diff options
| author | osmiy <osmiy@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-04-18 14:43:45 +0000 |
|---|---|---|
| committer | osmiy <osmiy@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-04-18 14:43:45 +0000 |
| commit | 8f5b6dc7db062516691836e4ff9df984f6e2de67 (patch) | |
| tree | d59f3b3364239f54ea2a481de76fb1134d48a46d /frontends/php/include | |
| parent | d6f83186e9f8296a57f338227ca46d0591d36a4c (diff) | |
- new realization of permission checking (Eugene)
git-svn-id: svn://svn.zabbix.com/trunk@2741 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/include')
| -rw-r--r-- | frontends/php/include/config.inc.php | 120 | ||||
| -rw-r--r-- | frontends/php/include/perm.inc.php | 176 |
2 files changed, 182 insertions, 114 deletions
diff --git a/frontends/php/include/config.inc.php b/frontends/php/include/config.inc.php index 260184e0..6eab18ff 100644 --- a/frontends/php/include/config.inc.php +++ b/frontends/php/include/config.inc.php @@ -41,6 +41,7 @@ function SDI($msg="SDI") { echo "DEBUG INFO: $msg ".BR; } // DEBUG INFO!!! include_once "include/db.inc.php"; include_once "include/html.inc.php"; include_once "include/locales.inc.php"; + include_once "include/perm.inc.php"; include_once "include/audit.inc.php"; include_once "include/acknow.inc.php"; @@ -332,7 +333,7 @@ function SDI($msg="SDI") { echo "DEBUG INFO: $msg ".BR; } // DEBUG INFO!!! return $cnt; } - +/* function check_anyright($right,$permission) { global $USER_DETAILS; @@ -422,7 +423,8 @@ function SDI($msg="SDI") { echo "DEBUG INFO: $msg ".BR; } // DEBUG INFO!!! } return 0; } - +*/ +/* function check_right($right,$permission,$id) { // global $USER_DETAILS; @@ -449,49 +451,6 @@ function SDI($msg="SDI") { echo "DEBUG INFO: $msg ".BR; } // DEBUG INFO!!! } // echo $default_permission,"<br>"; -/* - - $sql="select permission from rights where name='Default permission' and userid=".$USER_DETAILS["userid"]; - $result=DBselect($sql); - - $default_permission="H"; - if(DBnum_rows($result)>0) - { - $default_permission=""; - while($row=DBfetch($result)) - { - $default_permission=$default_permission.$row["permission"]; - } - } -# default_permission - - $sql="select permission from rights where name=".zbx_dbstr($right)." and id=0 and userid=".$USER_DETAILS["userid"]; - $result=DBselect($sql); - - $group_permission=""; - if(DBnum_rows($result)>0) - { - while($row=DBfetch($result)) - { - $group_permission=$group_permission.$row["permission"]; - } - } -# group_permission - - $id_permission=""; - if($id!=0) - { - $sql="select permission from rights where name=".zbx_dbstr($right)." and id=$id and userid=".$USER_DETAILS["userid"]; - $result=DBselect($sql); - if(DBnum_rows($result)>0) - { - while($row=DBfetch($result)) - { - $id_permission=$id_permission.$row["permission"]; - } - } - } -*/ # id_permission // echo "$id_permission|$group_permission|$default_permission<br>"; @@ -591,74 +550,6 @@ function SDI($msg="SDI") { echo "DEBUG INFO: $msg ".BR; } // DEBUG INFO!!! } return 0; } - - -/* function check_right($right,$permission,$id) - { - global $USER_DETAILS; - - if($id!=0) - { - $sql="select * from rights where name='$right' and permission in ('H') and id=$id and userid=".$USER_DETAILS["userid"]; - $result=DBselect($sql); - if(DBnum_rows($result)>0) - { - return 0; - } - } - - $sql="select permission from rights where name='Default permission' and userid=".$USER_DETAILS["userid"]; - $result=DBselect($sql); - - $default_permission="H"; - if(DBnum_rows($result)>0) - { - $default_permission=""; - while($row=DBfetch($result)) - { - $default_permission=$default_permission.$row["permission"]; - } - } - - if($permission=='R') - { - $cond="'R','U'"; - } - else - { - $cond="'".$permission."'"; - } - - $sql="select * from rights where name='$right' and permission in ($cond) and (id=$id or id=0) and userid=".$USER_DETAILS["userid"]; -// echo $sql; - - $result=DBselect($sql); - - if(DBnum_rows($result)>0) - { - return 1; - } - else - { - if(strstr($default_permission,"A")&&($permission=="A")) - { - return 1; - } - if(strstr($default_permission,"R")&&($permission=="R")) - { - return 1; - } - if(strstr($default_permission,"U")&&($permission=="R")) - { - return 1; - } - if(strstr($default_permission,"U")&&($permission=="U")) - { - return 1; - } - return 0; - } - } */ @@ -1000,7 +891,7 @@ function SDI($msg="SDI") { echo "DEBUG INFO: $msg ".BR; } // DEBUG INFO!!! { echo "\n"; } - +/* function check_authorisation() { global $page; @@ -1077,6 +968,7 @@ function SDI($msg="SDI") { echo "DEBUG INFO: $msg ".BR; } // DEBUG INFO!!! show_page_footer(); exit; } +*/ # Header for HTML pages diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php new file mode 100644 index 00000000..7b2ffe73 --- /dev/null +++ b/frontends/php/include/perm.inc.php @@ -0,0 +1,176 @@ +<?php +/* +** ZABBIX +** Copyright (C) 2000-2005 SIA Zabbix +** +** This program is free software; you can redistribute it and/or modify +** it under the terms of the GNU General Public License as published by +** the Free Software Foundation; either version 2 of the License, or +** (at your option) any later version. +** +** This program is distributed in the hope that it will be useful, +** but WITHOUT ANY WARRANTY; without even the implied warranty of +** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +** GNU General Public License for more details. +** +** You should have received a copy of the GNU General Public License +** along with this program; if not, write to the Free Software +** Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +**/ +?> +<?php + + +define("ANY_ELEMENT_RIGHT", -1); +define("GROUP_RIGHT", 0); + + function check_authorisation() + { + global $page; + global $PHP_AUTH_USER,$PHP_AUTH_PW; + global $USER_DETAILS; + global $USER_RIGHTS; + global $_COOKIE; + global $_REQUEST; + + if(isset($_COOKIE["sessionid"])) $sessionid = $_COOKIE["sessionid"]; + else unset($sessionid); + + if(isset($sessionid)) + { + $sql = "select u.* from sessions s,users u". + " where s.sessionid=".zbx_dbstr($sessionid)." and s.userid=u.userid". + " and ((s.lastaccess+u.autologout>".time().") or (u.autologout=0))"; + } else { + $sql = "select u.* from users u where u.alias='guest'"; + } + + $db_users = DBselect($sql); + if(DBnum_rows($db_users) == 1) + { + if(isset($sessionid)) + { + setcookie("sessionid",$sessionid); + DBexecute("update sessions set lastaccess=".time()." where sessionid=".zbx_dbstr($sessionid)); + } + + $USER_DETAILS = DBfetch($db_users); + $USER_RIGHTS = array(); + + $db_rights = DBselect("select * from rights where userid=".$USER_DETAILS["userid"]); + while($db_right = DBfetch($db_rights)) + { + $usr_right = array( + "name"=> $db_right["name"], + "id"=> $db_right["id"], + "permission"=> $db_right["permission"] + ); + + array_push($USER_RIGHTS,$usr_right); + } + + return; + } + +// Incorrect login + + if(isset($sessionid)) + { + setcookie("sessionid",$sessionid,time()-3600); + unset($_COOKIE["sessionid"]); + } + + //TODO make a javascript function for redirection!!! + if($page["file"]!="index.php") + { + echo "<meta http-equiv=\"refresh\" content=\"0; url=index.php\">"; + } + show_header("Login",0,1,1); + show_error_message("Login name or password is incorrect"); + insert_login_form(); + show_page_footer(); + + //Redirect("index.php"); //TODO make a javascript function for redirection!!! + //END TODO + exit; + } + + function permission2int($permission) + { + $int_rights = array( + "A" => 3, + "U" => 2, + "R" => 1, + "H" => 0 + ); + + if(isset($int_rights[$permission])) + return ($int_rights[$permission]); + + return ($int_rights["R"]); + } + + function permission_min($permission1, $permission2) // NOTE: only for integer permissions !!! see: permission2int + { + if(is_null($permission1) && is_null($permission2)) return NULL; + if(is_null($permission1)) return $permission2; + if(is_null($permission2)) return $permission1; + return min($permission1,$permission2); + } + function permission_max($permission1, $permission2) // NOTE: only for integer permissions !!! see: permission2int + { + if(is_null($permission1) && is_null($permission2)) return NULL; + if(is_null($permission1)) return $permission2; + if(is_null($permission2)) return $permission1; + return max($permission1,$permission2); + } + + function check_right($right,$permission,$id = GROUP_RIGHT) + { + global $USER_RIGHTS; + + $default_permission = permission2int("H"); + $group_permission = NULL; + $id_permission = NULL; + $any_permission = NULL; + + $permission = permission2int($permission); + + if(count($USER_RIGHTS) > 0) + { + foreach($USER_RIGHTS as $usr_right) + { + $int_permision = permission2int($usr_right["permission"]); + if($usr_right["name"] == $right) { + + if($usr_right["id"] == $id) + $id_permission = permission_max($id_permission, $int_permision); + if($usr_right["id"] == GROUP_RIGHT) + $group_permission = permission_max($group_permission, $int_permision); + else + $any_permission = permission_max($any_permission, $int_permision); + } + if($usr_right["name"] == 'Default permission') + { + $default_permission = permission_max($default_permission, $int_permision); + } + } + } + + $access = permission_min($default_permission,$group_permission); + if($id == ANY_ELEMENT_RIGHT) + $access = permission_min($access,$any_permission); + else + $access = permission_min($access,$id_permission); + +//SDI($right.": ".$access." >= ".$permission); + return (($access >= $permission) ? 1 : 0); + } + + function check_anyright($right,$permission) + { + return check_right($right,$permission, ANY_ELEMENT_RIGHT); + } + + +?> |