diff options
| author | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-04-02 11:44:34 +0000 |
|---|---|---|
| committer | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-04-02 11:44:34 +0000 |
| commit | 908fda905acd739d8d2376ffb33f7e5a63faf26c (patch) | |
| tree | 55f16bf5ae2a95e9dbbf6266f17be864f2d2db32 /frontends/php/chart5.php | |
| parent | 82e68eabae069748d6691cab742f5fde436a56cb (diff) | |
| download | zabbix-908fda905acd739d8d2376ffb33f7e5a63faf26c.tar.gz zabbix-908fda905acd739d8d2376ffb33f7e5a63faf26c.tar.xz zabbix-908fda905acd739d8d2376ffb33f7e5a63faf26c.zip | |
- improvements in permissions (Artem)
git-svn-id: svn://svn.zabbix.com/trunk@5577 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/chart5.php')
| -rw-r--r-- | frontends/php/chart5.php | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/frontends/php/chart5.php b/frontends/php/chart5.php index 23b3347c..490eeadc 100644 --- a/frontends/php/chart5.php +++ b/frontends/php/chart5.php @@ -38,19 +38,34 @@ include_once "include/page_header.php"; check_fields($fields); ?> <?php - if(! (DBfetch(DBselect('select serviceid from services where serviceid='.$_REQUEST["serviceid"]))) ) - { + if(!DBfetch(DBselect('select serviceid from services where serviceid='.$_REQUEST["serviceid"]))){ fatal_error(S_NO_IT_SERVICE_DEFINED); } - $denyed_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY,PERM_MODE_LT); + $available_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY); - if( !($service = DBfetch(DBselect("select s.* from services s left join triggers t on s.triggerid=t.triggerid ". - " left join functions f on t.triggerid=f.triggerid left join items i on f.itemid=i.itemid ". - " where (i.hostid is NULL or i.hostid not in (".$denyed_hosts.")) ". - " and s.serviceid=".$_REQUEST["serviceid"] - )))) - { + $sql = 'SELECT s.serviceid '. + ' FROM services s, triggers t, functions f, items i '. + ' WHERE s.serviceid='.$_REQUEST['serviceid']. + ' AND t.triggerid=s.triggerid '. + ' AND f.triggerid=t.triggerid '. + ' AND i.itemid=f.itemid '. + ' AND i.hostid NOT IN ('.$available_hosts.')'; + + if(DBfetch(DBselect($sql,1))){ + access_deny(); + } + + + $sql = 'SELECT s.* '. + ' FROM services s '. + ' LEFT JOIN triggers t ON s.triggerid=t.triggerid '. + ' LEFT JOIN functions f ON t.triggerid=f.triggerid '. + ' LEFT JOIN items i on f.itemid=i.itemid '. + ' WHERE s.serviceid='.$_REQUEST['serviceid']. + ' AND i.hostid IN ('.$available_hosts.')'; + + if(!$service = DBfetch(DBselect($sql))){ access_deny(); } ?> |