From e7c26dbcc79f3b8cceb7e3ffc697ec4e3ed0f2c9 Mon Sep 17 00:00:00 2001 From: SJ Date: Fri, 12 Jul 2013 15:02:50 +0200 Subject: [PATCH] auditors can view audit records --- util/db-mysql.sql | 13 +++++++++++++ util/db-upgrade-0.1.23-vs-0.1.24.sql | 18 ++++++++++++++++++ webui/config.php | 5 ++++- webui/controller/audit/audit.php | 2 +- webui/controller/audit/helper.php | 2 +- webui/controller/login/login.php | 1 + webui/model/audit/audit.php | 13 +++++++++++++ webui/model/domain/domain.php | 19 +++++++++++++++++++ webui/model/user/auth.php | 2 +- webui/system/misc.php | 4 +++- .../theme/default/templates/common/menu.tpl | 5 +++++ 11 files changed, 79 insertions(+), 5 deletions(-) create mode 100644 util/db-upgrade-0.1.23-vs-0.1.24.sql diff --git a/util/db-mysql.sql b/util/db-mysql.sql index d26577bd..e10f9e71 100644 --- a/util/db-mysql.sql +++ b/util/db-mysql.sql @@ -297,6 +297,7 @@ create table if not exists `audit` ( `id` bigint unsigned not null auto_increment, `ts` int not null, `email` varchar(128) not null, + `domain` varchar(128) not null, `action` int not null, `ipaddr` char(15) not null, `meta_id` bigint unsigned not null, @@ -309,6 +310,7 @@ create index `audit_idx` on `audit`(`email`); create index `audit_idx2` on `audit`(`action`); create index `audit_idx3` on `audit`(`ipaddr`); create index `audit_idx4` on `audit`(`ts`); +create index `audit_idx5` on `audit`(`domain`); @@ -345,3 +347,14 @@ CREATE TABLE IF NOT EXISTS `counter_stats` ( ) ENGINE=InnoDB; +create table if not exists `ldap` ( + `id` int not null auto_increment primary key, + `description` varchar(255) not null, + `ldap_type` varchar(255) not null, + `ldap_host` varchar(255) not null, + `ldap_base_dn` varchar(255) not null, + `ldap_bind_dn` varchar(255) not null, + `ldap_bind_pw` varchar(255) not null +) Engine=InnoDB; + + diff --git a/util/db-upgrade-0.1.23-vs-0.1.24.sql b/util/db-upgrade-0.1.23-vs-0.1.24.sql new file mode 100644 index 00000000..50ceff23 --- /dev/null +++ b/util/db-upgrade-0.1.23-vs-0.1.24.sql @@ -0,0 +1,18 @@ +alter table `domain` add column `ldap_id` int default 0; + +alter table `audit` add column `domain` varchar(128) not null, + +create index `audit_idx5` on `audit`(`domain`); + +create table if not exists `ldap` ( + `id` int not null auto_increment primary key, + `description` varchar(255) not null, + `ldap_type` varchar(255) not null, + `ldap_host` varchar(255) not null, + `ldap_base_dn` varchar(255) not null, + `ldap_bind_dn` varchar(255) not null, + `ldap_bind_pw` varchar(255) not null +) Engine=InnoDB; + + + diff --git a/webui/config.php b/webui/config.php index e93ec587..13dfc5b1 100644 --- a/webui/config.php +++ b/webui/config.php @@ -229,7 +229,10 @@ require_once 'config-site.php'; if(isset($_SESSION['theme']) && preg_match("/^([a-zA-Z0-9\-\_]+)$/", $_SESSION['theme'])) { $config['THEME'] = $_SESSION['theme']; } // make sure auditors are restricted in a saas environment -if($config['ENABLE_SAAS'] == 1 && $_SESSION['username'] != 'auditor@local') { $config['RESTRICTED_AUDITOR'] = 1; } +if($config['ENABLE_SAAS'] == 1) { $config['RESTRICTED_AUDITOR'] = 1; } +if(isset($_SESSION['username']) && $_SESSION['username'] == 'auditor@local') { $config['RESTRICTED_AUDITOR'] = 0; } + + foreach ($config as $k => $v) { define($k, $v); diff --git a/webui/controller/audit/audit.php b/webui/controller/audit/audit.php index 895cad55..d374ea55 100644 --- a/webui/controller/audit/audit.php +++ b/webui/controller/audit/audit.php @@ -14,7 +14,7 @@ class ControllerAuditAudit extends Controller { $this->load->model('audit/audit'); - if(Registry::get('admin_user') == 0) { + if(Registry::get('admin_user') == 0 && Registry::get('auditor_user') == 0) { die("go away"); } diff --git a/webui/controller/audit/helper.php b/webui/controller/audit/helper.php index d42eb791..786c38dc 100644 --- a/webui/controller/audit/helper.php +++ b/webui/controller/audit/helper.php @@ -28,7 +28,7 @@ class ControllerAuditHelper extends Controller { $this->load->model('audit/audit'); - if(Registry::get('admin_user') == 0) { + if(Registry::get('admin_user') == 0 && Registry::get('auditor_user') == 0) { die("go away"); } diff --git a/webui/controller/login/login.php b/webui/controller/login/login.php index 0757c5b7..1746be78 100644 --- a/webui/controller/login/login.php +++ b/webui/controller/login/login.php @@ -24,6 +24,7 @@ class ControllerLoginLogin extends Controller { $this->load->model('user/auth'); $this->load->model('user/user'); $this->load->model('user/prefs'); + $this->load->model('domain/domain'); $this->load->model('folder/folder'); if(ENABLE_SAAS == 1) { diff --git a/webui/model/audit/audit.php b/webui/model/audit/audit.php index 49b72526..bc8477fe 100644 --- a/webui/model/audit/audit.php +++ b/webui/model/audit/audit.php @@ -40,6 +40,19 @@ class ModelAuditAudit extends Model { $where .= " AND meta_id IN (" . $this->append_search_criteria($data['ref'], $arr) . ")"; } + if(Registry::get('admin_user') == 0) { + while(list($k, $v) = each($_SESSION['auditdomains'])) { + if($q) { $q .= ","; } + $q .= "?"; + array_push($arr, $v); + } + + $where .= " AND domain IN ($q) "; + + reset($_SESSION['auditdomains']); + } + + if(isset($data['date1'])) { $date1 = $data['date1']; } if(isset($data['date2'])) { $date2 = $data['date2']; } diff --git a/webui/model/domain/domain.php b/webui/model/domain/domain.php index 3d19caab..43bd4220 100644 --- a/webui/model/domain/domain.php +++ b/webui/model/domain/domain.php @@ -39,6 +39,25 @@ class ModelDomainDomain extends Model { } + public function get_your_all_domains_by_email($email = '') { + $data = array(); + + if($email == '') { return $data; } + + $a = explode("@", $email); + + $query = $this->db->query("SELECT domain FROM " . TABLE_DOMAIN . " WHERE mapped IN (SELECT mapped FROM " . TABLE_DOMAIN . " WHERE domain=?)", array($a[1])); + + if(isset($query->rows)) { + foreach ($query->rows as $q) { + array_push($data, $q['domain']); + } + } + + return $data; + } + + public function deleteDomain($domain = '') { if($domain == "") { return 0; } diff --git a/webui/model/user/auth.php b/webui/model/user/auth.php index 7849d8fc..d59de3b0 100644 --- a/webui/model/user/auth.php +++ b/webui/model/user/auth.php @@ -232,7 +232,7 @@ class ModelUserAuth extends Model { $_SESSION['domain'] = $a[1]; $_SESSION['realname'] = $name; - $_SESSION['auditdomains'] = array(); + $_SESSION['auditdomains'] = $this->model_domain_domain->get_your_all_domains_by_email($email); $_SESSION['emails'] = $emails; $_SESSION['folders'] = array(); $_SESSION['extra_folders'] = array(); diff --git a/webui/system/misc.php b/webui/system/misc.php index bf8a2f67..57ec6021 100644 --- a/webui/system/misc.php +++ b/webui/system/misc.php @@ -26,9 +26,11 @@ function AUDIT($action = 0, $email = '', $ipaddr = '', $id = 0, $description = ' if($ipaddr == '' && isset($_SERVER['REMOTE_ADDR'])) { $ipaddr = $_SERVER['REMOTE_ADDR']; } if($email == '') { $email = $_SESSION['email']; } + $a = explode("@", $email); + $db = Registry::get('db'); - $query = $db->query("INSERT INTO " . TABLE_AUDIT . " (ts, email, action, ipaddr, meta_id, description) VALUES(?,?,?,?,?,?)", array(time(), $email, $action, $ipaddr, $id, $description)); + $query = $db->query("INSERT INTO " . TABLE_AUDIT . " (ts, email, domain, action, ipaddr, meta_id, description) VALUES(?,?,?,?,?,?,?)", array(time(), $email, $a[1], $action, $ipaddr, $id, $description)); return $db->countAffected(); } diff --git a/webui/view/theme/default/templates/common/menu.tpl b/webui/view/theme/default/templates/common/menu.tpl index ffb3a893..5bb47fd9 100644 --- a/webui/view/theme/default/templates/common/menu.tpl +++ b/webui/view/theme/default/templates/common/menu.tpl @@ -48,6 +48,11 @@
  •  
    • + +
  •  
    • + + +
  •