diff options
| author | osmiy <osmiy@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-10-25 13:13:02 +0000 |
|---|---|---|
| committer | osmiy <osmiy@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-10-25 13:13:02 +0000 |
| commit | 4da027caebdac710d323f4cab0e1642bd1ec5a5b (patch) | |
| tree | f3f2b2878f929da0825b9ee47f529515ff6a925d /frontends/php/include | |
| parent | d23332dbc5dabb29dfec400d2d9ba782b46b5615 (diff) | |
| download | zabbix-4da027caebdac710d323f4cab0e1642bd1ec5a5b.tar.gz zabbix-4da027caebdac710d323f4cab0e1642bd1ec5a5b.tar.xz zabbix-4da027caebdac710d323f4cab0e1642bd1ec5a5b.zip | |
- improved permission system for nondistributed system
git-svn-id: svn://svn.zabbix.com/trunk@3381 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/include')
| -rw-r--r-- | frontends/php/include/config.inc.php | 16 | ||||
| -rw-r--r-- | frontends/php/include/forms.inc.php | 45 | ||||
| -rw-r--r-- | frontends/php/include/page_footer.php | 8 | ||||
| -rw-r--r-- | frontends/php/include/page_header.php | 82 | ||||
| -rw-r--r-- | frontends/php/include/perm.inc.php | 144 | ||||
| -rw-r--r-- | frontends/php/include/users.inc.php | 2 |
6 files changed, 214 insertions, 83 deletions
diff --git a/frontends/php/include/config.inc.php b/frontends/php/include/config.inc.php index 48107e47..b4bc5364 100644 --- a/frontends/php/include/config.inc.php +++ b/frontends/php/include/config.inc.php @@ -31,9 +31,6 @@ function SDI($msg="SDI") { echo "DEBUG INFO: "; if(is_array($msg)) print_r($msg) $USER_RIGHTS = array(); $ERROR_MSG = array(); $INFO_MSG = array(); - - - $ZBX_LOCALNODEID = 1; // Local node // END OF GLOBALS // if magic quotes on then get rid of them @@ -85,6 +82,19 @@ function SDI($msg="SDI") { echo "DEBUG INFO: "; if(is_array($msg)) print_r($msg) include_once("include/classes/cserverinfo.mod.php"); include_once("include/classes/cflashclock.mod.php"); + /* Init LOCAL NODE ID */ + if($local_node_data = DBfetch(DBselect('select nodeid from nodes where nodetype=1 order by nodeid'))) + { + $ZBX_LOCALNODEID = $local_node_data['nodeid']; + define('ZBX_DISTRIBUTED', true); + } + else + { + $ZBX_LOCALNODEID = 0; + define('ZBX_DISTRIBUTED', false); + } + unset($local_node_data); + function access_deny() { include_once "include/page_header.php"; diff --git a/frontends/php/include/forms.inc.php b/frontends/php/include/forms.inc.php index eda29d7d..02231a95 100644 --- a/frontends/php/include/forms.inc.php +++ b/frontends/php/include/forms.inc.php @@ -564,25 +564,31 @@ function get_rights_of_elements_table($rights=array(),$user_type=USER_TYPE_ZABBIX_USER) { + global $ZBX_LOCALNODEID; + $table = new CTable('S_NO_ACCESSIBLE_RESOURCES', 'right_table'); $table->SetHeader(array(SPACE, S_READ_WRITE, S_READ_ONLY, S_DENY),'header'); - $lst['node']['label'] = S_NODES; - $lst['node']['read_write'] = new CListBox('nodes_write' ,null ,6); - $lst['node']['read_only'] = new CListBox('nodes_read' ,null ,6); - $lst['node']['deny'] = new CListBox('nodes_deny' ,null ,6); + if(ZBX_DISTRIBUTED) + { + $lst['node']['label'] = S_NODES; + $lst['node']['read_write'] = new CListBox('nodes_write' ,null ,6); + $lst['node']['read_only'] = new CListBox('nodes_read' ,null ,6); + $lst['node']['deny'] = new CListBox('nodes_deny' ,null ,6); - $nodes = get_accessible_nodes_by_rights($rights, $user_type, PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY); + $nodes = get_accessible_nodes_by_rights($rights, $user_type, PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY); - foreach($nodes as $node) - { - switch($node['permission']) + foreach($nodes as $node) { - case PERM_READ_ONLY: $list_name='read_only'; break; - case PERM_READ_WRITE: $list_name='read_write'; break; - default: $list_name='deny'; break; + switch($node['permission']) + { + case PERM_READ_ONLY: $list_name='read_only'; break; + case PERM_READ_WRITE: $list_name='read_write'; break; + default: $list_name='deny'; break; + } + $lst['node'][$list_name]->AddItem($node['nodeid'],$node['name']); } - $lst['node'][$list_name]->AddItem($node['nodeid'],$node['name']); + unset($nodes); } $lst['group']['label'] = S_HOST_GROUPS; @@ -590,7 +596,8 @@ $lst['group']['read_only'] = new CListBox('groups_read' ,null ,10); $lst['group']['deny'] = new CListBox('groups_deny' ,null ,10); - $groups = get_accessible_groups_by_rights($rights, $user_type, PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY); + $groups = get_accessible_groups_by_rights($rights, $user_type, PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY, + ZBX_DISTRIBUTED ? null : $ZBX_LOCALNODEID); foreach($groups as $group) { @@ -602,13 +609,16 @@ } $lst['group'][$list_name]->AddItem($group['groupid'],$group['node_name'].':'.$group['name']); } + unset($groups); $lst['host']['label'] = S_HOSTS; $lst['host']['read_write'] = new CListBox('hosts_write' ,null ,15); $lst['host']['read_only'] = new CListBox('hosts_read' ,null ,15); $lst['host']['deny'] = new CListBox('hosts_deny' ,null ,15); - $hosts = get_accessible_hosts_by_rights($rights, $user_type, PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY); + $hosts = get_accessible_hosts_by_rights($rights, $user_type, PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY, + ZBX_DISTRIBUTED ? null : $ZBX_LOCALNODEID); + foreach($hosts as $host) { switch($host['permission']) @@ -619,6 +629,7 @@ } $lst['host'][$list_name]->AddItem($host['hostid'],$host['node_name'].':'.$host['host']); } + unset($hosts); foreach($lst as $name => $lists) { @@ -629,6 +640,7 @@ } $table->AddRow($row); } + unset($lst); return $table; } @@ -2772,6 +2784,7 @@ function insert_hostgroups_form() { global $_REQUEST; + global $USER_DETAILS; $hosts = get_request("hosts",array()); $frm_title = S_HOST_GROUP; @@ -2810,7 +2823,9 @@ $cmbHosts = new CListBox("hosts[]",$hosts,10); $db_hosts=DBselect("select distinct hostid,host from hosts". - " where status<>".HOST_STATUS_DELETED." order by host"); + " where status<>".HOST_STATUS_DELETED. + " and hostid not in (".get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT).")". + " order by host"); while($db_host=DBfetch($db_hosts)) { $cmbHosts->AddItem($db_host["hostid"],$db_host["host"]); diff --git a/frontends/php/include/page_footer.php b/frontends/php/include/page_footer.php index 81f083df..055ef415 100644 --- a/frontends/php/include/page_footer.php +++ b/frontends/php/include/page_footer.php @@ -17,6 +17,10 @@ ** along with this program; if not, write to the Free Software ** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. **/ +?> +<?php + require_once("include/config.inc.php"); + global $USER_DETAILS; global $page; @@ -37,8 +41,8 @@ "page_footer_l"), new CCol(array( new CSpan(SPACE.SPACE."|".SPACE.SPACE,"divider"), - S_CONNECTED_AS.SPACE."'".$USER_DETAILS["alias"]."'".SPACE. - S_FROM_SMALL.SPACE."'".$USER_DETAILS["node"]['name']."'" + S_CONNECTED_AS.SPACE."'".$USER_DETAILS["alias"]."'". + (ZBX_DISTRIBUTED ? SPACE.S_FROM_SMALL.SPACE."'".$USER_DETAILS["node"]['name']."'" : '') ), "page_footer_r") )); diff --git a/frontends/php/include/page_header.php b/frontends/php/include/page_header.php index 011254a7..d3be3a47 100644 --- a/frontends/php/include/page_header.php +++ b/frontends/php/include/page_header.php @@ -35,6 +35,7 @@ COpt::profiling_start("page"); if(!isset($page["type"])) $page["type"] = PAGE_TYPE_HTML; if(!isset($page["file"])) $page["file"] = basename($_SERVER['PHP_SELF']); + /* Authorize user */ if(!defined('ZBX_PAGE_NO_AUTHERIZATION')) { check_authorisation(); @@ -45,21 +46,29 @@ COpt::profiling_start("page"); include_once "include/locales/en_gb.inc.php"; process_locales(); - $ZBX_CURNODEID = get_cookie('current_nodeid', $ZBX_LOCALNODEID); // Selected node - if(isset($_REQUEST['switch_node'])) + /* Init CURRENT NODE ID */ + if(ZBX_DISTRIBUTED) { - if(DBfetch(DBselect("select nodeid from nodes where nodeid=".$_REQUEST['switch_node']))) - $ZBX_CURNODEID = $_REQUEST['switch_node']; + $ZBX_CURNODEID = get_cookie('current_nodeid', $ZBX_LOCALNODEID); // Selected node + if(isset($_REQUEST['switch_node'])) + { + if(DBfetch(DBselect("select nodeid from nodes where nodeid=".$_REQUEST['switch_node']))) + $ZBX_CURNODEID = $_REQUEST['switch_node']; + } + + if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_LIST,null,PERM_RES_IDS_ARRAY,$ZBX_CURNODEID)) <= 0) + { + $denyed_page_requested = true; + $ZBX_CURNODEID = $ZBX_LOCALNODEID; + } + + setcookie("current_nodeid",$ZBX_CURNODEID); } - - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_LIST,null,PERM_RES_IDS_ARRAY,$ZBX_CURNODEID)) <= 0) + else { - $denyed_page_requested = true; $ZBX_CURNODEID = $ZBX_LOCALNODEID; } - setcookie("current_nodeid",$ZBX_CURNODEID); - switch($page["type"]) { case PAGE_TYPE_IMAGE: @@ -189,7 +198,7 @@ COpt::profiling_start("page"); "default_page_id" => 0, "pages"=>array( array("url"=>"admin.php" ,"label"=>S_ADMINISTRATION ), - array("url"=>"nodes.php" ,"label"=>S_NODES ), + ZBX_DISTRIBUTED ? array("url"=>"nodes.php" ,"label"=>S_NODE) : null , array("url"=>"users.php" ,"label"=>S_USERS , "sub_pages"=>array("popup_media.php", "popup_usrgrp.php","popup_right.php","popup_users.php") @@ -262,16 +271,25 @@ COpt::profiling_start("page"); unset($menu_url); foreach($sub['pages'] as $sub_pages) { - if($page['file'] == $sub_pages['url'] && isset($sub_pages['label'])) + + if($page['file'] == $sub_pages['url']) { - $menu_url = $sub_pages['url']; + if(isset($sub_pages['label'])) + { + $menu_url = $sub_pages['url']; + } + $page_exist = true; break; } else if(isset($sub_pages['sub_pages'])) { if(in_array($page['file'], $sub_pages['sub_pages'])) { - $menu_url = $sub_pages['url']; + if(isset($sub_pages['label'])) + { + $menu_url = $sub_pages['url']; + } + $page_exist = true; break; } } @@ -279,6 +297,7 @@ COpt::profiling_start("page"); if(isset($menu_url)) /* active menu */ { + $class = "active"; update_profile('web.menu.'.$label.'.last', $menu_url); @@ -331,21 +350,28 @@ COpt::compare_files_with_menu($ZBX_MENU); $menu_table->SetCellPadding(5); $menu_table->AddRow($main_menu_row); - $lst_nodes = new CComboBox('switch_node', $ZBX_CURNODEID); - $db_nodes = DBselect('select * from nodes where nodeid in ('. - get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_LIST).') '. - ' order by name '); - while($node_data = DBfetch($db_nodes)) + if(ZBX_DISTRIBUTED) { - $lst_nodes->AddItem($node_data['nodeid'],$node_data['name']); - } - - $node_form = new CForm(); - $node_form->AddItem('Current node ['.$ZBX_CURNODEID.'] '); - $node_form->AddItem($lst_nodes); - unset($lst_nodes); - $node_form->AddItem(new CButton('submit',S_SWITCH)); + $lst_nodes = new CComboBox('switch_node', $ZBX_CURNODEID); + $db_nodes = DBselect('select * from nodes where nodeid in ('. + get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_LIST).') '. + ' order by name '); + while($node_data = DBfetch($db_nodes)) + { + $lst_nodes->AddItem($node_data['nodeid'],$node_data['name']); + } + $node_form = new CForm(); + $node_form->AddItem('Current node ['.$ZBX_CURNODEID.'] '); + $node_form->AddItem($lst_nodes); + unset($lst_nodes); + $node_form->AddItem(new CButton('submit',S_SWITCH)); + } + else + { + $node_form = null; + } + $table = new CTable(); $table->SetCellSpacing(0); $table->SetCellPadding(0); @@ -372,8 +398,8 @@ COpt::compare_files_with_menu($ZBX_MENU); unset($main_menu_row); unset($db_nodes, $node_data); unset($sub_menu_table, $sub_menu_row); - - if(isset($denyed_page_requested)) + + if((!isset($page_exist) || isset($denyed_page_requested)) && !isset($_REQUEST['message'])) { access_deny(); } diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php index 7763e327..27a1ed3e 100644 --- a/frontends/php/include/perm.inc.php +++ b/frontends/php/include/perm.inc.php @@ -152,26 +152,31 @@ COpt::counter_up('perm_host['.$userid.','.$perm.','.$perm_mode.','.$perm_res.','.$nodeid.']'); COpt::counter_up('perm'); - if(is_null($nodeid)) $where_nodeid = ''; - else if(is_array($nodeid)) $where_nodeid = ' and n.nodeid in ('.implode(',', $nodeid).') '; - else $where_nodeid = ' and n.nodeid in ('.$nodeid.') '; + $where = array(); + + if(is_array($nodeid)) array_push($where, DBid2nodeid('h.hostid').' in ('.implode(',', $nodeid).') '); + elseif(isset($nodeid)) array_push($where, DBid2nodeid('h.hostid').' in ('.$nodeid.') '); - if(is_null($hostid)) $where_hostid = ''; - else if(is_array($hostid)) $where_hostid = ' and h.hostid in ('.implode(',', $hostid).') '; - else $where_hostid = ' and h.hostid in ('.$hostid.') '; + if(is_array($hostid)) array_push($where, ' h.hostid in ('.implode(',', $hostid).') '); + elseif(isset($hostid)) array_push($where, ' h.hostid in ('.$hostid.') '); + + if(count($where)) $where = ' where '.implode(' and ',$where); + else $where = ''; $db_hosts = DBselect('select distinct n.nodeid,n.name as node_name,h.hostid,h.host, min(r.permission) as permission '. - ' from nodes n, users_groups ug '. + ' from users_groups ug '. ' left join rights r on r.groupid=ug.usrgrpid and r.type='.RESOURCE_TYPE_GROUP.' and ug.userid='.$userid. ' right join groups g on r.id=g.groupid '. ' left join hosts_groups hg on g.groupid=hg.groupid '. ' right join hosts h on hg.hostid=h.hostid '. - ' where '.DBid2nodeid('h.hostid').'=n.nodeid '.$where_nodeid.$where_hostid.' group by h.hostid'. - ' order by n.name, g.name, h.host'); - + ' left join nodes n on '.DBid2nodeid('h.hostid').'=n.nodeid '. + $where.' group by h.hostid'. + ' order by n.name,n.nodeid, g.name, h.host'); while($host_data = DBfetch($db_hosts)) { + if(is_null($host_data['nodeid'])) $host_data['nodeid'] = id2nodeid($host_data['hostid']); + /* if no rights defined used node rights */ if(is_null($host_data['permission'])) { @@ -180,7 +185,10 @@ COpt::counter_up('perm'); $nodes = get_accessible_nodes_by_user($user_data, PERM_DENY,PERM_MODE_GE,PERM_RES_DATA_ARRAY); } - $host_data['permission'] = $nodes[$host_data['nodeid']]['permission']; + if(!isset($nodes[$host_data['nodeid']])) + $host_data['permission'] = PERM_DENY; + else + $host_data['permission'] = $nodes[$host_data['nodeid']]['permission']; } if(eval('return ('.$host_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;')) @@ -221,20 +229,27 @@ COpt::counter_up('perm'); COpt::counter_up('perm_group['.$userid.','.$perm.','.$perm_mode.','.$perm_res.','.$nodeid.']'); COpt::counter_up('perm'); - if(is_null($nodeid)) $where_nodeid = ''; - else if(is_array($nodeid)) $where_nodeid = ' and n.nodeid in ('.implode(',', $nodeid).') '; - else $where_nodeid = ' and n.nodeid in ('.$nodeid.') '; + $where = array(); + if(is_array($nodeid)) array_push($where, DBid2nodeid('hg.groupid').' in ('.implode(',', $nodeid).') '); + elseif(isset($nodeid)) array_push($where, DBid2nodeid('hg.groupid').' in ('.$nodeid.') '); + + if(count($where)) $where = ' where '.implode(' and ',$where); + else $where = ''; + /* if no rights defined used node rights */ $db_groups = DBselect('select n.nodeid,n.name as node_name,hg.groupid,hg.name, min(r.permission) as permission '. - ' from nodes n, users_groups g '. + ' from users_groups g '. ' left join rights r on r.groupid=g.usrgrpid and r.type='.RESOURCE_TYPE_GROUP.' and g.userid='.$userid. ' right join groups hg on r.id=hg.groupid '. - ' where '.DBid2nodeid('hg.groupid').'=n.nodeid '.$where_nodeid. - ' group by hg.groupid, hg.name, g.userid order by n.name, hg.name'); + ' left join nodes n on '.DBid2nodeid('hg.groupid').'=n.nodeid '. + $where.' group by hg.groupid, hg.name, g.userid '. + ' order by n.name, hg.name'); while($group_data = DBfetch($db_groups)) { + if(is_null($group_data['nodeid'])) $group_data['nodeid'] = id2nodeid($group_data['groupid']); + /* deny if no rights defined */ if(is_null($group_data['permission'])) { @@ -243,7 +258,10 @@ COpt::counter_up('perm'); $nodes = get_accessible_nodes_by_user($user_data, PERM_DENY,PERM_MODE_GE,PERM_RES_DATA_ARRAY); } - $group_data['permission'] = $nodes[$group_data['nodeid']]['permission']; + if(!isset($nodes[$group_data['nodeid']])) + $group_data['permission'] = PERM_DENY; + else + $group_data['permission'] = $nodes[$group_data['nodeid']]['permission']; } if(eval('return ('.$group_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;')) @@ -295,8 +313,28 @@ COpt::counter_up('perm'); ' right join nodes n on r.id=n.nodeid'.$where_nodeid. ' group by n.nodeid'); - while($node_data = DBfetch($db_nodes)) + while(($node_data = DBfetch($db_nodes)) || (!isset($do_break) && !ZBX_DISTRIBUTED)) { + if(!ZBX_DISTRIBUTED) + { + if(!$node_data) + { + $node_data = array( + 'nodeid' => $ZBX_LOCALNODEID, + 'name' => 'local', + 'permission' => PERM_READ_WRITE + ); + + $do_break = true; + + if(is_array($nodeid) && !in_array($node_data['nodeid'],$nodeid)) continue; + else if(isset($nodeid) and $node_data['nodeid'] != $nodeid) continue; + } + else + { + $node_data['permission'] = PERM_DENY; + } + } /* deny if no rights defined (for local node read/write)*/ if(is_null($node_data['permission'])) @@ -359,13 +397,18 @@ COpt::counter_up('perm'); default: $resdata = '$host_data["hostid"]'; break; } - if(is_null($nodeid)) $where_nodeid = ''; - else if(is_array($nodeid)) $where_nodeid = ' and n.nodeid in ('.implode(',', $nodeid).') '; - else $where_nodeid = ' and n.nodeid in ('.$nodeid.') '; + $where = array(); + + if(is_array($nodeid)) array_push($where, DBid2nodeid('h.hostid').' in ('.implode(',', $nodeid).') '); + elseif(isset($nodeid)) array_push($where, DBid2nodeid('h.hostid').' in ('.$nodeid.') '); + + if(count($where)) $where = ' where '.implode(' and ',$where); + else $where = ''; $db_hosts = DBselect('select n.nodeid,n.name as node_name,hg.groupid,h.hostid,h.host '. - ' from nodes n, hosts h left join hosts_groups hg on hg.hostid=h.hostid '. - ' where n.nodeid='.DBid2nodeid('h.hostid').$where_nodeid.' order by n.name,h.host'); + ' from hosts h left join hosts_groups hg on hg.hostid=h.hostid '. + ' left join nodes n on n.nodeid='.DBid2nodeid('h.hostid'). + $where.' order by n.name,h.host'); $res_perm = array(); foreach($rights as $right) @@ -405,12 +448,17 @@ COpt::counter_up('perm'); } else { + if(is_null($host_data['nodeid'])) $host_data['nodeid'] = id2nodeid($host_data['groupid']); + if(!isset($node_data[$host_data['nodeid']])) { $node_data = get_accessible_nodes_by_rights($rights,$user_type, PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY, $host_data['nodeid']); } - $host_data['permission'] = $node_data[$host_data['nodeid']]['permission']; + if(isset($node_data[$host_data['nodeid']])) + $host_data['permission'] = $node_data[$host_data['nodeid']]['permission']; + else + $host_data['permission'] = PERM_DENY; } if(eval('return ('.$host_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;')) @@ -443,9 +491,13 @@ COpt::counter_up('perm'); default: $resdata = '$group_data["groupid"]'; break; } - if(is_null($nodeid)) $where_nodeid = ''; - else if(is_array($nodeid)) $where_nodeid = ' and n.nodeid in ('.implode(',', $nodeid).') '; - else $where_nodeid = ' and n.nodeid in ('.$nodeid.') '; + $where = array(); + + if(is_array($nodeid)) array_push($where, DBid2nodeid('g.groupid').' in ('.implode(',', $nodeid).') '); + elseif(isset($nodeid)) array_push($where, DBid2nodeid('g.groupid').' in ('.$nodeid.') '); + + if(count($where)) $where = ' where '.implode(' and ',$where); + else $where = ''; $group_perm = array(); foreach($rights as $right) @@ -454,9 +506,9 @@ COpt::counter_up('perm'); $group_perm[$right['id']] = $right['permission']; } - $db_groups = DBselect('select n.nodeid,n.name as node_name, g.groupid,g.name, '.PERM_DENY.' as permission from groups g, nodes n '. - ' where '.DBid2nodeid('g.groupid').'=n.nodeid '.$where_nodeid. - ' order by n.name, g.name'); + $db_groups = DBselect('select n.nodeid,n.name as node_name, g.groupid,g.name, '.PERM_DENY.' as permission from groups g '. + ' left join nodes n on '.DBid2nodeid('g.groupid').'=n.nodeid '. + $where.' order by n.name, g.name'); while($group_data = DBfetch($db_groups)) { @@ -466,12 +518,17 @@ COpt::counter_up('perm'); } else { + if(is_null($group_data['nodeid'])) $group_data['nodeid'] = id2nodeid($group_data['groupid']); + if(!isset($node_data[$group_data['nodeid']])) { $node_data = get_accessible_nodes_by_rights($rights,$user_type, PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY, $group_data['nodeid']); } - $group_data['permission'] = $node_data[$group_data['nodeid']]['permission']; + if(isset($node_data[$group_data['nodeid']])) + $group_data['permission'] = $node_data[$group_data['nodeid']]['permission']; + else + $group_data['permission'] = PERM_DENY; } if(eval('return ('.$group_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;')) @@ -521,8 +578,29 @@ COpt::counter_up('perm'); $db_nodes = DBselect('select n.nodeid,n.name, '.PERM_DENY.' as permission from nodes n '.$where_nodeid.' order by n.name'); - while($node_data = DBfetch($db_nodes)) + while(($node_data = DBfetch($db_nodes)) || (!isset($do_break) && !ZBX_DISTRIBUTED)) { + if(!ZBX_DISTRIBUTED) + { + if(!$node_data) + { + $node_data = array( + 'nodeid' => $ZBX_LOCALNODEID, + 'name' => 'local', + 'permission' => PERM_READ_WRITE + ); + + $do_break = true; + + if(is_array($nodeid) && !in_array($node_data['nodeid'],$nodeid)) continue; + else if(isset($nodeid) and $node_data['nodeid'] != $nodeid) continue; + } + else + { + $node_perm[$node_data['nodeid']] = PERM_DENY; + } + } + if(isset($node_perm[$node_data['nodeid']])) $node_data['permission'] = $node_perm[$node_data['nodeid']]; elseif($node_data['nodeid'] == $ZBX_LOCALNODEID || $user_type == USER_TYPE_SUPPER_ADMIN) diff --git a/frontends/php/include/users.inc.php b/frontends/php/include/users.inc.php index 5c57c1d5..278fab4d 100644 --- a/frontends/php/include/users.inc.php +++ b/frontends/php/include/users.inc.php @@ -43,8 +43,6 @@ error("Insufficient permissions"); return 0; } -SDI('pass: '.$passwd); -SDI('groups: '.$user_groups); if(DBfetch(DBexecute("select * from users where alias=".zbx_dbstr($alias)." and ".DBid2nodeid('userid')."=".$ZBX_CURNODEID))) { |