From 3515d23f7196ecffa228f3bce85fc5f310570d45 Mon Sep 17 00:00:00 2001 From: nuxsmin Date: Wed, 1 Feb 2017 15:39:48 +0100 Subject: [PATCH] * [FIX] Fixed bug when retrieving account ACL to show accesses box. * [FIX] Fixed bug on API token deletion. * [MOD] Improved event log management. --- ajax/ajax_eventlog.php | 17 ++----- inc/SP/Account/AccountAcl.class.php | 5 +- inc/SP/Api/ApiTokens.class.php | 6 +-- .../Controller/EventlogController.class.php | 48 ++++++++++++------- .../Controller/ItemActionController.class.php | 10 ++-- inc/SP/Log/Log.class.php | 6 +-- js/app-actions.js | 10 +++- js/app-actions.min.js | 16 +++---- 8 files changed, 65 insertions(+), 53 deletions(-) diff --git a/ajax/ajax_eventlog.php b/ajax/ajax_eventlog.php index 8e5cf7d8..34aa7891 100644 --- a/ajax/ajax_eventlog.php +++ b/ajax/ajax_eventlog.php @@ -24,7 +24,6 @@ use SP\Controller\EventlogController; use SP\Core\Init; -use SP\Core\Template; use SP\Http\Request; define('APP_ROOT', '..'); @@ -37,16 +36,6 @@ if (!Init::isLoggedIn()) { \SP\Util\Util::logout(); } -$start = Request::analyze('start', 0); -$clear = Request::analyze('clear', 0); -$sk = Request::analyze('sk', false); - -$Tpl = new Template(); -$Tpl->assign('limitStart', $start); -$Tpl->assign('clear', $clear); -$Tpl->assign('sk', $sk); -$Tpl->assign('queryTimeStart', microtime()); -$Controller = new EventlogController($Tpl); -$Controller->checkClear(); -$Controller->getEventlog(); -echo $Tpl->render(); \ No newline at end of file +$Controller = new EventlogController(); +$Controller->doAction(); +$Controller->view(); \ No newline at end of file diff --git a/inc/SP/Account/AccountAcl.class.php b/inc/SP/Account/AccountAcl.class.php index d73ca3c5..39dc2e7b 100644 --- a/inc/SP/Account/AccountAcl.class.php +++ b/inc/SP/Account/AccountAcl.class.php @@ -528,9 +528,10 @@ class AccountAcl public function isShowPermission() { $UserProfile = Session::getUserProfile(); + $UserData = Session::getUserData(); - return $this->UserData->isUserIsAdminAcc() - || $this->UserData->isUserIsAdminApp() + return $UserData->isUserIsAdminAcc() + || $UserData->isUserIsAdminApp() || $UserProfile->isAccPermission() || $UserProfile->isAccPrivateGroup() || $UserProfile->isAccPrivate(); diff --git a/inc/SP/Api/ApiTokens.class.php b/inc/SP/Api/ApiTokens.class.php index 60ee4c19..bf06a0e1 100644 --- a/inc/SP/Api/ApiTokens.class.php +++ b/inc/SP/Api/ApiTokens.class.php @@ -229,16 +229,16 @@ class ApiTokens /** * Eliminar token * - * @throws SPException + * @param $id */ - public function deleteToken() + public function deleteToken($id) { $query = /** @lang SQL */ 'DELETE FROM authTokens WHERE authtoken_id = ? LIMIT 1'; $Data = new QueryData(); $Data->setQuery($query); - $Data->addParam($this->tokenId); + $Data->addParam($id); $Data->setOnErrorMessage(__('Error interno', false)); DB::getQuery($Data); diff --git a/inc/SP/Controller/EventlogController.class.php b/inc/SP/Controller/EventlogController.class.php index 5b542cd3..b2999ee0 100644 --- a/inc/SP/Controller/EventlogController.class.php +++ b/inc/SP/Controller/EventlogController.class.php @@ -27,11 +27,13 @@ namespace SP\Controller; defined('APP_ROOT') || die(); use SP\Core\ActionsInterface; +use SP\Core\Messages\LogMessage; use SP\Core\SessionUtil; use SP\Core\Template; use SP\Html\DataGrid\DataGridActionSearch; use SP\Html\DataGrid\DataGridActionType; use SP\Html\DataGrid\DataGridPager; +use SP\Http\Request; use SP\Http\Response; use SP\Log\Log; use SP\Util\Checks; @@ -46,7 +48,11 @@ class EventlogController extends ControllerBase implements ActionsInterface /** * Número de máximo de registros por página */ - const MAX_ROWS = 30; + const MAX_ROWS = 50; + /** + * @var + */ + protected $limitStart; /** * Constructor @@ -60,6 +66,21 @@ class EventlogController extends ControllerBase implements ActionsInterface $this->view->assign('sk', SessionUtil::getSessionKey(true)); } + /** + * Realizar las acciones del controlador + * + * @param mixed $type Tipo de acción + */ + public function doAction($type = null) + { + $this->limitStart = Request::analyze('start', 0); + + $this->checkClear(); + $this->getEventlog(); + + $this->EventDispatcher->notifyEvent('show.eventlog', $this); + } + /** * Comprobar si es necesario limpiar el registro de eventos * @@ -70,27 +91,20 @@ class EventlogController extends ControllerBase implements ActionsInterface */ public function checkClear() { - if ($this->view->clear + $clear = Request::analyze('clear', 0); + + if ($clear === 1 && $this->view->sk && SessionUtil::checkSessionKey($this->view->sk) ) { Log::clearEvents(); + + Log::writeNewLogAndEmail(__('Vaciar Eventos', false), __('Vaciar registro de eventos', false), null); + Response::printJson(__('Registro de eventos vaciado', false), 0); } } - /** - * Realizar las accione del controlador - * - * @param mixed $type Tipo de acción - */ - public function doAction($type = null) - { - $this->getEventlog(); - - $this->EventDispatcher->notifyEvent('show.eventlog', $this); - } - /** * Obtener los datos para la presentación de la tabla de eventos */ @@ -113,8 +127,8 @@ class EventlogController extends ControllerBase implements ActionsInterface $this->view->assign('rowClass', 'row_even'); $this->view->assign('isDemoMode', Checks::demoIsEnabled() || !$this->UserData->isUserIsAdminApp()); - $this->view->assign('limitStart', isset($this->view->limitStart) ? (int)$this->view->limitStart : 0); - $this->view->assign('events', Log::getEvents($this->view->limitStart, self::MAX_ROWS)); + $this->view->assign('limitStart', $this->limitStart); + $this->view->assign('events', Log::getEvents($this->limitStart, self::MAX_ROWS)); $Pager = $this->getPager($GridActionSearch); $Pager->setTotalRows(Log::$numRows); @@ -133,7 +147,7 @@ class EventlogController extends ControllerBase implements ActionsInterface $GridPager = new DataGridPager(); $GridPager->setSourceAction($sourceAction); $GridPager->setOnClickFunction('eventlog/nav'); - $GridPager->setLimitStart($this->view->limitStart); + $GridPager->setLimitStart($this->limitStart); $GridPager->setLimitCount(self::MAX_ROWS); $GridPager->setIconPrev($this->icons->getIconNavPrev()); $GridPager->setIconNext($this->icons->getIconNavNext()); diff --git a/inc/SP/Controller/ItemActionController.class.php b/inc/SP/Controller/ItemActionController.class.php index e4c254b3..e33bd353 100644 --- a/inc/SP/Controller/ItemActionController.class.php +++ b/inc/SP/Controller/ItemActionController.class.php @@ -27,6 +27,7 @@ namespace SP\Controller; use SP\Account\Account; use SP\Account\AccountFavorites; use SP\Account\AccountUtil; +use SP\Api\ApiTokens; use SP\Auth\AuthUtil; use SP\Core\ActionsInterface; use SP\Core\Messages\LogMessage; @@ -599,10 +600,10 @@ class ItemActionController implements ItemControllerInterface protected function tokenAction() { $Form = new ApiTokenForm($this->itemId); - $Form->validate($this->actionId); switch ($this->actionId) { case ActionsInterface::ACTION_MGM_APITOKENS_NEW: + $Form->validate($this->actionId); $Form->getItemData()->addToken(); $this->LogMessage->setAction(__('Crear Autorización', false)); @@ -610,6 +611,7 @@ class ItemActionController implements ItemControllerInterface $this->LogMessage->addDetails(__('Usuario', false), UserUtil::getUserLoginById($Form->getItemData()->getUserId())); break; case ActionsInterface::ACTION_MGM_APITOKENS_EDIT: + $Form->validate($this->actionId); $Form->getItemData()->updateToken(); $this->LogMessage->setAction(__('Actualizar Autorización', false)); @@ -617,12 +619,14 @@ class ItemActionController implements ItemControllerInterface $this->LogMessage->addDetails(__('Usuario', false), UserUtil::getUserLoginById($Form->getItemData()->getUserId())); break; case ActionsInterface::ACTION_MGM_APITOKENS_DELETE: + $ApiToken = new ApiTokens(); + if (is_array($this->itemId)) { - $Form->getItemData()->deleteTokenBatch($this->itemId); + $ApiToken->deleteTokenBatch($this->itemId); $this->LogMessage->addDescription(__('Autorizaciones eliminadas', false)); } else { - $Form->getItemData()->deleteToken(); + $ApiToken->deleteToken($this->itemId); $this->LogMessage->addDescription(__('Autorización eliminada', false)); } diff --git a/inc/SP/Log/Log.class.php b/inc/SP/Log/Log.class.php index 4693796e..0060ac64 100644 --- a/inc/SP/Log/Log.class.php +++ b/inc/SP/Log/Log.class.php @@ -90,11 +90,7 @@ class Log extends ActionLog $Data->setQuery($query); $Data->setOnErrorMessage(__('Error al vaciar el registro de eventos', false)); - DB::getQuery($Data); - - self::writeNewLogAndEmail(__('Vaciar Eventos', false), __('Vaciar registro de eventos', false), null); - - return true; + return DB::getQuery($Data); } /** diff --git a/js/app-actions.js b/js/app-actions.js index 56c88e1f..a14f3156 100644 --- a/js/app-actions.js +++ b/js/app-actions.js @@ -1169,7 +1169,14 @@ sysPass.Actions = function (Common) { opts.url = ajaxUrl.eventlog; opts.method = "get"; opts.type = "html"; - opts.data = {start: $obj.data("start"), current: $obj.data("current")}; + opts.data = { + actionId: $obj.data("action-id"), + sk: Common.sk.get(), + isAjax: 1, + start: $obj.data("start"), + count: $obj.data("count"), + current: $obj.data("current") + }; Common.appRequests().getActionCall(opts, function (response) { $("#content").html(response); @@ -1196,6 +1203,7 @@ sysPass.Actions = function (Common) { var opts = Common.appRequests().getRequestOpts(); opts.url = ajaxUrl.eventlog; + opts.method = "get"; opts.data = {clear: 1, sk: Common.sk.get(), isAjax: 1}; Common.appRequests().getActionCall(opts, function (json) { diff --git a/js/app-actions.min.js b/js/app-actions.min.js index 56589f1d..cf6882fa 100644 --- a/js/app-actions.min.js +++ b/js/app-actions.min.js @@ -1,5 +1,5 @@ var $jscomp={scope:{},findInternal:function(c,d,k){c instanceof String&&(c=String(c));for(var e=c.length,g=0;g";showDialog({text:f,negative:{title:c.config().LANG[44], onClick:function(a){a.preventDefault();c.appRequests().getActionCall(b,function(a){c.msg.out(a)})}},positive:{title:c.config().LANG[43],onClick:function(f){f.preventDefault();b.data.notify=1;c.appRequests().getActionCall(b,function(b){c.msg.out(b);g({actionId:a.data("nextaction-id"),itemId:a.data("item-id")})})}}})},refresh:function(a){d.info("link:refresh");var b={itemId:a.data("item-id"),actionId:a.data("action-id"),sk:c.sk.get(),activeTab:a.data("activetab")},f=c.appRequests().getRequestOpts(); -f.url=e.link;f.data=b;c.appRequests().getActionCall(f,function(b){c.msg.out(b);0===b.status&&g({actionId:a.data("nextaction-id"),itemId:a.data("activetab")})})}},eventlog:{nav:function(a){if(void 0===a.data("start"))return!1;var b=c.appRequests().getRequestOpts();b.url=e.eventlog;b.method="get";b.type="html";b.data={start:a.data("start"),current:a.data("current")};c.appRequests().getActionCall(b,function(a){$("#content").html(a);c.scrollUp()})},clear:function(a){var b='

'+ -c.config().LANG[20]+"

";showDialog({text:b,negative:{title:c.config().LANG[44],onClick:function(a){a.preventDefault();c.msg.error(c.config().LANG[44])}},positive:{title:c.config().LANG[43],onClick:function(b){b.preventDefault();b=c.appRequests().getRequestOpts();b.url=e.eventlog;b.data={clear:1,sk:c.sk.get(),isAjax:1};c.appRequests().getActionCall(b,function(b){c.msg.out(b);0==b.status&&g({actionId:a.data("nextaction-id")})})}}})}},ajaxUrl:e,plugin:{toggle:function(a){d.info("plugin:enable"); -a={itemId:a.data("item-id"),actionId:a.data("action-id"),sk:c.sk.get(),activeTab:a.data("activetab")};var b=c.appRequests().getRequestOpts();b.url=e.appMgmt.save;b.data=a;c.appRequests().getActionCall(b,function(a){c.msg.out(a);0===a.status&&setTimeout(function(){c.redirect("index.php")},2E3)})},reset:function(a){d.info("plugin:reset");var b='

'+c.config().LANG[58]+"

";showDialog({text:b,negative:{title:c.config().LANG[44],onClick:function(a){a.preventDefault(); -c.msg.error(c.config().LANG[44])}},positive:{title:c.config().LANG[43],onClick:function(b){b.preventDefault();b={itemId:a.data("item-id"),actionId:a.data("action-id"),sk:c.sk.get(),activeTab:a.data("activetab")};var d=c.appRequests().getRequestOpts();d.url=e.appMgmt.save;d.data=b;c.appRequests().getActionCall(d,function(a){c.msg.out(a)})}}})}},notice:{check:function(a){d.info("notice:check");var b={itemId:a.data("item-id"),actionId:a.data("action-id"),sk:c.sk.get()},f=c.appRequests().getRequestOpts(); -f.url=e.appMgmt.save;f.data=b;c.appRequests().getActionCall(f,function(b){c.msg.out(b);0===b.status&&g({actionId:a.data("nextaction-id"),itemId:a.data("activetab")})})},search:function(a){d.info("notice:search");var b=$(a.data("target")),f=c.appRequests().getRequestOpts();f.url=e.notice.search;f.method="get";f.data=a.serialize();c.appRequests().getActionCall(f,function(a){0===a.status?b.html(a.data.html):b.html(c.msg.html.error(a.description));c.sk.set(a.csrf)})},show:function(a){d.info("notice:show"); -var b=c.appRequests().getRequestOpts();b.url=e.notice.show;b.method="get";b.data={itemId:a.data("item-id"),actionId:a.data("action-id"),activeTab:a.data("activetab"),sk:c.sk.get(),isAjax:1};c.appRequests().getActionCall(b,function(b){0!==b.status?c.msg.out(b):l(a,b.data.html)})}},wiki:{show:function(a){d.info("wiki:show");var b=c.appRequests().getRequestOpts();b.url=e.wiki.show;b.method="get";b.data={pageName:a.data("pagename"),actionId:a.data("action-id"),sk:c.sk.get(),isAjax:1};c.appRequests().getActionCall(b, -function(b){0!==b.status?c.msg.out(b):l(a,b.data.html)})}},items:p}}; +f.url=e.link;f.data=b;c.appRequests().getActionCall(f,function(b){c.msg.out(b);0===b.status&&g({actionId:a.data("nextaction-id"),itemId:a.data("activetab")})})}},eventlog:{nav:function(a){if(void 0===a.data("start"))return!1;var b=c.appRequests().getRequestOpts();b.url=e.eventlog;b.method="get";b.type="html";b.data={actionId:a.data("action-id"),sk:c.sk.get(),isAjax:1,start:a.data("start"),count:a.data("count"),current:a.data("current")};c.appRequests().getActionCall(b,function(a){$("#content").html(a); +c.scrollUp()})},clear:function(a){var b='

'+c.config().LANG[20]+"

";showDialog({text:b,negative:{title:c.config().LANG[44],onClick:function(a){a.preventDefault();c.msg.error(c.config().LANG[44])}},positive:{title:c.config().LANG[43],onClick:function(b){b.preventDefault();b=c.appRequests().getRequestOpts();b.url=e.eventlog;b.method="get";b.data={clear:1,sk:c.sk.get(),isAjax:1};c.appRequests().getActionCall(b,function(b){c.msg.out(b);0==b.status&&g({actionId:a.data("nextaction-id")})})}}})}}, +ajaxUrl:e,plugin:{toggle:function(a){d.info("plugin:enable");a={itemId:a.data("item-id"),actionId:a.data("action-id"),sk:c.sk.get(),activeTab:a.data("activetab")};var b=c.appRequests().getRequestOpts();b.url=e.appMgmt.save;b.data=a;c.appRequests().getActionCall(b,function(a){c.msg.out(a);0===a.status&&setTimeout(function(){c.redirect("index.php")},2E3)})},reset:function(a){d.info("plugin:reset");var b='

'+c.config().LANG[58]+"

";showDialog({text:b,negative:{title:c.config().LANG[44], +onClick:function(a){a.preventDefault();c.msg.error(c.config().LANG[44])}},positive:{title:c.config().LANG[43],onClick:function(b){b.preventDefault();b={itemId:a.data("item-id"),actionId:a.data("action-id"),sk:c.sk.get(),activeTab:a.data("activetab")};var d=c.appRequests().getRequestOpts();d.url=e.appMgmt.save;d.data=b;c.appRequests().getActionCall(d,function(a){c.msg.out(a)})}}})}},notice:{check:function(a){d.info("notice:check");var b={itemId:a.data("item-id"),actionId:a.data("action-id"),sk:c.sk.get()}, +f=c.appRequests().getRequestOpts();f.url=e.appMgmt.save;f.data=b;c.appRequests().getActionCall(f,function(b){c.msg.out(b);0===b.status&&g({actionId:a.data("nextaction-id"),itemId:a.data("activetab")})})},search:function(a){d.info("notice:search");var b=$(a.data("target")),f=c.appRequests().getRequestOpts();f.url=e.notice.search;f.method="get";f.data=a.serialize();c.appRequests().getActionCall(f,function(a){0===a.status?b.html(a.data.html):b.html(c.msg.html.error(a.description));c.sk.set(a.csrf)})}, +show:function(a){d.info("notice:show");var b=c.appRequests().getRequestOpts();b.url=e.notice.show;b.method="get";b.data={itemId:a.data("item-id"),actionId:a.data("action-id"),activeTab:a.data("activetab"),sk:c.sk.get(),isAjax:1};c.appRequests().getActionCall(b,function(b){0!==b.status?c.msg.out(b):l(a,b.data.html)})}},wiki:{show:function(a){d.info("wiki:show");var b=c.appRequests().getRequestOpts();b.url=e.wiki.show;b.method="get";b.data={pageName:a.data("pagename"),actionId:a.data("action-id"),sk:c.sk.get(), +isAjax:1};c.appRequests().getActionCall(b,function(b){0!==b.status?c.msg.out(b):l(a,b.data.html)})}},items:p}};