function reportOrgPermission($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $arrCredentiasls) { $pACL = new paloACL($pDB); $pORGZ = new paloSantoOrganization($pDB); $arrGroups = array(); $arrOrgz = array(); $filter_resource = getParameter("filter_resource"); $idOrgFil = getParameter("idOrganization"); $orgTmp = $pORGZ->getOrganization(array()); if ($orgTmp === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr($pORGZ->errMsg)); } elseif (count($orgTmp) == 0) { $smarty->assign("mb_title", _tr("MESSAGE")); $msg = _tr("You haven't created any organization"); $smarty->assign("mb_message", $msg); } else { //si el usuario a selecionado una organizacion comprobamos que esta exista //caso contrario procedemos a sellecionar la primera disponible $flag = false; foreach ($orgTmp as $value) { $arrOrgz[$value["id"]] = $value["name"]; if ($value["id"] == $idOrgFil) { $flag = true; } } if (!$flag) { $idOrgFil = $orgTmp[0]['id']; } } $filter_resource = htmlentities($filter_resource); //buscamos en el arreglo del lenguaje la traduccion del recurso en caso de que exista $lang = get_language(); //lenguage que esta siendo usado $parameter_to_find = null; if (isset($filter_resource)) { if (trim($filter_resource) != "") { if ($lang != "en") { global $arrLang; $filter_value = strtolower(trim($filter_resource)); $parameter_to_find[] = $filter_value; //parametro de busqueda sin traduccion foreach ($arrLang as $key => $value) { $langValue = strtolower(trim($value)); if (preg_match("/^[[:alnum:]| ]*\$/", $filter_value)) { if (strpos($langValue, $filter_value) !== FALSE) { $parameter_to_find[] = $key; } } } } else { $parameter_to_find[] = $filter_resource; } } } //obtenemos el numero de recursos disponibles del sistema $total = 0; if (count($arrOrgz) > 0) { $total = $pACL->getNumResources($parameter_to_find, 'yes'); } if ($total == false && $pACL->errMsg != "") { $total = 0; $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("An error has ocurred to retrieved resources data")); } $limit = 25; $oGrid = new paloSantoGrid($smarty); $oGrid->setLimit($limit); $oGrid->setTotal($total); $offset = $oGrid->calculateOffset(); $end = $offset + $limit <= $total ? $offset + $limit : $total; $url["menu"] = $module_name; $url["filter_resource"] = $filter_resource; $url["idOrganization"] = $idOrgFil; $oGrid->setTitle(_tr("Organization Permission")); $oGrid->setURL($url); $oGrid->setWidth("99%"); $oGrid->setStart($total == 0 ? 0 : $offset + 1); $oGrid->setEnd($end); $oGrid->setTotal($total); $arrColumn = array(_tr("Resource"), "<input type='checkbox' name='selectAll' id='selectAll' />" . _tr('Permit Access')); $oGrid->setColumns($arrColumn); $arrData = array(); if (count($arrOrgz) > 0 && $total > 0) { //obtengo una lista con todos los recursos a los que una organizacion puede tener acceso $arrResource = $pACL->getListResources($limit, $offset, $parameter_to_find, 'yes'); //lista de los recursos permitidos a la organizacion seleccionada organizacion $arrResourceOrg = $pACL->getResourcesByOrg($idOrgFil, $parameter_to_find); if ($arrResourceOrg === false || $arrResource === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("An error has ocurred to retrieve resource list.") . " " . _tr($pACL->errMsg)); } else { $temp = array(); foreach ($arrResourceOrg as $value) { $temp[] = $value["id"]; } if (is_array($arrResource) && count($arrResource) > 0) { foreach ($arrResource as $resource) { $disabled = ""; if ($resource["id"] == 'usermgr' || $resource["id"] == 'grouplist' || $resource["id"] == 'userlist' || $resource["id"] == 'group_permission' || $resource["id"] == 'organization') { $disabled = "disabled='disabled'"; } $checked0 = ""; if (in_array($resource["id"], $temp)) { $checked0 = "checked"; } $arrTmp[0] = _tr($resource["description"]); $arrTmp[1] = "<input type='checkbox' {$disabled} name='resource[" . $resource["id"] . "]' id='" . $resource["id"] . "' class='resource' {$checked0}>" . " " . _tr("Permit"); $arrData[] = $arrTmp; } } } } $smarty->assign("SHOW", _tr("Show")); $smarty->assign("resource_apply", $filter_resource); if (count($arrOrgz) > 0) { $oGrid->addSubmitAction("apply", _tr("Save")); $oGrid->addComboAction("idOrganization", _tr("Organization"), $arrOrgz, $idOrgFil, "report"); $arrFormFilter = createFieldFilter(); $oFilterForm = new paloForm($smarty, $arrFormFilter); $htmlFilter = $oFilterForm->fetchForm("{$local_templates_dir}/filter.tpl", "", $_POST); $oGrid->addFilterControl(_tr("Filter applied ") . _tr("Resource") . " = {$filter_resource}", $_POST, array("filter_resource" => "")); $oGrid->showFilter(trim($htmlFilter)); } $contenidoModulo = $oGrid->fetchGrid(array(), $arrData); //end grid parameters return $contenidoModulo; }
function addRemovePortsUser($smarty, $module_name, $local_templates_dir, $pDB, $arrConf) { // Listar los usuarios y preparar el combo de usuarios disponibles $pACL = new paloACL($arrConf['elastix_dsn']['acl']); $id_user = getParameter('id_user'); $userlist = $pACL->getUsers(); $cbo_users = array(); foreach ($userlist as $userinfo) { $cbo_users[$userinfo[0]] = $userinfo[1] . ' - ' . $userinfo[2]; } // Verificar si el usuario existe if (!is_null($id_user)) { if (!isset($cbo_users[$id_user])) { Header("Location: ?menu={$module_name}"); return NULL; } } else { $id_user = $userlist[0][0]; } $ps = new paloSantoPortService($pDB); $pk = new paloSantoPortKnockUsers($pDB); // Construir lista de puertos autorizados $userauth = $pk->listAuthorizationsForUser($id_user); $portauths = array(); if (is_array($userauth)) { foreach ($userauth as $auth) { $portauths[$auth['id_port']] = $auth['id']; } } $portlist = $ps->ObtainPuertos($ps->ObtainNumPuertos('', ''), 0, '', ''); $listaIdPuertos = array(); foreach ($portlist as $portinfo) { $listaIdPuertos[] = $portinfo['id']; } if (isset($_POST['apply']) && is_array($_POST['auth_port'])) { // Se requiere aplicar lista de cambios $listaNuevosPuertos = array_keys($_POST['auth_port']); $bReglasBorradas = FALSE; // Borrar la autorización de todos los puertos que ya no aparecen $bExito = TRUE; foreach ($portauths as $id_port => $id_auth) { if (!in_array($id_port, $listaNuevosPuertos)) { if (!$pk->deleteAuthorization($id_auth)) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", $pk->errMsg); $bExito = FALSE; break; } else { unset($portauths[$id_port]); $bReglasBorradas = TRUE; } } } if (!$bExito) { break; } // Ingresar la autorización de los puertos nuevos foreach ($listaNuevosPuertos as $id_port) { if (in_array($id_port, $listaIdPuertos) && !isset($portauths[$id_port])) { $id_nueva_auth = $pk->insertAuthorization($id_user, $id_port); if (is_null($id_nueva_auth)) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", $pk->errMsg); $bExito = FALSE; break; } else { $portauths[$id_port] = $id_nueva_auth; } } } if ($bExito) { if ($bReglasBorradas) { // Ejecutar iptables para revocar las reglas del usuario require_once "modules/sec_rules/libs/paloSantoRules.class.php"; $pr = new paloSantoRules($pDB); $pr->activateRules(); } Header("Location: ?menu={$module_name}"); return NULL; } } $data = array(); if (is_array($portlist)) { foreach ($portlist as $portinfo) { $id_port = $portinfo['id']; $protocol_details = ''; switch ($portinfo['protocol']) { case 'TCP': case 'UDP': $protocol_details = (stripos($portinfo['details'], ':') === false ? _tr('Port') : _tr('Ports')) . ' ' . $portinfo['details']; break; case 'ICMP': $arr = explode(':', $portinfo['details']); if (isset($arr[1])) { $protocol_details = _tr('Type') . ": " . $arr[0] . " " . _tr('Code') . ": " . $arr[1]; } break; default: $protocol_details = _tr('Protocol Number') . ': ' . $portinfo['details']; break; } $data[] = array("<input type=\"checkbox\" name=\"auth_port[{$id_port}]\" " . (isset($portauths[$id_port]) ? 'checked="checked"' : '') . ' />', htmlentities($portinfo['name'], ENT_COMPAT, 'UTF-8'), htmlentities($portinfo['protocol'], ENT_COMPAT, 'UTF-8'), $protocol_details); } } $oGrid = new paloSantoGrid($smarty); $oGrid->setTitle(_tr('Add/remove ports for user')); $oGrid->setColumns(array('', _tr('Port'), _tr('Protocol'), _tr('Details'))); $oGrid->addSubmitAction('apply', _tr('Apply changes'), "modules/{$module_name}/images/Check.png"); $oGrid->addComboAction('id_user', _tr('User'), $cbo_users, $id_user, 'refresh', 'submit();'); // Construcción de la vista de puertos autorizados $oGrid->pagingShow(false); $url = array("menu" => $module_name); $oGrid->setURL($url); $oGrid->setData($data); return $oGrid->fetchGrid(); }
function reportGroupPermission($smarty, $module_name, $local_templates_dir, &$pDB, $arrConf, $credentials) { $pACL = new paloACL($pDB); $pORGZ = new paloSantoOrganization($pDB); $arrGroups = array(); $arrOrgz = array(); $idOrgFil = getParameter("idOrganization"); if ($credentials['userlevel'] == "superadmin") { $orgTmp = $pORGZ->getOrganization(array()); if ($orgTmp === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr($pORGZ->errMsg)); } elseif (count($orgTmp) == 0) { $smarty->assign("mb_title", _tr("MESSAGE")); $msg = _tr("You haven't created any organization"); $smarty->assign("mb_message", $msg); } else { //si el usuario a selecionado una organizacion comprobamos que esta exista //caso contrario procedemos a sellecionar la primera disponible $flag = false; foreach ($orgTmp as $value) { $arrOrgz[$value["id"]] = $value["name"]; if ($value["id"] == $idOrgFil) { $flag = true; } } if (!$flag) { $idOrgFil = $orgTmp[0]['id']; } } } else { $idOrgFil = $credentials['id_organization']; $orgTmp = $pORGZ->getOrganizationById($idOrgFil); if ($orgTmp == false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("An error has ocurred to retrieved organization data")); } else { $arrOrgz = $orgTmp; } } if (count($arrOrgz) > 0) { //que se un arreglo y que tenga al menos una organizacion $groupTmp = $pACL->getGroupsPaging(null, null, $idOrgFil); if ($groupTmp === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr($pACL->errMsg)); } else { foreach ($groupTmp as $value) { $arrGroups[$value[0]] = $value[1]; } } } $filter_group = getParameter("filter_group"); if (count($arrGroups) > 0) { if (empty($filter_group)) { //seleccionamos el primer grupo de la lista de grupos $filter_group = $groupTmp[0][0]; } //valido que el grupo pertenzca a la organizacion if ($pACL->getGroups($filter_group, $idOrgFil) == false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("Invalid Group")); $filter_group = $groupTmp[0][0]; } } $filter_resource = getParameter("filter_resource"); $lang = get_language(); if ($lang != "en") { if (isset($filter_resource)) { if (trim($filter_resource) != "") { global $arrLang; $filter_value = strtolower(trim($filter_resource)); $parameter_to_find[] = $filter_value; //parametro de busqueda sin traduccion foreach ($arrLang as $key => $value) { $langValue = strtolower(trim($value)); if (preg_match("/^[[:alnum:]| ]*\$/", $filter_value)) { if (strpos($langValue, $filter_value) !== FALSE) { $parameter_to_find[] = $key; } } } } } } if (isset($filter_resource)) { $parameter_to_find[] = $filter_resource; } else { $parameter_to_find = null; } $totalGroupPermission = 0; if (count($arrGroups) > 0) { $arrResourceOrg = $pACL->getResourcesByOrg($idOrgFil, $parameter_to_find); if ($arrResourceOrg === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("An error has ocurred to retrieved Resources")); } else { $totalGroupPermission = count($arrResourceOrg); } } //begin grid parameters $oGrid = new paloSantoGrid($smarty); $limit = 25; $total = $totalGroupPermission; $oGrid->setLimit($limit); $oGrid->setTotal($total); $offset = $oGrid->calculateOffset(); $end = $offset + $limit <= $total ? $offset + $limit : $total; $url['menu'] = $module_name; $url['idOrganization'] = $idOrgFil; $url['filter_group'] = $filter_group; $url['filter_resource'] = $filter_resource; $arrData = $arrResourceActions = $arrPermisos = array(); $error = false; if (count($arrGroups) > 0 && $totalGroupPermission > 0) { $arrResource = array_slice($arrResourceOrg, $offset, $limit); $idGroup = $filter_group; foreach ($arrResource as $resource) { $listResource[] = $resource['id']; //lista de id de los recursos que queremos consulta $listResDes[$resource['id']] = $resource['description']; } //las acciones que tiene cada drecurso $arrResourceActions = $pACL->getResourcesActions($listResource); if ($arrResourceActions === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("An error has ocurred to retrieved Resources Actions")); $error = true; } //los premisos que tiene el grupo $arrPermisos = $pACL->loadGroupPermissions($idGroup, $listResource); if ($arrPermisos === false) { $smarty->assign("mb_title", _tr("ERROR")); $smarty->assign("mb_message", _tr("An error has ocurred to retrieved Group Permissions")); $error = true; } } $max_actions = 0; $isAdministrator = $pACL->getGroupNameByid($idGroup) == _tr("administrator") ? true : false; if ($totalGroupPermission > 0 && !$error) { foreach ($arrResourceActions as $resource => $actions) { $arrTmp = array(); $arrTmp[] = _tr($listResDes[$resource]); $disabled = ""; if ($isAdministrator && ($resource == 'grouplist' || $resource == 'userlist' || $resource == 'group_permission')) { $disabled = "disabled='disabled'"; } //dentro del modulo organizacion ahi acciones que unicamente las puede realizar el superadmin //por lo tando no deben aparecer listadas if ($resource == "organization") { $actions = array_diff($actions, array('change_org_status', 'create_org', 'delete_org', 'edit_DID')); } elseif ($resource == "dashboard") { $actions = array('access'); } elseif ($resource == 'cdrreport') { $actions = array('access', 'export'); } if (count($actions) > $max_actions) { $max_actions = count($actions); } $desactivar = false; if (isset($arrPermisos[$resource])) { //grupo no tiene nigun permiso if (!in_array('access', $arrPermisos[$resource])) { $desactivar = true; } } else { $desactivar = true; $arrPermisos[$resource] = array(); } foreach ($actions as $action) { $class = 'other_act'; if ($action == 'access') { $class = 'access_act'; } elseif ($desactivar) { $disabled = "disabled='disabled'"; } $checked0 = ''; //chequeamos si la accion se encuentra en la lista de acciones permitidas en el recurso if (in_array($action, $arrPermisos[$resource])) { $checked0 = "checked"; } $arrTmp[] = "<input type='checkbox' class='{$class}' {$disabled} name='groupPermission[" . $resource . "][{$action}]' {$checked0}> {$action}"; } $arrData[] = $arrTmp; } } $oGrid->setTitle(_tr("Group Permission")); $oGrid->setURL($url); $oGrid->setWidth("99%"); $oGrid->setStart($total == 0 ? 0 : $offset + 1); $oGrid->setEnd($end); $oGrid->setTotal($total); $arrColumn[] = _tr("Resource"); for ($i = 1; $i <= $max_actions; $i++) { $act = _tr("Action"); $arrColumn[] = "{$act}" . " {$i}"; } $oGrid->setColumns($arrColumn); //begin section filter $arrFormFilter = createFieldFilter($arrGroups); $oFilterForm = new paloForm($smarty, $arrFormFilter); $smarty->assign("SHOW", _tr("Show")); $smarty->assign("limit_apply", htmlspecialchars($limit, ENT_COMPAT, 'UTF-8')); $smarty->assign("offset_apply", htmlspecialchars($offset, ENT_COMPAT, 'UTF-8')); $smarty->assign("resource_apply", htmlentities($filter_resource)); $_POST["filter_group"] = htmlspecialchars($filter_group, ENT_COMPAT, 'UTF-8'); $_POST["filter_resource"] = htmlspecialchars($filter_resource, ENT_COMPAT, 'UTF-8'); $_POST["idOrganization"] = $idOrgFil; if (count($arrOrgz) > 0) { global $arrPermission; if (in_array('edit_permission', $arrPermission)) { $oGrid->addSubmitAction("apply", _tr("Save")); } if ($credentials['userlevel'] == "superadmin") { $oGrid->addComboAction("idOrganization", _tr("Organization"), $arrOrgz, $idOrgFil, "report"); } $nameGroup = isset($arrGroups[$filter_group]) ? $arrGroups[$filter_group] : ""; $oGrid->addFilterControl(_tr("Filter applied ") . _tr("Group") . " = {$nameGroup}", $_POST, array("filter_group" => $groupTmp[0][0]), true); $oGrid->addFilterControl(_tr("Filter applied ") . _tr("Resource") . " = {$filter_resource}", $_POST, array("filter_resource" => "")); $htmlFilter = $oFilterForm->fetchForm("{$local_templates_dir}/filter.tpl", "", $_POST); $oGrid->showFilter(trim($htmlFilter)); } else { $smarty->assign("mb_title", _tr("MESSAGE")); $smarty->assign("mb_message", _tr("You haven't created any organization")); } $contenidoModulo = $oGrid->fetchGrid(array(), $arrData); //end grid parameters return $contenidoModulo; }