Commit c676342d authored by Laurent Calvet's avatar Laurent Calvet
Browse files

fix(poller): Fixed SQL and added access rights checking (#10841)

parent e6ad4a06
......@@ -48,6 +48,7 @@ class Contact implements UserInterface, ContactInterface
public const ROLE_HOST_ADD_COMMENT = 'ROLE_HOST_ADD_COMMENT';
public const ROLE_SERVICE_ADD_COMMENT = 'ROLE_SERVICE_ADD_COMMENT';
public const ROLE_DISPLAY_COMMAND = 'ROLE_DISPLAY_COMMAND';
public const ROLE_GENERATE_CONFIGURATION = 'ROLE_GENERATE_CONFIGURATION';
// user pages access
public const ROLE_CONFIGURATION_HOSTS_WRITE = 'ROLE_CONFIGURATION_HOSTS_HOSTS_RW';
......
......@@ -385,6 +385,9 @@ final class ContactRepositoryRDB implements ContactRepositoryInterface
case 'service_display_command':
$contact->addRole(Contact::ROLE_DISPLAY_COMMAND);
break;
case 'generate_cfg':
$contact->addRole(Contact::ROLE_GENERATE_CONFIGURATION);
break;
}
}
......
<?php
/*
* Copyright 2005-2015 Centreon
* Centreon is developped by : Julien Mathis and Romain Le Merlus under
......@@ -59,11 +60,12 @@ if (!CentreonSession::checkSession(session_id(), $pearDB)) {
print "Bad Session";
exit();
}
$centreon = $_SESSION['centreon'];
define('STATUS_OK', 0);
define('STATUS_NOK', 1);
if (!isset($_POST['poller'])) {
if (!isset($_POST['poller']) || ! $centreon->user->access->checkAction('generate_cfg')) {
exit;
}
......@@ -78,8 +80,10 @@ $pollers = explode(',', $_POST['poller']);
// Add task to export files if there is a remote
$pollerParams = [];
foreach ($pollers as $pollerId) {
$pollerParams[':poller_' . $pollerId] = $pollerId;
foreach ($pollers as $index => $pollerId) {
if (is_numeric($pollerId)) {
$pollerParams[':poller_' . $index] = $pollerId;
}
}
// SELECT Remote Servers from selected pollers
......@@ -177,9 +181,6 @@ try {
$nagiosCFGPath = _CENTREON_CACHEDIR_ . "/config/engine/";
$centreonBrokerPath = _CENTREON_CACHEDIR_ . "/config/broker/";
$centreon = $_SESSION['centreon'];
$centreon = $centreon;
/* Set new error handler */
set_error_handler('log_error');
......@@ -235,7 +236,7 @@ try {
/*
* Check if monitoring engine's configuration directory existss
*/
$dbResult = $pearDB->query(
$dbResult = $pearDB->query(
"SELECT cfg_dir FROM cfg_nagios, nagios_server
WHERE nagios_server.id = cfg_nagios.nagios_server_id
AND nagios_server.localhost = '1'
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment