diff options
author | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-04-07 13:14:00 +0000 |
---|---|---|
committer | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-04-07 13:14:00 +0000 |
commit | d1f0507236793e1d4b28eb213b17432cef9bdd99 (patch) | |
tree | d6c07129b66ba6acb0cac47fab9a6bf5452e7b86 /frontends/php/tr_comments.php | |
parent | 81c4d84a47e5d82758d45a83cd0b4b9cb35c7ea8 (diff) | |
download | zabbix-d1f0507236793e1d4b28eb213b17432cef9bdd99.tar.gz zabbix-d1f0507236793e1d4b28eb213b17432cef9bdd99.tar.xz zabbix-d1f0507236793e1d4b28eb213b17432cef9bdd99.zip |
- [DEV-137] improvements in permissions checks (Artem)
- [DEV-137] fixed issue "viewing items, hosts without group in latest data" (Artem)
git-svn-id: svn://svn.zabbix.com/trunk@5595 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/tr_comments.php')
-rw-r--r-- | frontends/php/tr_comments.php | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/frontends/php/tr_comments.php b/frontends/php/tr_comments.php index f93ef1e8..bfb35422 100644 --- a/frontends/php/tr_comments.php +++ b/frontends/php/tr_comments.php @@ -50,26 +50,27 @@ include_once "include/page_header.php"; check_fields($fields); ?> <?php - $denyed_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_MODE_LT); - if(! ($db_data = DBfetch(DBselect('select * from items i, functions f '. - ' where i.itemid=f.itemid and f.triggerid='.$_REQUEST["triggerid"]. - " and i.hostid not in (".$denyed_hosts.")". - ' and '.DBin_node('f.triggerid') - )))) + $available_triggers = get_accessible_triggers(PERM_READ_ONLY, null, get_current_nodeid()); + + if(!$db_data = DBfetch(DBselect('SELECT * '. + ' FROM items i, functions f '. + ' WHERE i.itemid=f.itemid '. + ' AND f.triggerid='.$_REQUEST["triggerid"]. + ' AND f.triggerid IN ('.$available_triggers.') '. + ' AND '.DBin_node('f.triggerid') + ))) { access_deny(); } $trigger_hostid = $db_data['hostid']; - if(isset($_REQUEST["save"])) - { - $result = update_trigger_comments($_REQUEST["triggerid"],$_REQUEST["comments"]); + if(isset($_REQUEST["save"])){ + $result = update_trigger_comments($_REQUEST["triggerid"],$_REQUEST["comments"]); show_messages($result, S_COMMENT_UPDATED, S_CANNOT_UPDATE_COMMENT); - if($result) - { + if($result){ add_audit(AUDIT_ACTION_UPDATE,AUDIT_RESOURCE_TRIGGER, S_TRIGGER." [".$_REQUEST["triggerid"]."] [".expand_trigger_description($_REQUEST["triggerid"])."] ". S_COMMENTS." [".$_REQUEST["comments"]."]"); |