auditors can view audit records

2024-11-07 23:11:59 +01:00 · 2013-07-12 15:02:50 +02:00 · 2013-07-12 15:02:50 +02:00 · e7c26dbcc7
commit e7c26dbcc7
parent c44820f0df
11 changed files with 79 additions and 5 deletions
--- a/util/db-mysql.sql
+++ b/util/db-mysql.sql
@ -297,6 +297,7 @@ create table if not exists `audit` (
   `id` bigint unsigned not null auto_increment,
   `ts` int not null,
   `email` varchar(128) not null,
+   `domain` varchar(128) not null,
   `action` int not null,
   `ipaddr` char(15) not null,
   `meta_id` bigint unsigned not null,
@ -309,6 +310,7 @@ create index `audit_idx` on `audit`(`email`);
 create index `audit_idx2` on `audit`(`action`);
 create index `audit_idx3` on `audit`(`ipaddr`);
 create index `audit_idx4` on `audit`(`ts`);
+create index `audit_idx5` on `audit`(`domain`);



@ -345,3 +347,14 @@ CREATE TABLE IF NOT EXISTS `counter_stats` (
 ) ENGINE=InnoDB;


+create table if not exists `ldap` (
+   `id` int not null auto_increment primary key,
+   `description` varchar(255) not null,
+   `ldap_type` varchar(255) not null,
+   `ldap_host` varchar(255) not null,
+   `ldap_base_dn` varchar(255) not null,
+   `ldap_bind_dn` varchar(255) not null,
+   `ldap_bind_pw` varchar(255) not null
+) Engine=InnoDB;
+
+
--- a/util/db-upgrade-0.1.23-vs-0.1.24.sql
+++ b/util/db-upgrade-0.1.23-vs-0.1.24.sql
@ -0,0 +1,18 @@
+alter table `domain` add column `ldap_id` int default 0;
+
+alter table `audit` add column `domain` varchar(128) not null,
+
+create index `audit_idx5` on `audit`(`domain`);
+
+create table if not exists `ldap` (
+   `id` int not null auto_increment primary key,
+   `description` varchar(255) not null,
+   `ldap_type` varchar(255) not null,
+   `ldap_host` varchar(255) not null,
+   `ldap_base_dn` varchar(255) not null,
+   `ldap_bind_dn` varchar(255) not null,
+   `ldap_bind_pw` varchar(255) not null
+) Engine=InnoDB;
+
+
+
--- a/webui/config.php
+++ b/webui/config.php
@ -229,7 +229,10 @@ require_once 'config-site.php';
 if(isset($_SESSION['theme']) && preg_match("/^([a-zA-Z0-9\-\_]+)$/", $_SESSION['theme'])) { $config['THEME'] = $_SESSION['theme']; }

 // make sure auditors are restricted in a saas environment
-if($config['ENABLE_SAAS'] == 1 && $_SESSION['username'] != 'auditor@local') { $config['RESTRICTED_AUDITOR'] = 1; }
+if($config['ENABLE_SAAS'] == 1) { $config['RESTRICTED_AUDITOR'] = 1; }
+if(isset($_SESSION['username']) && $_SESSION['username'] == 'auditor@local') { $config['RESTRICTED_AUDITOR'] = 0; }
+
+

 foreach ($config as $k => $v) {
   define($k, $v);
--- a/webui/controller/audit/audit.php
+++ b/webui/controller/audit/audit.php
@ -14,7 +14,7 @@ class ControllerAuditAudit extends Controller {

      $this->load->model('audit/audit');

-      if(Registry::get('admin_user') == 0) {
+      if(Registry::get('admin_user') == 0 && Registry::get('auditor_user') == 0) {
         die("go away");
      }

--- a/webui/controller/audit/helper.php
+++ b/webui/controller/audit/helper.php
@ -28,7 +28,7 @@ class ControllerAuditHelper extends Controller {

      $this->load->model('audit/audit');

-      if(Registry::get('admin_user') == 0) {
+      if(Registry::get('admin_user') == 0 && Registry::get('auditor_user') == 0) {
         die("go away");
      }

--- a/webui/controller/login/login.php
+++ b/webui/controller/login/login.php
@ -24,6 +24,7 @@ class ControllerLoginLogin extends Controller {
      $this->load->model('user/auth');
      $this->load->model('user/user');
      $this->load->model('user/prefs');
+      $this->load->model('domain/domain');
      $this->load->model('folder/folder');

      if(ENABLE_SAAS == 1) {
--- a/webui/model/audit/audit.php
+++ b/webui/model/audit/audit.php
@ -40,6 +40,19 @@ class ModelAuditAudit extends Model {
         $where .= " AND meta_id IN (" . $this->append_search_criteria($data['ref'], $arr) . ")";
      }

+      if(Registry::get('admin_user') == 0) {
+         while(list($k, $v) = each($_SESSION['auditdomains'])) {
+            if($q) { $q .= ","; }
+            $q .= "?";
+            array_push($arr, $v);
+         }
+
+         $where .= " AND domain IN ($q) ";
+
+         reset($_SESSION['auditdomains']);
+      }
+
+
      if(isset($data['date1'])) { $date1 = $data['date1']; }
      if(isset($data['date2'])) { $date2 = $data['date2']; }

--- a/webui/model/domain/domain.php
+++ b/webui/model/domain/domain.php
@ -39,6 +39,25 @@ class ModelDomainDomain extends Model {
   }


+   public function get_your_all_domains_by_email($email = '') {
+      $data = array();
+
+      if($email == '') { return $data; }
+
+      $a = explode("@", $email);
+
+      $query = $this->db->query("SELECT domain FROM " . TABLE_DOMAIN . " WHERE mapped IN (SELECT mapped FROM " . TABLE_DOMAIN . " WHERE domain=?)", array($a[1]));
+
+      if(isset($query->rows)) {
+         foreach ($query->rows as $q) {
+            array_push($data, $q['domain']);
+         }
+      }
+
+      return $data;
+   }
+
+
   public function deleteDomain($domain = '') {
      if($domain == "") { return 0; }

--- a/webui/model/user/auth.php
+++ b/webui/model/user/auth.php
@ -232,7 +232,7 @@ class ModelUserAuth extends Model {
      $_SESSION['domain'] = $a[1];
      $_SESSION['realname'] = $name;

-      $_SESSION['auditdomains'] = array();
+      $_SESSION['auditdomains'] = $this->model_domain_domain->get_your_all_domains_by_email($email);
      $_SESSION['emails'] = $emails;
      $_SESSION['folders'] = array();
      $_SESSION['extra_folders'] = array();
--- a/webui/system/misc.php
+++ b/webui/system/misc.php
@ -26,9 +26,11 @@ function AUDIT($action = 0, $email = '', $ipaddr = '', $id = 0, $description = '
   if($ipaddr == '' && isset($_SERVER['REMOTE_ADDR'])) { $ipaddr = $_SERVER['REMOTE_ADDR']; }
   if($email == '') { $email = $_SESSION['email']; }

+   $a = explode("@", $email);
+
   $db = Registry::get('db');

-   $query = $db->query("INSERT INTO " . TABLE_AUDIT . " (ts, email, action, ipaddr, meta_id, description) VALUES(?,?,?,?,?,?)", array(time(), $email, $action, $ipaddr, $id, $description));
+   $query = $db->query("INSERT INTO " . TABLE_AUDIT . " (ts, email, domain, action, ipaddr, meta_id, description) VALUES(?,?,?,?,?,?,?)", array(time(), $email, $a[1], $action, $ipaddr, $id, $description));

   return $db->countAffected();
 }
--- a/webui/view/theme/default/templates/common/menu.tpl
+++ b/webui/view/theme/default/templates/common/menu.tpl
@ -48,6 +48,11 @@

              <li><a href="search.php"><i class="icon-search"></i>&nbsp;<?php print $text_search; ?></a></li>

+          <?php if(ENABLE_AUDIT == 1 && $auditor_user == 1) { ?>
+              <li><a href="index.php?route=audit/audit"><i class="icon-book"></i>&nbsp;<?php print $text_audit; ?></a></li>
+          <?php } ?>
+
+
 	  <?php if(ENABLE_FOLDER_RESTRICTIONS == 1) { ?>
              <li><a href="/folders.php"><i class="icon-folder-close"></i>&nbsp;<?php print $text_folders; ?></a></li>
          <?php } ?>