diff options
author | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-04-02 15:36:52 +0000 |
---|---|---|
committer | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-04-02 15:36:52 +0000 |
commit | 5e4a433942e07261a01f14519bcd28b3a5271c91 (patch) | |
tree | ce29c324068c86f005d90f0ec13050383425e615 | |
parent | 5160f49d9546dc4a33fff23e75b03b5ac13de570 (diff) | |
download | zabbix-5e4a433942e07261a01f14519bcd28b3a5271c91.tar.gz zabbix-5e4a433942e07261a01f14519bcd28b3a5271c91.tar.xz zabbix-5e4a433942e07261a01f14519bcd28b3a5271c91.zip |
- fixed action access check (Artem)
git-svn-id: svn://svn.zabbix.com/trunk@5580 97f52cf1-0a1b-0410-bd0e-c28be96e8082
-rw-r--r-- | frontends/php/include/actions.inc.php | 101 | ||||
-rw-r--r-- | frontends/php/popup.php | 52 |
2 files changed, 68 insertions, 85 deletions
diff --git a/frontends/php/include/actions.inc.php b/frontends/php/include/actions.inc.php index e9087568..e50b51f6 100644 --- a/frontends/php/include/actions.inc.php +++ b/frontends/php/include/actions.inc.php @@ -22,19 +22,16 @@ include_once 'include/discovery.inc.php'; ?> <?php - function action_accessiable($actionid,$perm) - { + function action_accessiable($actionid,$perm){ global $USER_DETAILS; $result = false; - if ( DBselect('select actionid from actions where actionid='.$actionid. - ' and '.DBin_node('actionid')) ) - { + if (DBselect('select actionid from actions where actionid='.$actionid.' and '.DBin_node('actionid'))){ $result = true; - $denyed_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_MODE_LT); - $denyed_groups = get_accessible_groups_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_MODE_LT); + $available_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY); + $available_groups = get_accessible_groups_by_user($USER_DETAILS,PERM_READ_ONLY); $db_result = DBselect('SELECT * FROM conditions WHERE actionid='.$actionid); while(($ac_data = DBfetch($db_result)) && $result) @@ -43,26 +40,24 @@ include_once 'include/discovery.inc.php'; switch($ac_data['conditiontype']){ case CONDITION_TYPE_HOST_GROUP: - if(uint_in_array($ac_data['value'],explode(',',$denyed_groups))) - { + if(!uint_in_array($ac_data['value'],explode(',',$available_groups))){ $result = false; } break; case CONDITION_TYPE_HOST: - if(uint_in_array($ac_data['value'],explode(',',$denyed_hosts))) - { + if(!uint_in_array($ac_data['value'],explode(',',$available_hosts))){ $result = false; } break; case CONDITION_TYPE_TRIGGER: - if(!DBfetch(DBselect('SELECT DISTINCT t.*'. - ' FROM triggers t,items i,functions f,events e'. - ' WHERE f.itemid=i.itemid '. - ' AND t.triggerid=f.triggerid'. - ' AND i.hostid NOT IN ('.$denyed_hosts.') '. - ' AND e.eventid='.$ac_data['value']. - ' AND t.triggerid=e.objectid'))) - { + $sql = 'SELECT DISTINCT t.triggerid'. + ' FROM triggers t,items i,functions f '. + ' WHERE t.triggerid='.$ac_data['value']. + ' AND f.triggerid=t.triggerid'. + ' AND i.itemid=f.itemid '. + ' AND i.hostid NOT IN ('.$available_hosts.')'; + + if(DBfetch(DBselect($sql,1))){ $result = false; } break; @@ -72,44 +67,42 @@ include_once 'include/discovery.inc.php'; return $result; } - function check_permission_for_action_conditions($conditions) - { + function check_permission_for_action_conditions($conditions){ global $USER_DETAILS; $result = true; - $denyed_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_MODE_LT); - $denyed_groups = get_accessible_groups_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_MODE_LT); + $available_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY); + $available_groups = get_accessible_groups_by_user($USER_DETAILS,PERM_READ_ONLY); - foreach($conditions as $ac_data) - { + foreach($conditions as $ac_data){ if($ac_data['operator'] != 0) continue; switch($ac_data['type']) { case CONDITION_TYPE_HOST_GROUP: - if(uint_in_array($ac_data['value'],explode(',',$denyed_groups))) - { + if(!uint_in_array($ac_data['value'],explode(',',$available_groups))){ error(S_INCORRECT_GROUP); $result = false; } break; case CONDITION_TYPE_HOST: - if(uint_in_array($ac_data['value'],explode(',',$denyed_hosts))) - { + if(!uint_in_array($ac_data['value'],explode(',',$available_hosts))){ error(S_INCORRECT_HOST); $result = false; } break; case CONDITION_TYPE_TRIGGER: - if(!DBfetch(DBselect('SELECT DISTINCT t.*'. - ' FROM triggers t,items i,functions f,events e'. - ' WHERE f.itemid=i.itemid '. - ' AND t.triggerid=f.triggerid'. - ' AND i.hostid NOT IN ('.$denyed_hosts.') '. - ' AND e.eventid='.$ac_data['value']. - ' AND t.triggerid=e.objectid'))) - { + $sql = 'SELECT DISTINCT t.triggerid'. + ' FROM triggers t,items i,functions f '. //,events e'. + ' WHERE t.triggerid='.$ac_data['value']. + ' AND f.triggerid=t.triggerid'. + ' AND i.itemid=f.itemid '. + ' AND i.hostid NOT IN ('.$available_hosts.')'; +// ' AND e.eventid='.$ac_data['value']. +// ' AND t.triggerid=e.objectid'; + + if(DBfetch(DBselect($sql,1))){ error(S_INCORRECT_TRIGGER); $result = false; } @@ -749,29 +742,23 @@ include_once 'include/discovery.inc.php'; return true; } - function validate_commands($commands) - { + function validate_commands($commands){ $cmd_list = split("\n",$commands); - foreach($cmd_list as $cmd) - { + foreach($cmd_list as $cmd){ $cmd = trim($cmd, "\x00..\x1F"); if(!ereg("^(({HOSTNAME})|([0-9a-zA-Z\_\.[.-.]]{1,}))(:|#)[[:print:]]*$",$cmd,$cmd_items)){ error("Incorrect command: '$cmd'"); return FALSE; } - if($cmd_items[4] == "#") - { // group - if(!DBfetch(DBselect("select groupid from groups where name=".zbx_dbstr($cmd_items[1])))) - { + + if($cmd_items[4] == "#"){ // group + if(!DBfetch(DBselect("select groupid from groups where name=".zbx_dbstr($cmd_items[1])))){ error("Unknown group name: '".$cmd_items[1]."' in command ".$cmd."'"); return FALSE; } } - elseif($cmd_items[4] == ":") - { // host - if( $cmd_items[1] != '{HOSTNAME}' && - !DBfetch(DBselect("select hostid from hosts where host=".zbx_dbstr($cmd_items[1]))) ) - { + else if($cmd_items[4] == ":"){ // host + if(($cmd_items[1] != '{HOSTNAME}') && !DBfetch(DBselect("select hostid from hosts where host=".zbx_dbstr($cmd_items[1])))){ error("Unknown host name '".$cmd_items[1]."' in command '".$cmd."'"); return FALSE; } @@ -783,7 +770,7 @@ include_once 'include/discovery.inc.php'; function get_history_of_actions($start,$num){ global $USER_DETAILS; - $denyed_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY, PERM_MODE_LT); + $available_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY); $table = new CTableInfo(S_NO_ACTIONS_FOUND); $table->SetHeader(array( @@ -804,17 +791,15 @@ include_once 'include/discovery.inc.php'; ' AND e.eventid = a.eventid'. ' AND e.objectid=f.triggerid '. ' AND f.itemid=i.itemid '. - ' AND i.hostid not in ('.$denyed_hosts.')'. + ' AND i.hostid IN ('.$available_hosts.')'. ' AND '.DBin_node('a.alertid'). order_by('a.clock,a.alertid,mt.description,a.sendto,a.status,a.retries'), 10*$start+$num); $col=0; $skip=$start; - while(($row=DBfetch($result))&&($col<$num)) - { - if($skip > 0) - { + while(($row=DBfetch($result))&&($col<$num)){ + if($skip > 0) { $skip--; continue; } @@ -869,7 +854,7 @@ include_once 'include/discovery.inc.php'; function get_actions_for_event($eventid){ global $USER_DETAILS; - $denyed_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY, PERM_MODE_LT); + $available_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY); $table = new CTableInfo(S_NO_ACTIONS_FOUND); $table->SetHeader(array( @@ -891,7 +876,7 @@ function get_actions_for_event($eventid){ ' AND e.eventid = a.eventid'. ' AND e.objectid=f.triggerid '. ' AND f.itemid=i.itemid '. - ' AND i.hostid not in ('.$denyed_hosts.')'. + ' AND i.hostid IN ('.$available_hosts.')'. ' AND '.DBin_node('a.alertid'). order_by('a.clock,a.alertid,mt.description,a.sendto,a.status,a.retries')); diff --git a/frontends/php/popup.php b/frontends/php/popup.php index b8264bb7..8c52c6e7 100644 --- a/frontends/php/popup.php +++ b/frontends/php/popup.php @@ -246,7 +246,7 @@ include_once "include/page_header.php"; array_push($validation_param, "always_select_first_host"); validate_group_with_host(PERM_READ_LIST,$validation_param); } - elseif(str_in_array($srctbl,array('hosts','templates','host_templates'))){ + else if(str_in_array($srctbl,array('hosts','templates','host_templates'))){ validate_group(PERM_READ_LIST,$validation_param); } @@ -444,7 +444,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "templates") + else if($srctbl == "templates") { $existed_templates = get_request('existed_templates', array()); $templates = get_request('templates', array()); @@ -454,7 +454,7 @@ include_once "include/page_header.php"; { show_error_message('Conflict between selected templates'); } - elseif(isset($_REQUEST['select'])) + else if(isset($_REQUEST['select'])) { $new_templates = array_diff($templates, $existed_templates); if(count($new_templates) > 0) @@ -534,7 +534,7 @@ include_once "include/page_header.php"; $form->AddItem($table); $form->Show(); } - elseif(str_in_array($srctbl,array("host_group"))) + else if(str_in_array($srctbl,array("host_group"))) { $accessible_groups = get_accessible_groups_by_user($USER_DETAILS,PERM_READ_ONLY); @@ -564,7 +564,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif(str_in_array($srctbl,array('host_templates'))) + else if(str_in_array($srctbl,array('host_templates'))) { $table = new CTableInfo(S_NO_TEMPLATES_DEFINED); $table->SetHeader(array(S_NAME)); @@ -599,7 +599,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "usrgrp") + else if($srctbl == "usrgrp") { $table = new CTableInfo(S_NO_GROUPS_DEFINED); $table->SetHeader(array(S_NAME)); @@ -629,7 +629,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "users") + else if($srctbl == "users") { $table = new CTableInfo(S_NO_USERS_DEFINED); $table->SetHeader(array(S_NAME)); @@ -658,7 +658,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "help_items") + else if($srctbl == "help_items") { $table = new CTableInfo(S_NO_ITEMS); $table->SetHeader(array(S_KEY,S_DESCRIPTION)); @@ -687,24 +687,22 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "triggers") - { + else if($srctbl == "triggers"){ $table = new CTableInfo(S_NO_TRIGGERS_DEFINED); $table->SetHeader(array( S_NAME, S_SEVERITY, S_STATUS)); - $sql = 'SELECT h.host,t.triggerid,t.description,t.expression,t.priority,t.status,'. - 'count(d.triggerid_up) as dep_count '. + $sql = 'SELECT h.host,t.triggerid,t.description,t.expression,t.priority,t.status,count(d.triggerid_up) as dep_count '. ' FROM hosts h,items i,functions f, triggers t'. - ' left join trigger_depends d on d.triggerid_down=t.triggerid '. + ' LEFT JOIN trigger_depends d ON d.triggerid_down=t.triggerid '. ' WHERE f.itemid=i.itemid '. ' AND h.hostid=i.hostid '. ' AND t.triggerid=f.triggerid'. ' AND '.DBin_node('t.triggerid', $nodeid). - ' and h.hostid in ('.$accessible_hosts.')'. - ' and h.status in ('.implode(',', $host_status).')'; + ' AND h.hostid in ('.$accessible_hosts.')'. + ' AND h.status in ('.implode(',', $host_status).')'; if(isset($hostid)) $sql .= ' AND h.hostid='.$hostid; @@ -771,7 +769,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "logitems") + else if($srctbl == "logitems") { insert_js_function('add_item_variable'); @@ -814,7 +812,7 @@ include_once "include/page_header.php"; $table->Show(); } - elseif($srctbl == "items") + else if($srctbl == "items") { $table = new CTableInfo(S_NO_GROUPS_DEFINED); $table->SetHeader(array( @@ -867,7 +865,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "applications") + else if($srctbl == "applications") { $table = new CTableInfo(S_NO_APPLICATIONS_DEFINED); $table->SetHeader(array( @@ -908,7 +906,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "nodes") + else if($srctbl == "nodes") { $table = new CTableInfo(S_NO_NODES_DEFINED); $table->SetHeader(S_NAME); @@ -935,7 +933,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "graphs") + else if($srctbl == "graphs") { $table = new CTableInfo(S_NO_GRAPHS_DEFINED); $table->SetHeader(array(S_NAME,S_GRAPH_TYPE)); @@ -998,7 +996,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "simple_graph") + else if($srctbl == "simple_graph") { $table = new CTableInfo(S_NO_ITEMS_DEFINED); $table->SetHeader(array( @@ -1055,7 +1053,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "sysmaps") + else if($srctbl == "sysmaps") { $table = new CTableInfo(S_NO_MAPS_DEFINED); $table->SetHeader(array(S_NAME)); @@ -1094,7 +1092,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif($srctbl == "plain_text") + else if($srctbl == "plain_text") { $table = new CTableInfo(S_NO_ITEMS_DEFINED); $table->SetHeader(array( @@ -1151,7 +1149,7 @@ include_once "include/page_header.php"; } $table->Show(); } - elseif('slides' == $srctbl) + else if('slides' == $srctbl) { require_once "include/screens.inc.php"; @@ -1182,7 +1180,7 @@ include_once "include/page_header.php"; $table->Show(); } - elseif($srctbl == 'screens') + else if($srctbl == 'screens') { require_once "include/screens.inc.php"; @@ -1214,7 +1212,7 @@ include_once "include/page_header.php"; $table->Show(); } - elseif($srctbl == 'screens2') + else if($srctbl == 'screens2') { require_once "include/screens.inc.php"; @@ -1255,7 +1253,7 @@ include_once "include/page_header.php"; $table->Show(); } - elseif($srctbl == "overview") + else if($srctbl == "overview") { $table = new CTableInfo(S_NO_GROUPS_DEFINED); $table->SetHeader(S_NAME); |