- [DEV-144] add possibility to force user groups to authenticate internally (Artem)

git-svn-id: svn://svn.zabbix.com/trunk@5810 97f52cf1-0a1b-0410-bd0e-c28be96e8082
author: artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> 2008-07-02 11:59:49 +0000
committer: artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> 2008-07-02 11:59:49 +0000
commit: 8dffbd722749472d9704f6d5d5547f83f738198c (patch)
tree: daa3d0f4378832810847317824eb6b42a7e1e047 /frontends/php/include
parent: 9158473c0884eabb4877274af46d3991cb6ed854 (diff)
download: zabbix-8dffbd722749472d9704f6d5d5547f83f738198c.tar.gz
zabbix-8dffbd722749472d9704f6d5d5547f83f738198c.tar.xz
zabbix-8dffbd722749472d9704f6d5d5547f83f738198c.zip
6 files changed, 93 insertions, 44 deletions
diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php
index 122fbb2b..7176620a 100644
--- a/frontends/php/include/defines.inc.php
+++ b/frontends/php/include/defines.inc.php
@@ -32,7 +32,7 @@
 	define('PAGE_TYPE_HTML_BLOCK',	4);	//simple block of html (as text)
 	
 	define('ZBX_LOGIN_ATTEMPTS', 5);
-	define('ZBX_LOGIN_BLOCK', 30);
+	define('ZBX_LOGIN_BLOCK', 30);	// sec
 	
 	define('ZBX_SESSION_ACTIVE', 0);
 	define('ZBX_SESSION_PASSIVE', 1);
@@ -347,8 +347,11 @@
 	define('GROUP_STATUS_DISABLED', 1);	
 	define('GROUP_STATUS_ENABLED', 0);
 	
-	define('GROUP_GUI_ACCESS_DISABLED', 1);	
-	define('GROUP_GUI_ACCESS_ENABLED', 0);	
+// IMPORTANT!!!    by priority	DESC
+	define('GROUP_GUI_ACCESS_SYSTEM', 	0);
+	define('GROUP_GUI_ACCESS_INTERNAL', 1);
+	define('GROUP_GUI_ACCESS_DISABLED', 2);	
+	
 
 	define('PERM_MAX',		3);
 	define('PERM_READ_WRITE',	3);
diff --git a/frontends/php/include/forms.inc.php b/frontends/php/include/forms.inc.php
index b69001e8..4e8a8294 100644
--- a/frontends/php/include/forms.inc.php
+++ b/frontends/php/include/forms.inc.php
@@ -961,7 +961,9 @@
 	# Insert form for User Groups
 	function insert_usergroups_form(){
 		global  $USER_DETAILS;
-
+		
+		$config = select_config();
+		
 		$frm_title = S_USER_GROUP;
 		if(isset($_REQUEST["usrgrpid"])){
 			$usrgrp		= get_group_by_usrgrpid($_REQUEST["usrgrpid"]);
@@ -1009,8 +1011,8 @@
 		}
 		else{
 			$name	=			get_request('gname','');
-			$users_status = 	get_request('users_status',0);
-			$gui_access = 		get_request('gui_access',0);
+			$users_status = 	get_request('users_status',GROUP_STATUS_ENABLED);
+			$gui_access = 		get_request('gui_access',GROUP_GUI_ACCESS_SYSTEM);
 			$group_users	= get_request("group_users",array());
 			$group_rights	= get_request("group_rights",array());
 		}
@@ -1037,8 +1039,7 @@
 		$lstUsers = new CListBox('group_users_to_del[]');
 		$lstUsers->options['style'] = 'width: 280px';
 
-		foreach($group_users as $userid => $alias)
-		{
+		foreach($group_users as $userid => $alias){
 			$lstUsers->AddItem($userid,	$alias);
 		}
 
@@ -1059,8 +1060,12 @@
 
 		if($granted){
 			$cmbGUI = new CComboBox('gui_access',$gui_access);		
-			$cmbGUI->AddItem(GROUP_GUI_ACCESS_ENABLED,S_ENABLED);
-			$cmbGUI->AddItem(GROUP_GUI_ACCESS_DISABLED,S_DISABLED);
+			$cmbGUI->AddItem(GROUP_GUI_ACCESS_SYSTEM,user_auth_type2str(GROUP_GUI_ACCESS_SYSTEM));
+			
+			if(ZBX_AUTH_HTTP != $config['authentication_type'])
+				$cmbGUI->AddItem(GROUP_GUI_ACCESS_INTERNAL,user_auth_type2str(GROUP_GUI_ACCESS_INTERNAL));
+				
+			$cmbGUI->AddItem(GROUP_GUI_ACCESS_DISABLED,user_auth_type2str(GROUP_GUI_ACCESS_DISABLED));
 			
 			$frmUserG->AddRow(S_GUI_ACCESS, $cmbGUI);
 			
@@ -1072,8 +1077,8 @@
 
 		}
 		else{
-			$frmUserG->AddVar('gui_access',GROUP_GUI_ACCESS_ENABLED);
-			$frmUserG->AddRow(S_GUI_ACCESS, new CSpan(S_ENABLED,'green'));
+			$frmUserG->AddVar('gui_access',$gui_access);
+			$frmUserG->AddRow(S_GUI_ACCESS, new CSpan(user_auth_type2str($gui_access),'green'));
 
 			$frmUserG->AddVar('users_status',GROUP_STATUS_ENABLED);
 			$frmUserG->AddRow(S_USERS_STATUS, new CSpan(S_ENABLED,'green'));
diff --git a/frontends/php/include/func.inc.php b/frontends/php/include/func.inc.php
index 180b6e37..2e67e260 100644
--- a/frontends/php/include/func.inc.php
+++ b/frontends/php/include/func.inc.php
@@ -225,6 +225,7 @@ function zbx_rksort(&$array, $flags=NULL){
 /************* ZBX MISC *************/
 function zbx_numeric($value){
 	if(is_array($value)) return false;
+	if(zbx_empty($value)) return false;
 	
 	$value = strval($value);
 return ctype_digit($value);
diff --git a/frontends/php/include/locales/en_gb.inc.php b/frontends/php/include/locales/en_gb.inc.php
index 8d7746df..3b13e2c8 100644
--- a/frontends/php/include/locales/en_gb.inc.php
+++ b/frontends/php/include/locales/en_gb.inc.php
@@ -170,10 +170,10 @@
 
 //	admin.php
 	'S_PREVIOUS'=>				'<< Previous',
-	'S_NEXT'=>				'Next >>',
-	'S_RETRY'=>				'Retry',
+	'S_NEXT'=>					'Next >>',
+	'S_RETRY'=>					'Retry',
 	'S_FINISH'=>				'Finish',
-	'S_FAIL'=>				'Fail',
+	'S_FAIL'=>					'Fail',
 	'S_UPDATE_BIG'=>			'UPDATE',
 	'S_INSTALLATION'=>			'Installation',
 	'S_NEW_INSTALLATION'=>			'New installation',
@@ -1428,6 +1428,9 @@
 	'S_CANNOT_UPDATE_PROXY'=>		'Cannot update proxy',
 	'S_PROXY_DELETED'=>			'Proxy deleted',
 	'S_CANNOT_DELETE_PROXY'=>		'Cannot delete proxy',
+	'S_GUI_ACCESS_UPDATED'=>		'GUI access updated',
+	'S_CANNOT_UPDATE_GUI_ACCESS'=>		'Cannot update GUI access',
+	'S_CANNOT_SET'=>					'Cannot set',
 	'S_USER_CANNOT_DISABLE_ITSELF'=>	'User cannot disable itself',
 	'S_USER_CANNOT_CHANGE_STATUS'=>		'User cannot change status to itself',
 	'S_USER_CANNOT_CHANGE_GUI_ACCESS'=>		'User cannot change GUI access to itself',
@@ -1472,6 +1475,7 @@
 	'S_ADD_TO'=>						'Add to',
 	'S_REMOVE_FROM'=>					'Remove from',
 	'S_STATUS_DISABLED'=>				'Status disabled',
+	'S_INTERNAL'=>						'Internal',
 
 //scripts.php
 	'S_SCRIPTS'=>				'Scripts',
diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php
index e8565471..e47d104c 100644
--- a/frontends/php/include/perm.inc.php
+++ b/frontends/php/include/perm.inc.php
@@ -173,7 +173,7 @@ function  check_perm2system($userid){
 		' WHERE ug.userid = '.zbx_dbstr($userid).
 			' AND g.usrgrpid = ug.usrgrpid '.
 			' AND g.users_status = '.GROUP_STATUS_DISABLED;
-	$res = DBFetch(DBSelect($sql));
+	$res = DBfetch(DBSelect($sql));
 
 return ($res['grp_count'] == 0)?true:false;
 }
@@ -189,15 +189,34 @@ return ($res['grp_count'] == 0)?true:false;
  * Author: Aly
  */
 
-function  check_perm2login($userid){
-	$sql = 'SELECT COUNT(g.usrgrpid) as grp_count '.
+function check_perm2login($userid){
+	$res = get_user_auth($userid);
+
+return (GROUP_GUI_ACCESS_DISABLED == $res)?false:true;
+}
+
+/* Function: get_user_auth()
+ *
+ * Description:
+ * 		Returns user authentication type
+ * 
+ * Comments:
+ *		default is SYSTEM auth
+ *	
+ * Author: Aly
+ */
+function get_user_auth($userid){
+	$result = GROUP_GUI_ACCESS_SYSTEM;
+	
+	$sql = 'SELECT MAX(g.gui_access) as gui_access '.
 		' FROM usrgrp g, users_groups ug '.
-		' WHERE ug.userid = '.zbx_dbstr($userid).
-			' AND g.usrgrpid = ug.usrgrpid '.
-			' AND g.gui_access = '.GROUP_GUI_ACCESS_DISABLED;
-	$res = DBFetch(DBSelect($sql));
+		' WHERE ug.userid='.zbx_dbstr($userid).
+			' AND g.usrgrpid=ug.usrgrpid ';
+	$acc = DBfetch(DBselect($sql));
 
-return ($res['grp_count'] == 0)?true:false;
+	if(!zbx_empty($acc['gui_access'])) $result=$acc['gui_access'];
+	
+return $result;
 }
 
 /***********************************************
diff --git a/frontends/php/include/users.inc.php b/frontends/php/include/users.inc.php
index 0db25825..402eafb6 100644
--- a/frontends/php/include/users.inc.php
+++ b/frontends/php/include/users.inc.php
@@ -19,8 +19,7 @@
 **/
 ?>
 <?php
-	function	user_type2str($user_type_int)
-	{
+	function user_type2str($user_type_int){
 		$str_user_type[USER_TYPE_ZABBIX_USER]	= S_ZABBIX_USER;
 		$str_user_type[USER_TYPE_ZABBIX_ADMIN]	= S_ZABBIX_ADMIN;
 		$str_user_type[USER_TYPE_SUPER_ADMIN]	= S_SUPER_ADMIN;
@@ -31,19 +30,33 @@
 		return S_UNKNOWN;
 	}
 
-	# Add User definition
+	function user_auth_type2str($auth_type){
+		if(is_null($auth_type)){
+			global $USER_DETAILS;
+			$auth_type = get_user_auth($USER_DETAILS['userid']);
+		}
+		
+		$auth_user_type[GROUP_GUI_ACCESS_SYSTEM]	= S_SYSTEM_DEFAULT;
+		$auth_user_type[GROUP_GUI_ACCESS_INTERNAL]	= S_INTERNAL;
+		$auth_user_type[GROUP_GUI_ACCESS_DISABLED]	= S_DISABLED;
 
-	function	add_user($name,$surname,$alias,$passwd,$url,$autologin,$autologout,$lang,$theme,$refresh,$user_type,$user_groups,$user_medias)
-	{
+		if(isset($auth_user_type[$auth_type]))
+			return $auth_user_type[$auth_type];
+
+	return S_UNKNOWN;
+	}
+	
+
+// Add User definition
+	function add_user($name,$surname,$alias,$passwd,$url,$autologin,$autologout,$lang,$theme,$refresh,$user_type,$user_groups,$user_medias){
 		global $USER_DETAILS;
 
-		if($USER_DETAILS['type'] != USER_TYPE_SUPER_ADMIN)
-		{
+		if($USER_DETAILS['type'] != USER_TYPE_SUPER_ADMIN){
 			error("Insufficient permissions");
 			return 0;
 		}
-		if(DBfetch(DBselect("select * from users where alias=".zbx_dbstr($alias)." and ".DBin_node('userid', get_current_nodeid(false)))))
-		{
+		
+		if(DBfetch(DBselect("select * from users where alias=".zbx_dbstr($alias)." and ".DBin_node('userid', get_current_nodeid(false))))){
 			error('User "'.$alias.'" already exists');
 			return 0;
 		}
@@ -54,11 +67,9 @@
 			' values ('.$userid.','.zbx_dbstr($name).','.zbx_dbstr($surname).','.zbx_dbstr($alias).','.
 			zbx_dbstr(md5($passwd)).','.zbx_dbstr($url).','.$autologin.','.$autologout.','.zbx_dbstr($lang).','.zbx_dbstr($theme).','.$refresh.','.$user_type.')');
 		
-		if($result)
-		{
+		if($result){
 			DBexecute('delete from users_groups where userid='.$userid);
-			foreach($user_groups as $groupid => $grou_pname)
-			{
+			foreach($user_groups as $groupid => $grou_pname){
 				$users_groups_id = get_dbid("users_groups","id");
 				$result = DBexecute('insert into users_groups (id,usrgrpid,userid)'.
 					'values('.$users_groups_id.','.$groupid.','.$userid.')');
@@ -386,18 +397,24 @@
 	}
 	
 	
-	function change_group_gui_access($usrgrpid,$gui_access){
+	function change_group_gui_access($usrgrpid,$gui_access){		
 		$res = false;
 
-		$grant = true;
-		if($gui_access == GROUP_GUI_ACCESS_DISABLED) $grant= granted2update_group($usrgrpid);
-		
-		if($grant){
-			$res = DBexecute('UPDATE usrgrp SET gui_access='.$gui_access.' WHERE usrgrpid='.$usrgrpid);
-		}
-		else{
+		if(($gui_access == GROUP_GUI_ACCESS_DISABLED) && !granted2update_group($usrgrpid)){
 			error(S_USER_CANNOT_CHANGE_GUI_ACCESS);
+			return false;
+		}
+				
+		if(GROUP_GUI_ACCESS_INTERNAL == $gui_access){
+			$config = select_config();
+		 	if(ZBX_AUTH_HTTP == $config['authentication_type']){
+				error(S_CANNOT_SET.' ['.S_INTERNAL.'] '.S_GROUP.' '.S_GUI_ACCESS);
+				return false;
+			}
 		}
+		
+		$res = DBexecute('UPDATE usrgrp SET gui_access='.$gui_access.' WHERE usrgrpid='.$usrgrpid);
+		
 	return $res;
 	}
author	artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082>	2008-07-02 11:59:49 +0000
committer	artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082>	2008-07-02 11:59:49 +0000
commit	8dffbd722749472d9704f6d5d5547f83f738198c (patch)
tree	daa3d0f4378832810847317824eb6b42a7e1e047 /frontends/php/include
parent	9158473c0884eabb4877274af46d3991cb6ed854 (diff)
download	zabbix-8dffbd722749472d9704f6d5d5547f83f738198c.tar.gz zabbix-8dffbd722749472d9704f6d5d5547f83f738198c.tar.xz zabbix-8dffbd722749472d9704f6d5d5547f83f738198c.zip