diff options
author | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-04-02 11:44:34 +0000 |
---|---|---|
committer | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-04-02 11:44:34 +0000 |
commit | 908fda905acd739d8d2376ffb33f7e5a63faf26c (patch) | |
tree | 55f16bf5ae2a95e9dbbf6266f17be864f2d2db32 /frontends/php/chart4.php | |
parent | 82e68eabae069748d6691cab742f5fde436a56cb (diff) | |
download | zabbix-908fda905acd739d8d2376ffb33f7e5a63faf26c.tar.gz zabbix-908fda905acd739d8d2376ffb33f7e5a63faf26c.tar.xz zabbix-908fda905acd739d8d2376ffb33f7e5a63faf26c.zip |
- improvements in permissions (Artem)
git-svn-id: svn://svn.zabbix.com/trunk@5577 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/chart4.php')
-rw-r--r-- | frontends/php/chart4.php | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/frontends/php/chart4.php b/frontends/php/chart4.php index bda1094b..c279d7ea 100644 --- a/frontends/php/chart4.php +++ b/frontends/php/chart4.php @@ -38,19 +38,33 @@ include_once "include/page_header.php"; check_fields($fields); ?> <?php - $denyed_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_MODE_LT); + $available_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY); - if(! (DBfetch(DBselect('select distinct t.triggerid from triggers t where t.triggerid='.$_REQUEST['triggerid']))) ) - { + if(!DBfetch(DBselect('select distinct t.triggerid from triggers t where t.triggerid='.$_REQUEST['triggerid']))){ fatal_error(S_NO_TRIGGER_DEFINED); } - - if(! ($db_data = DBfetch(DBselect('select distinct t.triggerid,t.description,t.expression,h.host,h.hostid '. - ' from hosts h, items i, functions f, triggers t'. - ' where h.hostid=i.hostid and i.itemid=f.itemid and f.triggerid=t.triggerid and t.triggerid='.$_REQUEST["triggerid"]. - ' and i.hostid not in ('.$denyed_hosts.') ' - )))) - { + + $sql = 'SELECT t.triggerid '. + ' FROM hosts h, items i, functions f, triggers t'. + ' WHERE h.hostid=i.hostid '. + ' AND i.itemid=f.itemid '. + ' AND f.triggerid=t.triggerid '. + ' AND t.triggerid='.$_REQUEST['triggerid']. + ' AND i.hostid NOT IN ('.$available_hosts.') '; + + if(DBfetch(DBselect($sql,1))){ + access_deny(); + } + + $sql = 'SELECT DISTINCT t.triggerid,t.description,t.expression, h.host,h.hostid '. + ' FROM hosts h, items i, functions f, triggers t'. + ' WHERE h.hostid=i.hostid '. + ' AND i.itemid=f.itemid '. + ' AND f.triggerid=t.triggerid '. + ' AND t.triggerid='.$_REQUEST["triggerid"]. + ' AND i.hostid IN ('.$available_hosts.')'; + + if(!$db_data = DBfetch(DBselect($sql))){ access_deny(); } |