From: Marcin Haba Date: Sat, 7 Nov 2020 04:46:11 +0000 (+0100) Subject: baculum: Fix access to job resources if no job assigned to user X-Git-Tag: Release-9.6.7~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d049f4253ab2930b52e09d1975c0fe7746ec5d8c;p=thirdparty%2Fbacula.git baculum: Fix access to job resources if no job assigned to user --- diff --git a/gui/baculum/protected/API/Class/Bconsole.php b/gui/baculum/protected/API/Class/Bconsole.php index 2998b85bc..b4cfcc902 100644 --- a/gui/baculum/protected/API/Class/Bconsole.php +++ b/gui/baculum/protected/API/Class/Bconsole.php @@ -174,7 +174,7 @@ class Bconsole extends APIModule { return (object)array('output' => $output, 'exitcode' => (integer)$exitcode); } - public function bconsoleCommand($director, array $command, $ptype = null) { + public function bconsoleCommand($director, array $command, $ptype = null, $without_cmd = false) { $result = null; if (count($this->config) > 0 && $this->config['enabled'] !== '1') { throw new BConsoleException( @@ -185,6 +185,9 @@ class Bconsole extends APIModule { $base_command = count($command) > 0 ? $command[0] : null; if($this->isCommandValid($base_command) === true) { $result = $this->execCommand($director, $command, $ptype); + if ($without_cmd) { + array_shift($result->output); + } } else { throw new BConsoleException( BconsoleError::MSG_ERROR_INVALID_COMMAND, diff --git a/gui/baculum/protected/API/Class/Database.php b/gui/baculum/protected/API/Class/Database.php index 21ff0fb61..62d2cae1a 100644 --- a/gui/baculum/protected/API/Class/Database.php +++ b/gui/baculum/protected/API/Class/Database.php @@ -158,7 +158,7 @@ class Database extends APIModule { return $dbsize; } - public static function getWhere(array $params) { + public static function getWhere(array $params, $without_where = false) { $where = ''; $parameters = array(); if (count($params) > 0) { @@ -181,7 +181,12 @@ class Database extends APIModule { $parameters[$pkey] = $pval; } } - $where = ' WHERE (' . implode(') AND (' , $condition) . ')'; + if (count($condition) > 0) { + $where = ' (' . implode(') AND (' , $condition) . ')'; + if ($without_where === false) { + $where = ' WHERE ' . $where; + } + } } return array('where' => $where, 'params' => $parameters); } diff --git a/gui/baculum/protected/API/Class/JobManager.php b/gui/baculum/protected/API/Class/JobManager.php index f0abf6eb5..0bf804a03 100644 --- a/gui/baculum/protected/API/Class/JobManager.php +++ b/gui/baculum/protected/API/Class/JobManager.php @@ -227,10 +227,19 @@ WHERE JobMedia.MediaId='$mediaid' $jobs_criteria"; * @return array jobs for specific client */ public function getJobsForClient($clientid, $allowed_jobs = array()) { - $jobs_criteria = ''; + $where = ''; if (count($allowed_jobs) > 0) { - $jobs_sql = implode("', '", $allowed_jobs); - $jobs_criteria = " AND Job.Name IN ('" . $jobs_sql . "')"; + $criteria = [ + 'Job.Name' => [ + 'vals' => $allowed_jobs, + 'operator' => 'OR' + ] + ]; + $where = Database::getWhere($criteria, true); + $wh = ''; + if (count($where['params']) > 0) { + $wh = ' AND ' . $where['where']; + } } $sql = "SELECT DISTINCT Job.*, Client.Name as client, @@ -240,8 +249,8 @@ FROM Job LEFT JOIN Client USING (ClientId) LEFT JOIN Pool USING (PoolId) LEFT JOIN FileSet USING (FilesetId) -WHERE Client.ClientId='$clientid' $jobs_criteria"; - return JobRecord::finder()->findAllBySql($sql); +WHERE Client.ClientId='$clientid' $wh"; + return JobRecord::finder()->findAllBySql($sql, $where['params']); } /** diff --git a/gui/baculum/protected/API/Pages/API/Job.php b/gui/baculum/protected/API/Pages/API/Job.php index 32f5f3550..f8d5958b7 100644 --- a/gui/baculum/protected/API/Pages/API/Job.php +++ b/gui/baculum/protected/API/Pages/API/Job.php @@ -32,10 +32,11 @@ class Job extends BaculumAPIServer { $jobid = $this->Request->contains('id') ? intval($this->Request['id']) : 0; $result = $this->getModule('bconsole')->bconsoleCommand( $this->director, - array('.jobs') + ['.jobs'], + null, + true ); if ($result->exitcode === 0) { - array_shift($result->output); $job = $this->getModule('job')->getJobById($jobid); if (is_object($job) && in_array($job->name, $result->output)) { $this->output = $job; @@ -54,10 +55,11 @@ class Job extends BaculumAPIServer { $jobid = intval($id); $result = $this->getModule('bconsole')->bconsoleCommand( $this->director, - array('.jobs') + ['.jobs'], + null, + true ); if ($result->exitcode === 0) { - array_shift($result->output); $job = $this->getModule('job')->getJobById($jobid); if(is_object($job) && in_array($job->name, $result->output)) { $result = $this->getModule('bconsole')->bconsoleCommand( diff --git a/gui/baculum/protected/API/Pages/API/JobBandwidthLimit.php b/gui/baculum/protected/API/Pages/API/JobBandwidthLimit.php index 4f188fd33..a175f8ff7 100644 --- a/gui/baculum/protected/API/Pages/API/JobBandwidthLimit.php +++ b/gui/baculum/protected/API/Pages/API/JobBandwidthLimit.php @@ -36,9 +36,13 @@ class JobBandwidthLimit extends BaculumAPIServer { } $jobid = null; - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.jobs')); + $result = $this->getModule('bconsole')->bconsoleCommand( + $this->director, + ['.jobs'], + null, + true + ); if ($result->exitcode === 0) { - array_shift($result->output); if(is_object($job) && in_array($job->name, $result->output)) { $jobid = $job->jobid; } diff --git a/gui/baculum/protected/API/Pages/API/JobEstimate.php b/gui/baculum/protected/API/Pages/API/JobEstimate.php index 7655069c2..a67435055 100644 --- a/gui/baculum/protected/API/Pages/API/JobEstimate.php +++ b/gui/baculum/protected/API/Pages/API/JobEstimate.php @@ -32,7 +32,7 @@ Prado::using('Application.API.Class.Bconsole'); class JobEstimate extends BaculumAPIServer { public function get() { - $output = array(); + $output = []; $misc = $this->getModule('misc'); if ($this->Request->contains('out_id') && $misc->isValidAlphaNumeric($this->Request->itemAt('out_id'))) { $out_id = $this->Request->itemAt('out_id'); @@ -78,9 +78,13 @@ class JobEstimate extends BaculumAPIServer { $this->error = JobError::ERROR_JOB_DOES_NOT_EXISTS; return; } else { - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.jobs')); + $result = $this->getModule('bconsole')->bconsoleCommand( + $this->director, + ['.jobs'], + null, + true + ); if ($result->exitcode === 0) { - array_shift($result->output); if (!in_array($job, $result->output)) { $this->output = JobError::MSG_ERROR_JOB_DOES_NOT_EXISTS; $this->error = JobError::ERROR_JOB_DOES_NOT_EXISTS; diff --git a/gui/baculum/protected/API/Pages/API/JobFiles.php b/gui/baculum/protected/API/Pages/API/JobFiles.php index 9a0ff932e..7fd5222f8 100644 --- a/gui/baculum/protected/API/Pages/API/JobFiles.php +++ b/gui/baculum/protected/API/Pages/API/JobFiles.php @@ -57,14 +57,21 @@ class JobFiles extends BaculumAPIServer { $result = $this->getModule('bconsole')->bconsoleCommand( $this->director, - array('.jobs') + ['.jobs'], + null, + true ); if ($result->exitcode === 0) { - array_shift($result->output); - $job = $this->getModule('job')->getJobsByFilename($clientid, $filename, $strict_mode, $result->output); - $this->output = $job; - $this->error = JobError::ERROR_NO_ERRORS; + if (count($result->output) == 0) { + // no allowed jobs means that user has no job resource assigned. + $this->output = []; + $this->error = JobError::ERROR_NO_ERRORS; + } else { + $job = $this->getModule('job')->getJobsByFilename($clientid, $filename, $strict_mode, $result->output); + $this->output = $job; + $this->error = JobError::ERROR_NO_ERRORS; + } } else { $result = is_array($result->output) ? implode('', $result->output) : $result->output; $this->output = JobError::MSG_ERROR_WRONG_EXITCODE . $result; diff --git a/gui/baculum/protected/API/Pages/API/JobListFiles.php b/gui/baculum/protected/API/Pages/API/JobListFiles.php index 01ee7e96f..716b80ed0 100644 --- a/gui/baculum/protected/API/Pages/API/JobListFiles.php +++ b/gui/baculum/protected/API/Pages/API/JobListFiles.php @@ -40,10 +40,11 @@ class JobListFiles extends BaculumAPIServer { $result = $this->getModule('bconsole')->bconsoleCommand( $this->director, - array('.jobs') + ['.jobs'], + null, + true ); if ($result->exitcode === 0) { - array_shift($result->output); $job = $this->getModule('job')->getJobById($jobid); if (is_object($job) && in_array($job->name, $result->output)) { if ($details) { diff --git a/gui/baculum/protected/API/Pages/API/JobLog.php b/gui/baculum/protected/API/Pages/API/JobLog.php index ea53912b0..4e6c1fe60 100644 --- a/gui/baculum/protected/API/Pages/API/JobLog.php +++ b/gui/baculum/protected/API/Pages/API/JobLog.php @@ -36,10 +36,11 @@ class JobLog extends BaculumAPIServer { } $result = $this->getModule('bconsole')->bconsoleCommand( $this->director, - array('.jobs') + ['.jobs'], + null, + true ); if ($result->exitcode === 0) { - array_shift($result->output); $job = $this->getModule('job')->getJobById($jobid); if (is_object($job) && in_array($job->name, $result->output)) { $log = $this->getModule('joblog')->getLogByJobId($job->jobid, $show_time); diff --git a/gui/baculum/protected/API/Pages/API/JobResNames.php b/gui/baculum/protected/API/Pages/API/JobResNames.php index 50291d8d1..38e08f78d 100644 --- a/gui/baculum/protected/API/Pages/API/JobResNames.php +++ b/gui/baculum/protected/API/Pages/API/JobResNames.php @@ -30,7 +30,7 @@ class JobResNames extends BaculumAPIServer { public function get() { $limit = $this->Request->contains('limit') ? intval($this->Request['limit']) : 0; - $jobs_cmd = array('.jobs'); + $jobs_cmd = ['.jobs']; $types = $this->getModule('misc')->job_types; if ($this->Request->contains('type') && key_exists($this->Request['type'], $types)) { array_push($jobs_cmd, 'type="' . $this->Request['type']. '"'); @@ -42,19 +42,22 @@ class JobResNames extends BaculumAPIServer { $this->error = $directors->exitcode; return; } - $jobs = array(); + $jobs = []; $error = false; $error_obj = null; for ($i = 0; $i < count($directors->output); $i++) { - $job_list = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], $jobs_cmd); + $job_list = $this->getModule('bconsole')->bconsoleCommand( + $directors->output[$i], + $jobs_cmd, + null, + true + ); if ($job_list->exitcode != 0) { $error_obj = $job_list; $error = true; break; } - // shift command - array_shift($job_list->output); - $jobs[$directors->output[$i]] = array(); + $jobs[$directors->output[$i]] = []; for ($j = 0; $j < count($job_list->output); $j++) { $jobs[$directors->output[$i]][] = $job_list->output[$j]; diff --git a/gui/baculum/protected/API/Pages/API/JobRun.php b/gui/baculum/protected/API/Pages/API/JobRun.php index cb49e2380..1a98a6255 100644 --- a/gui/baculum/protected/API/Pages/API/JobRun.php +++ b/gui/baculum/protected/API/Pages/API/JobRun.php @@ -94,9 +94,13 @@ class JobRun extends BaculumAPIServer { $this->error = JobError::ERROR_JOB_DOES_NOT_EXISTS; return; } else { - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.jobs')); + $result = $this->getModule('bconsole')->bconsoleCommand( + $this->director, + ['.jobs'], + null, + true + ); if ($result->exitcode === 0) { - array_shift($result->output); if (!in_array($job, $result->output)) { $this->output = JobError::MSG_ERROR_JOB_DOES_NOT_EXISTS; $this->error = JobError::ERROR_JOB_DOES_NOT_EXISTS; diff --git a/gui/baculum/protected/API/Pages/API/JobShow.php b/gui/baculum/protected/API/Pages/API/JobShow.php index 004708c65..5d6b8380c 100644 --- a/gui/baculum/protected/API/Pages/API/JobShow.php +++ b/gui/baculum/protected/API/Pages/API/JobShow.php @@ -32,10 +32,11 @@ class JobShow extends BaculumAPIServer { $jobid = $this->Request->contains('id') ? intval($this->Request['id']) : 0; $result = $this->getModule('bconsole')->bconsoleCommand( $this->director, - array('.jobs') + ['.jobs'], + null, + true ); if ($result->exitcode === 0) { - array_shift($result->output); $job = $this->getModule('job')->getJobById($jobid); if (is_object($job) && in_array($job->name, $result->output)) { $result = $this->getModule('bconsole')->bconsoleCommand( diff --git a/gui/baculum/protected/API/Pages/API/JobTotals.php b/gui/baculum/protected/API/Pages/API/JobTotals.php index 39debc5f5..daf3f0754 100644 --- a/gui/baculum/protected/API/Pages/API/JobTotals.php +++ b/gui/baculum/protected/API/Pages/API/JobTotals.php @@ -30,11 +30,21 @@ class JobTotals extends BaculumAPIServer { public function get() { $error = false; - $allowed = array(); - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.jobs')); + $allowed = []; + $result = $this->getModule('bconsole')->bconsoleCommand( + $this->director, + ['.jobs'], + null, + true + ); if ($result->exitcode === 0) { - array_shift($result->output); $allowed = $result->output; + if (count($allowed) == 0) { + // no $allowed means that user has no job resource assigned. + $error = true; + $this->output = []; + $this->error = JobError::ERROR_NO_ERRORS; + } } else { $error = true; $this->output = $result->output; diff --git a/gui/baculum/protected/API/Pages/API/Jobs.php b/gui/baculum/protected/API/Pages/API/Jobs.php index f50920b31..9639e4c4e 100644 --- a/gui/baculum/protected/API/Pages/API/Jobs.php +++ b/gui/baculum/protected/API/Pages/API/Jobs.php @@ -50,7 +50,7 @@ class Jobs extends BaculumAPIServer { return; } - $params = array(); + $params = []; $jobstatuses = array_keys($misc->getJobState()); $sts = str_split($jobstatus); for ($i = 0; $i < count($sts); $i++) { @@ -69,16 +69,27 @@ class Jobs extends BaculumAPIServer { $params['Job.Type']['operator'] = ''; $params['Job.Type']['vals'] = $type; } - $allowed = array(); - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.jobs')); + $allowed = []; + $result = $this->getModule('bconsole')->bconsoleCommand( + $this->director, + ['.jobs'], + null, + true + ); if ($result->exitcode === 0) { - array_shift($result->output); - $vals = array(); + $vals = []; if (!empty($jobname) && in_array($jobname, $result->output)) { - $vals = array($jobname); + $vals = [$jobname]; } else { $vals = $result->output; } + if (count($vals) == 0) { + // no $vals criteria means that user has no job resources assigned. + $this->output = []; + $this->error = JobError::ERROR_NO_ERRORS; + return; + } + $params['Job.Name']['operator'] = 'OR'; $params['Job.Name']['vals'] = $vals; @@ -96,7 +107,7 @@ class Jobs extends BaculumAPIServer { } if (is_object($cli) && in_array($cli->name, $result->output)) { $params['Job.ClientId']['operator'] = 'AND'; - $params['Job.ClientId']['vals'] = array($cli->clientid); + $params['Job.ClientId']['vals'] = [$cli->clientid]; } else { $error = true; $this->output = JobError::MSG_ERROR_CLIENT_DOES_NOT_EXISTS; diff --git a/gui/baculum/protected/API/Pages/API/JobsForClient.php b/gui/baculum/protected/API/Pages/API/JobsForClient.php index 17482797d..043982135 100644 --- a/gui/baculum/protected/API/Pages/API/JobsForClient.php +++ b/gui/baculum/protected/API/Pages/API/JobsForClient.php @@ -33,10 +33,20 @@ class JobsForClient extends BaculumAPIServer { $allowed_jobs = array(); $clientid = $this->Request->contains('id') ? intval($this->Request['id']) : 0; $error = false; - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.jobs')); + $result = $this->getModule('bconsole')->bconsoleCommand( + $this->director, + ['.jobs'], + null, + true + ); if ($result->exitcode === 0) { - array_shift($result->output); $allowed_jobs = $result->output; + if (count($allowed_jobs) == 0) { + // no $allowed_jobs means that user has no job resources assigned. + $error = true; + $this->output = []; + $this->error = JobError::ERROR_NO_ERRORS; + } } else { $error = true; $this->output = $result->output; diff --git a/gui/baculum/protected/API/Pages/API/JobsOnVolume.php b/gui/baculum/protected/API/Pages/API/JobsOnVolume.php index 8c56fe939..62b08643e 100644 --- a/gui/baculum/protected/API/Pages/API/JobsOnVolume.php +++ b/gui/baculum/protected/API/Pages/API/JobsOnVolume.php @@ -34,11 +34,18 @@ class JobsOnVolume extends BaculumAPIServer { $error = false; $result = $this->getModule('bconsole')->bconsoleCommand( $this->director, - array('.jobs') + ['.jobs'], + null, + true ); if ($result->exitcode === 0) { - array_shift($result->output); $allowed = $result->output; + if (count($allowed) == 0) { + // no $allowed means that user has no job resources assigned. + $error = true; + $this->output = []; + $this->error = JobError::ERROR_NO_ERRORS; + } } else { $error = true; $this->output = $result->output; diff --git a/gui/baculum/protected/API/Pages/API/JobsRecent.php b/gui/baculum/protected/API/Pages/API/JobsRecent.php index eb94c3c72..c42915a73 100644 --- a/gui/baculum/protected/API/Pages/API/JobsRecent.php +++ b/gui/baculum/protected/API/Pages/API/JobsRecent.php @@ -59,9 +59,13 @@ class JobsRecent extends BaculumAPIServer { $this->output = FileSetError::MSG_ERROR_FILESET_DOES_NOT_EXISTS; $this->error = FileSetError::ERROR_FILESET_DOES_NOT_EXISTS; } else { - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.jobs')); + $result = $this->getModule('bconsole')->bconsoleCommand( + $this->director, + ['.jobs'], + null, + true + ); if ($result->exitcode === 0) { - array_shift($result->output); if (in_array($jobname, $result->output)) { $jobs = $this->getModule('job')->getRecentJobids($jobname, $clientid, $filesetid, $inc_copy_job); if (is_array($jobs)) { diff --git a/gui/baculum/protected/API/Pages/API/JobsShow.php b/gui/baculum/protected/API/Pages/API/JobsShow.php index 3538ee35a..eb4b140d2 100644 --- a/gui/baculum/protected/API/Pages/API/JobsShow.php +++ b/gui/baculum/protected/API/Pages/API/JobsShow.php @@ -32,11 +32,12 @@ class JobsShow extends BaculumAPIServer { public function get() { $result = $this->getModule('bconsole')->bconsoleCommand( $this->director, - array('.jobs') + ['.jobs'], + null, + true ); $job = null; if ($result->exitcode === 0) { - array_shift($result->output); if ($this->Request->contains('name')) { if (in_array($this->Request['name'], $result->output)) { $job = $this->Request['name']; diff --git a/gui/baculum/protected/API/Pages/API/Pool.php b/gui/baculum/protected/API/Pages/API/Pool.php index 050311271..03648de61 100644 --- a/gui/baculum/protected/API/Pages/API/Pool.php +++ b/gui/baculum/protected/API/Pages/API/Pool.php @@ -32,10 +32,11 @@ class Pool extends BaculumAPIServer { $poolid = $this->Request->contains('id') ? intval($this->Request['id']) : 0; $result = $this->getModule('bconsole')->bconsoleCommand( $this->director, - array('.pool') + ['.pool'], + null, + true ); if ($result->exitcode === 0) { - array_shift($result->output); $pool = $this->getModule('pool')->getPoolById($poolid); if(!is_null($pool) && in_array($pool->name, $result->output)) { $this->output = $pool; diff --git a/gui/baculum/protected/API/Pages/API/Pools.php b/gui/baculum/protected/API/Pages/API/Pools.php index b088176fe..86da3c0e8 100644 --- a/gui/baculum/protected/API/Pages/API/Pools.php +++ b/gui/baculum/protected/API/Pages/API/Pools.php @@ -31,9 +31,13 @@ class Pools extends BaculumAPIServer { public function get() { $limit = $this->Request->contains('limit') ? intval($this->Request['limit']) : 0; $pools = $this->getModule('pool')->getPools($limit); - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.pool')); + $result = $this->getModule('bconsole')->bconsoleCommand( + $this->director, + ['.pool'], + null, + true + ); if ($result->exitcode === 0) { - array_shift($result->output); if (is_array($pools) && count($pools) > 0) { $pools_output = array(); foreach($pools as $pool) { diff --git a/gui/baculum/protected/API/Pages/API/VolumesRequired.php b/gui/baculum/protected/API/Pages/API/VolumesRequired.php index 3216f8085..1bbeab11f 100644 --- a/gui/baculum/protected/API/Pages/API/VolumesRequired.php +++ b/gui/baculum/protected/API/Pages/API/VolumesRequired.php @@ -34,10 +34,11 @@ class VolumesRequired extends BaculumAPIServer { $fileid = $this->Request->contains('fileid') ? intval($this->Request['fileid']) : 0; $result = $this->getModule('bconsole')->bconsoleCommand( $this->director, - array('.jobs') + ['.jobs'], + null, + true ); if ($result->exitcode === 0) { - array_shift($result->output); $job = $this->getModule('job')->getJobById($jobid); if(is_object($job) && in_array($job->name, $result->output)) { $volumes = $this->getModule('volume')->getVolumesForJob($jobid, $fileid);