "") {
$total = 0;
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("An error has ocurred to retrieved resources data"));
}
$limit = 25;
$oGrid = new paloSantoGrid($smarty);
$oGrid->setLimit($limit);
$oGrid->setTotal($total);
$offset = $oGrid->calculateOffset();
$end = $offset + $limit <= $total ? $offset + $limit : $total;
$url["menu"] = $module_name;
$url["filter_resource"] = $filter_resource;
$url["idOrganization"] = $idOrgFil;
$oGrid->setTitle(_tr("Organization Permission"));
$oGrid->setURL($url);
$oGrid->setWidth("99%");
$oGrid->setStart($total == 0 ? 0 : $offset + 1);
$oGrid->setEnd($end);
$oGrid->setTotal($total);
$arrColumn = array(_tr("Resource"), "<input type='checkbox' name='selectAll' id='selectAll' />" . _tr('Permit Access'));
$oGrid->setColumns($arrColumn);
$arrData = array();
if (count($arrOrgz) > 0 && $total > 0) {
//obtengo una lista con todos los recursos a los que una organizacion puede tener acceso
$arrResource = $pACL->getListResources($limit, $offset, $parameter_to_find, 'yes');
//lista de los recursos permitidos a la organizacion seleccionada organizacion
$arrResourceOrg = $pACL->getResourcesByOrg($idOrgFil, $parameter_to_find);
if ($arrResourceOrg === false || $arrResource === false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("An error has ocurred to retrieve resource list.") . " " . _tr($pACL->errMsg));
} else {
$temp = array();
foreach ($arrResourceOrg as $value) {
$temp[] = $value["id"];
}
if (is_array($arrResource) && count($arrResource) > 0) {
foreach ($arrResource as $resource) {
$disabled = "";
if ($resource["id"] == 'usermgr' || $resource["id"] == 'grouplist' || $resource["id"] == 'userlist' || $resource["id"] == 'group_permission' || $resource["id"] == 'organization') {
$disabled = "disabled='disabled'";
}
$checked0 = "";
if (in_array($resource["id"], $temp)) {
$checked0 = "checked";
}
$arrTmp[0] = _tr($resource["description"]);
$arrTmp[1] = "<input type='checkbox' {$disabled} name='resource[" . $resource["id"] . "]' id='" . $resource["id"] . "' class='resource' {$checked0}>" . " " . _tr("Permit");
$arrData[] = $arrTmp;
}
}
}
}
$smarty->assign("SHOW", _tr("Show"));
$smarty->assign("resource_apply", $filter_resource);
if (count($arrOrgz) > 0) {
$oGrid->addSubmitAction("apply", _tr("Save"));
$oGrid->addComboAction("idOrganization", _tr("Organization"), $arrOrgz, $idOrgFil, "report");
$arrFormFilter = createFieldFilter();
$oFilterForm = new paloForm($smarty, $arrFormFilter);
$htmlFilter = $oFilterForm->fetchForm("{$local_templates_dir}/filter.tpl", "", $_POST);
$oGrid->addFilterControl(_tr("Filter applied ") . _tr("Resource") . " = {$filter_resource}", $_POST, array("filter_resource" => ""));
$oGrid->showFilter(trim($htmlFilter));
}
$contenidoModulo = $oGrid->fetchGrid(array(), $arrData);
//end grid parameters
return $contenidoModulo;
}
function addRemovePortsUser($smarty, $module_name, $local_templates_dir, $pDB, $arrConf)
{
// Listar los usuarios y preparar el combo de usuarios disponibles
$pACL = new paloACL($arrConf['elastix_dsn']['acl']);
$id_user = getParameter('id_user');
$userlist = $pACL->getUsers();
$cbo_users = array();
foreach ($userlist as $userinfo) {
$cbo_users[$userinfo[0]] = $userinfo[1] . ' - ' . $userinfo[2];
}
// Verificar si el usuario existe
if (!is_null($id_user)) {
if (!isset($cbo_users[$id_user])) {
Header("Location: ?menu={$module_name}");
return NULL;
}
} else {
$id_user = $userlist[0][0];
}
$ps = new paloSantoPortService($pDB);
$pk = new paloSantoPortKnockUsers($pDB);
// Construir lista de puertos autorizados
$userauth = $pk->listAuthorizationsForUser($id_user);
$portauths = array();
if (is_array($userauth)) {
foreach ($userauth as $auth) {
$portauths[$auth['id_port']] = $auth['id'];
}
}
$portlist = $ps->ObtainPuertos($ps->ObtainNumPuertos('', ''), 0, '', '');
$listaIdPuertos = array();
foreach ($portlist as $portinfo) {
$listaIdPuertos[] = $portinfo['id'];
}
if (isset($_POST['apply']) && is_array($_POST['auth_port'])) {
// Se requiere aplicar lista de cambios
$listaNuevosPuertos = array_keys($_POST['auth_port']);
$bReglasBorradas = FALSE;
// Borrar la autorización de todos los puertos que ya no aparecen
$bExito = TRUE;
foreach ($portauths as $id_port => $id_auth) {
if (!in_array($id_port, $listaNuevosPuertos)) {
if (!$pk->deleteAuthorization($id_auth)) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", $pk->errMsg);
$bExito = FALSE;
break;
} else {
unset($portauths[$id_port]);
$bReglasBorradas = TRUE;
}
}
}
if (!$bExito) {
break;
}
// Ingresar la autorización de los puertos nuevos
foreach ($listaNuevosPuertos as $id_port) {
if (in_array($id_port, $listaIdPuertos) && !isset($portauths[$id_port])) {
$id_nueva_auth = $pk->insertAuthorization($id_user, $id_port);
if (is_null($id_nueva_auth)) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", $pk->errMsg);
$bExito = FALSE;
break;
} else {
$portauths[$id_port] = $id_nueva_auth;
}
}
}
if ($bExito) {
if ($bReglasBorradas) {
// Ejecutar iptables para revocar las reglas del usuario
require_once "modules/sec_rules/libs/paloSantoRules.class.php";
$pr = new paloSantoRules($pDB);
$pr->activateRules();
}
Header("Location: ?menu={$module_name}");
return NULL;
}
}
$data = array();
if (is_array($portlist)) {
foreach ($portlist as $portinfo) {
$id_port = $portinfo['id'];
$protocol_details = '';
switch ($portinfo['protocol']) {
case 'TCP':
case 'UDP':
$protocol_details = (stripos($portinfo['details'], ':') === false ? _tr('Port') : _tr('Ports')) . ' ' . $portinfo['details'];
break;
case 'ICMP':
$arr = explode(':', $portinfo['details']);
if (isset($arr[1])) {
$protocol_details = _tr('Type') . ": " . $arr[0] . " " . _tr('Code') . ": " . $arr[1];
}
break;
default:
$protocol_details = _tr('Protocol Number') . ': ' . $portinfo['details'];
break;
}
$data[] = array("<input type=\"checkbox\" name=\"auth_port[{$id_port}]\" " . (isset($portauths[$id_port]) ? 'checked="checked"' : '') . ' />', htmlentities($portinfo['name'], ENT_COMPAT, 'UTF-8'), htmlentities($portinfo['protocol'], ENT_COMPAT, 'UTF-8'), $protocol_details);
}
}
$oGrid = new paloSantoGrid($smarty);
$oGrid->setTitle(_tr('Add/remove ports for user'));
$oGrid->setColumns(array('', _tr('Port'), _tr('Protocol'), _tr('Details')));
$oGrid->addSubmitAction('apply', _tr('Apply changes'), "modules/{$module_name}/images/Check.png");
$oGrid->addComboAction('id_user', _tr('User'), $cbo_users, $id_user, 'refresh', 'submit();');
// Construcción de la vista de puertos autorizados
$oGrid->pagingShow(false);
$url = array("menu" => $module_name);
$oGrid->setURL($url);
$oGrid->setData($data);
return $oGrid->fetchGrid();
}
function reportGroupPermission($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $credentials)
{
$pACL = new paloACL($pDB);
$pORGZ = new paloSantoOrganization($pDB);
$arrGroups = array();
$arrOrgz = array();
$idOrgFil = getParameter("idOrganization");
if ($credentials['userlevel'] == "superadmin") {
$orgTmp = $pORGZ->getOrganization(array());
if ($orgTmp === false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr($pORGZ->errMsg));
} elseif (count($orgTmp) == 0) {
$smarty->assign("mb_title", _tr("MESSAGE"));
$msg = _tr("You haven't created any organization");
$smarty->assign("mb_message", $msg);
} else {
//si el usuario a selecionado una organizacion comprobamos que esta exista
//caso contrario procedemos a sellecionar la primera disponible
$flag = false;
foreach ($orgTmp as $value) {
$arrOrgz[$value["id"]] = $value["name"];
if ($value["id"] == $idOrgFil) {
$flag = true;
}
}
if (!$flag) {
$idOrgFil = $orgTmp[0]['id'];
}
}
} else {
$idOrgFil = $credentials['id_organization'];
$orgTmp = $pORGZ->getOrganizationById($idOrgFil);
if ($orgTmp == false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("An error has ocurred to retrieved organization data"));
} else {
$arrOrgz = $orgTmp;
}
}
if (count($arrOrgz) > 0) {
//que se un arreglo y que tenga al menos una organizacion
$groupTmp = $pACL->getGroupsPaging(null, null, $idOrgFil);
if ($groupTmp === false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr($pACL->errMsg));
} else {
foreach ($groupTmp as $value) {
$arrGroups[$value[0]] = $value[1];
}
}
}
$filter_group = getParameter("filter_group");
if (count($arrGroups) > 0) {
if (empty($filter_group)) {
//seleccionamos el primer grupo de la lista de grupos
$filter_group = $groupTmp[0][0];
}
//valido que el grupo pertenzca a la organizacion
if ($pACL->getGroups($filter_group, $idOrgFil) == false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("Invalid Group"));
$filter_group = $groupTmp[0][0];
}
}
$filter_resource = getParameter("filter_resource");
$lang = get_language();
if ($lang != "en") {
if (isset($filter_resource)) {
if (trim($filter_resource) != "") {
global $arrLang;
$filter_value = strtolower(trim($filter_resource));
$parameter_to_find[] = $filter_value;
//parametro de busqueda sin traduccion
foreach ($arrLang as $key => $value) {
$langValue = strtolower(trim($value));
if (preg_match("/^[[:alnum:]| ]*\$/", $filter_value)) {
if (strpos($langValue, $filter_value) !== FALSE) {
$parameter_to_find[] = $key;
}
}
}
}
}
}
if (isset($filter_resource)) {
$parameter_to_find[] = $filter_resource;
} else {
$parameter_to_find = null;
}
$totalGroupPermission = 0;
if (count($arrGroups) > 0) {
$arrResourceOrg = $pACL->getResourcesByOrg($idOrgFil, $parameter_to_find);
if ($arrResourceOrg === false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("An error has ocurred to retrieved Resources"));
} else {
$totalGroupPermission = count($arrResourceOrg);
}
}
//begin grid parameters
$oGrid = new paloSantoGrid($smarty);
$limit = 25;
$total = $totalGroupPermission;
$oGrid->setLimit($limit);
$oGrid->setTotal($total);
$offset = $oGrid->calculateOffset();
$end = $offset + $limit <= $total ? $offset + $limit : $total;
$url['menu'] = $module_name;
$url['idOrganization'] = $idOrgFil;
$url['filter_group'] = $filter_group;
$url['filter_resource'] = $filter_resource;
$arrData = $arrResourceActions = $arrPermisos = array();
$error = false;
if (count($arrGroups) > 0 && $totalGroupPermission > 0) {
$arrResource = array_slice($arrResourceOrg, $offset, $limit);
$idGroup = $filter_group;
foreach ($arrResource as $resource) {
$listResource[] = $resource['id'];
//lista de id de los recursos que queremos consulta
$listResDes[$resource['id']] = $resource['description'];
}
//las acciones que tiene cada drecurso
$arrResourceActions = $pACL->getResourcesActions($listResource);
if ($arrResourceActions === false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("An error has ocurred to retrieved Resources Actions"));
$error = true;
}
//los premisos que tiene el grupo
$arrPermisos = $pACL->loadGroupPermissions($idGroup, $listResource);
if ($arrPermisos === false) {
$smarty->assign("mb_title", _tr("ERROR"));
$smarty->assign("mb_message", _tr("An error has ocurred to retrieved Group Permissions"));
$error = true;
}
}
$max_actions = 0;
$isAdministrator = $pACL->getGroupNameByid($idGroup) == _tr("administrator") ? true : false;
if ($totalGroupPermission > 0 && !$error) {
foreach ($arrResourceActions as $resource => $actions) {
$arrTmp = array();
$arrTmp[] = _tr($listResDes[$resource]);
$disabled = "";
if ($isAdministrator && ($resource == 'grouplist' || $resource == 'userlist' || $resource == 'group_permission')) {
$disabled = "disabled='disabled'";
}
//dentro del modulo organizacion ahi acciones que unicamente las puede realizar el superadmin
//por lo tando no deben aparecer listadas
if ($resource == "organization") {
$actions = array_diff($actions, array('change_org_status', 'create_org', 'delete_org', 'edit_DID'));
} elseif ($resource == "dashboard") {
$actions = array('access');
} elseif ($resource == 'cdrreport') {
$actions = array('access', 'export');
}
if (count($actions) > $max_actions) {
$max_actions = count($actions);
}
$desactivar = false;
if (isset($arrPermisos[$resource])) {
//grupo no tiene nigun permiso
if (!in_array('access', $arrPermisos[$resource])) {
$desactivar = true;
}
} else {
$desactivar = true;
$arrPermisos[$resource] = array();
}
foreach ($actions as $action) {
$class = 'other_act';
if ($action == 'access') {
$class = 'access_act';
} elseif ($desactivar) {
$disabled = "disabled='disabled'";
}
$checked0 = '';
//chequeamos si la accion se encuentra en la lista de acciones permitidas en el recurso
if (in_array($action, $arrPermisos[$resource])) {
$checked0 = "checked";
}
$arrTmp[] = "<input type='checkbox' class='{$class}' {$disabled} name='groupPermission[" . $resource . "][{$action}]' {$checked0}> {$action}";
}
$arrData[] = $arrTmp;
}
}
$oGrid->setTitle(_tr("Group Permission"));
$oGrid->setURL($url);
$oGrid->setWidth("99%");
$oGrid->setStart($total == 0 ? 0 : $offset + 1);
$oGrid->setEnd($end);
$oGrid->setTotal($total);
$arrColumn[] = _tr("Resource");
for ($i = 1; $i <= $max_actions; $i++) {
$act = _tr("Action");
$arrColumn[] = "{$act}" . " {$i}";
}
$oGrid->setColumns($arrColumn);
//begin section filter
$arrFormFilter = createFieldFilter($arrGroups);
$oFilterForm = new paloForm($smarty, $arrFormFilter);
$smarty->assign("SHOW", _tr("Show"));
$smarty->assign("limit_apply", htmlspecialchars($limit, ENT_COMPAT, 'UTF-8'));
$smarty->assign("offset_apply", htmlspecialchars($offset, ENT_COMPAT, 'UTF-8'));
$smarty->assign("resource_apply", htmlentities($filter_resource));
$_POST["filter_group"] = htmlspecialchars($filter_group, ENT_COMPAT, 'UTF-8');
$_POST["filter_resource"] = htmlspecialchars($filter_resource, ENT_COMPAT, 'UTF-8');
$_POST["idOrganization"] = $idOrgFil;
if (count($arrOrgz) > 0) {
global $arrPermission;
if (in_array('edit_permission', $arrPermission)) {
$oGrid->addSubmitAction("apply", _tr("Save"));
}
if ($credentials['userlevel'] == "superadmin") {
$oGrid->addComboAction("idOrganization", _tr("Organization"), $arrOrgz, $idOrgFil, "report");
}
$nameGroup = isset($arrGroups[$filter_group]) ? $arrGroups[$filter_group] : "";
$oGrid->addFilterControl(_tr("Filter applied ") . _tr("Group") . " = {$nameGroup}", $_POST, array("filter_group" => $groupTmp[0][0]), true);
$oGrid->addFilterControl(_tr("Filter applied ") . _tr("Resource") . " = {$filter_resource}", $_POST, array("filter_resource" => ""));
$htmlFilter = $oFilterForm->fetchForm("{$local_templates_dir}/filter.tpl", "", $_POST);
$oGrid->showFilter(trim($htmlFilter));
} else {
$smarty->assign("mb_title", _tr("MESSAGE"));
$smarty->assign("mb_message", _tr("You haven't created any organization"));
}
$contenidoModulo = $oGrid->fetchGrid(array(), $arrData);
//end grid parameters
return $contenidoModulo;
}
