diff options
| author | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-06-11 13:06:35 +0000 |
|---|---|---|
| committer | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-06-11 13:06:35 +0000 |
| commit | 412fd1bca83c5bb8229a9bfa3b9a77a5573db3ba (patch) | |
| tree | dd9031b558ca80e00c862c95424d1dfe0297a92b /frontends/php | |
| parent | 2d69d2f3070bc71ef09d064da117f69c14b8206d (diff) | |
| download | zabbix-412fd1bca83c5bb8229a9bfa3b9a77a5573db3ba.tar.gz zabbix-412fd1bca83c5bb8229a9bfa3b9a77a5573db3ba.tar.xz zabbix-412fd1bca83c5bb8229a9bfa3b9a77a5573db3ba.zip | |
- [DEV-178] improved the permissions scheme (not finished in DM) (Artem)
git-svn-id: svn://svn.zabbix.com/trunk@5758 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php')
| -rw-r--r-- | frontends/php/actionconf.php | 10 | ||||
| -rw-r--r-- | frontends/php/config.php | 12 | ||||
| -rw-r--r-- | frontends/php/hosts.php | 8 | ||||
| -rw-r--r-- | frontends/php/include/db.inc.php | 5 | ||||
| -rw-r--r-- | frontends/php/include/discovery.inc.php | 2 | ||||
| -rw-r--r-- | frontends/php/include/forms.inc.php | 77 | ||||
| -rw-r--r-- | frontends/php/include/import.inc.php | 2 | ||||
| -rw-r--r-- | frontends/php/include/page_header.php | 11 | ||||
| -rw-r--r-- | frontends/php/include/perm.inc.php | 995 | ||||
| -rw-r--r-- | frontends/php/include/scripts.inc.php | 2 | ||||
| -rw-r--r-- | frontends/php/nodes.php | 2 | ||||
| -rw-r--r-- | frontends/php/popup.php | 2 | ||||
| -rw-r--r-- | frontends/php/sysmaps.php | 2 | ||||
| -rw-r--r-- | frontends/php/tr_status.php | 4 |
14 files changed, 517 insertions, 617 deletions
diff --git a/frontends/php/actionconf.php b/frontends/php/actionconf.php index dfe3db53..c0f1a7fc 100644 --- a/frontends/php/actionconf.php +++ b/frontends/php/actionconf.php @@ -138,7 +138,7 @@ include_once 'include/page_header.php'; unset($_REQUEST['new_opcondition']); } else if(isset($_REQUEST['save'])){ - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); $_REQUEST['recovery_msg'] = get_request('recovery_msg',0); @@ -187,7 +187,7 @@ include_once 'include/page_header.php'; } } else if(inarr_isset(array('delete','actionid'))){ - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); $action_data = DBfetch(DBselect('select name from actions where actionid='.$_REQUEST['actionid'])); @@ -289,7 +289,7 @@ include_once 'include/page_header.php'; } /* GROUP ACTIONS */ else if(isset($_REQUEST['group_enable'])&&isset($_REQUEST['g_actionid'])){ - if(!count($nodes = get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,null,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count($nodes = get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); $query = 'select distinct actionid from actions'. @@ -315,7 +315,7 @@ include_once 'include/page_header.php'; } else if(isset($_REQUEST['group_disable'])&&isset($_REQUEST['g_actionid'])){ - if(!count($nodes = get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,null,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count($nodes = get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); $query = 'select distinct actionid from actions'. @@ -339,7 +339,7 @@ include_once 'include/page_header.php'; } } else if(isset($_REQUEST['group_delete'])&&isset($_REQUEST['g_actionid'])){ - if(!count($nodes = get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,null,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count($nodes = get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); $result=DBselect('select distinct actionid from actions'. diff --git a/frontends/php/config.php b/frontends/php/config.php index e144dc09..7892aba9 100644 --- a/frontends/php/config.php +++ b/frontends/php/config.php @@ -96,8 +96,7 @@ include_once "include/page_header.php"; } else { /* ADD */ - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT, - PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) { access_deny(); } @@ -128,7 +127,7 @@ include_once "include/page_header.php"; } } else if(isset($_REQUEST["save"]) && ($_REQUEST["config"]==8)){ - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); /* OTHER ACTIONS */ @@ -154,7 +153,7 @@ include_once "include/page_header.php"; } } else if(isset($_REQUEST["save"]) && ($_REQUEST["config"]==9)){ - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); /* OTHER ACTIONS */ @@ -172,7 +171,7 @@ include_once "include/page_header.php"; } else if(isset($_REQUEST["save"])&&uint_in_array($_REQUEST["config"],array(0,5,7))){ - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); /* OTHER ACTIONS */ @@ -243,8 +242,7 @@ include_once "include/page_header.php"; $valuemapid = $_REQUEST["valuemapid"]; } else{ - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT, - PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) { access_deny(); } diff --git a/frontends/php/hosts.php b/frontends/php/hosts.php index db63fe86..c1906b3c 100644 --- a/frontends/php/hosts.php +++ b/frontends/php/hosts.php @@ -232,7 +232,7 @@ include_once 'include/page_header.php'; } } else{ - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); } @@ -324,7 +324,7 @@ include_once 'include/page_header.php'; } } else{ - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); } @@ -520,7 +520,7 @@ include_once 'include/page_header.php'; $groupid = $_REQUEST["groupid"]; } else { - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); DBstart(); @@ -720,7 +720,7 @@ include_once 'include/page_header.php'; $hostid = $_REQUEST["hostid"]; } else { - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); $hostid = add_proxy($_REQUEST["host"], $hosts); diff --git a/frontends/php/include/db.inc.php b/frontends/php/include/db.inc.php index 3b71a16b..69621042 100644 --- a/frontends/php/include/db.inc.php +++ b/frontends/php/include/db.inc.php @@ -610,8 +610,7 @@ else { return $result; } - function id2nodeid($id_var) - { + function id2nodeid($id_var){ return (int)bcdiv("$id_var",'100000000000000'); } @@ -656,7 +655,7 @@ else { return uint_in_array(id2nodeid($id_var), $nodes); } - function get_dbid($table,$field){ + function get_dbid($table,$field){ $nodeid = get_current_nodeid(false); $found = false; diff --git a/frontends/php/include/discovery.inc.php b/frontends/php/include/discovery.inc.php index 577d983c..f0e7b5cf 100644 --- a/frontends/php/include/discovery.inc.php +++ b/frontends/php/include/discovery.inc.php @@ -25,7 +25,7 @@ global $USER_DETAILS; if( $USER_DETAILS['type'] >= USER_TYPE_ZABBIX_ADMIN ){ - if (0 < count(get_accessible_nodes_by_user($USER_DETAILS, $permission, null, PERM_RES_IDS_ARRAY, get_current_nodeid()))) + if(count(get_accessible_nodes_by_user($USER_DETAILS, $permission, PERM_RES_IDS_ARRAY, get_current_nodeid()))) return true; } return false; diff --git a/frontends/php/include/forms.inc.php b/frontends/php/include/forms.inc.php index 11d3ab12..46b1ea7c 100644 --- a/frontends/php/include/forms.inc.php +++ b/frontends/php/include/forms.inc.php @@ -106,8 +106,7 @@ (count($steps) > 0) ? new CButton('del_sel_step',S_DELETE_SELECTED) : null )); - if(isset($new_step)) - { + if(isset($new_step)){ if( !isset($new_step['screenid']) ) $new_step['screenid'] = 0; if( !isset($new_step['delay']) ) $new_step['delay'] = 0; @@ -686,7 +685,7 @@ /* if(bccomp($userid,$USER_DETAILS['userid'])==0) $profile = 1;*/ $user=get_user_by_userid($userid); - $frm_title = S_USER." \"".$user["alias"]."\""; + $frm_title = S_USER.' "'.$user["alias"].'"'; } if(isset($userid) && (!isset($_REQUEST["form_refresh"]) || isset($_REQUEST["register"]))){ @@ -893,8 +892,7 @@ $frmUser->AddRow(S_URL_AFTER_LOGIN, new CTextBox("url",$url,50)); $frmUser->AddRow(S_SCREEN_REFRESH, new CNumericBox("refresh",$refresh,4)); - if($profile==0) - { + if(0 == $profile){ $frmUser->AddVar('perm_details', $perm_details); $link = new CLink($perm_details ? S_HIDE : S_SHOW ,'#','action'); @@ -905,32 +903,24 @@ ); $frmUser->AddSpanRow($resources_list,'right_header'); - if($perm_details) - { + if($perm_details){ $group_ids = array_keys($user_groups); if(count($group_ids) == 0) $group_ids = array(-1); - $db_rights = DBselect('SELECT * FROM rights r WHERE r.groupid in ('.implode(',',$group_ids).')'); + $db_rights = DBselect('SELECT * FROM rights r WHERE r.groupid IN ('.implode(',',$group_ids).')'); $tmp_perm = array(); - while($db_right = DBfetch($db_rights)) - { - if(isset($tmp_perm[$db_right['type']][$db_right['id']])) - { - $tmp_perm[$db_right['type']][$db_right['id']] = - min($tmp_perm[$db_right['type']][$db_right['id']], - $db_right['permission']); + while($db_right = DBfetch($db_rights)){ + if(isset($tmp_perm[$db_right['type']][$db_right['id']])){ + $tmp_perm[$db_right['type']][$db_right['id']] = min($tmp_perm[$db_right['type']][$db_right['id']],$db_right['permission']); } - else - { + else{ $tmp_perm[$db_right['type']][$db_right['id']] = $db_right['permission']; } } $user_rights = array(); - foreach($tmp_perm as $type => $res) - { - foreach($res as $id => $perm) - { + foreach($tmp_perm as $type => $res){ + foreach($res as $id => $perm){ array_push($user_rights, array( 'type' => $type, 'id' => $id, @@ -938,7 +928,8 @@ )); } } - +//SDI($user_rights); +//SDI($user_type); $frmUser->AddSpanRow(get_rights_of_elements_table($user_rights, $user_type)); } } @@ -1146,26 +1137,22 @@ $frmUserG->Show(); } - function get_rights_of_elements_table($rights=array(),$user_type=USER_TYPE_ZABBIX_USER) - { + function get_rights_of_elements_table($rights=array(),$user_type=USER_TYPE_ZABBIX_USER){ global $ZBX_LOCALNODEID; $table = new CTable('S_NO_ACCESSIBLE_RESOURCES', 'right_table'); $table->SetHeader(array(SPACE, S_READ_WRITE, S_READ_ONLY, S_DENY),'header'); - if(ZBX_DISTRIBUTED) - { + if(ZBX_DISTRIBUTED){ $lst['node']['label'] = S_NODES; $lst['node']['read_write'] = new CListBox('nodes_write' ,null ,6); $lst['node']['read_only'] = new CListBox('nodes_read' ,null ,6); $lst['node']['deny'] = new CListBox('nodes_deny' ,null ,6); - $nodes = get_accessible_nodes_by_rights($rights, $user_type, PERM_DENY, null, PERM_RES_DATA_ARRAY); + $nodes = get_accessible_nodes_by_rights($rights, $user_type, PERM_DENY, PERM_RES_DATA_ARRAY); - foreach($nodes as $node) - { - switch($node['permission']) - { + foreach($nodes as $node){ + switch($node['permission']){ case PERM_READ_ONLY: $list_name='read_only'; break; case PERM_READ_WRITE: $list_name='read_write'; break; default: $list_name='deny'; break; @@ -1180,15 +1167,23 @@ $lst['group']['read_only'] = new CListBox('groups_read' ,null ,10); $lst['group']['deny'] = new CListBox('groups_deny' ,null ,10); - $groups = get_accessible_groups_by_rights($rights, $user_type, PERM_DENY, null, PERM_RES_DATA_ARRAY, get_current_nodeid(false)); - - foreach($groups as $group) - { - switch($group['permission']) - { - case PERM_READ_ONLY: $list_name='read_only'; break; - case PERM_READ_WRITE: $list_name='read_write'; break; - default: $list_name='deny'; break; + $groups = get_accessible_groups_by_rights($rights, $user_type, PERM_DENY, PERM_RES_DATA_ARRAY, get_current_nodeid(false)); +/* +SDI($groups); + $rights['userid'] = 3; + $available_groups= get_accessible_groups_by_user($rights, PERM_DENY, PERM_RES_DATA_ARRAY); +SDI($available_groups); +//*/ + foreach($groups as $group){ + switch($group['permission']){ + case PERM_READ_ONLY: + $list_name='read_only'; + break; + case PERM_READ_WRITE: + $list_name='read_write'; + break; + default: + $list_name='deny'; } $lst['group'][$list_name]->AddItem($group['groupid'],$group['node_name'].':'.$group['name']); } @@ -1199,7 +1194,7 @@ $lst['host']['read_only'] = new CListBox('hosts_read' ,null ,15); $lst['host']['deny'] = new CListBox('hosts_deny' ,null ,15); - $hosts = get_accessible_hosts_by_rights($rights, $user_type, PERM_DENY, null, PERM_RES_DATA_ARRAY, get_current_nodeid(false)); + $hosts = get_accessible_hosts_by_rights($rights, $user_type, PERM_DENY, PERM_RES_DATA_ARRAY, get_current_nodeid(false)); foreach($hosts as $host){ switch($host['permission']){ diff --git a/frontends/php/include/import.inc.php b/frontends/php/include/import.inc.php index 3b543e04..e066b33d 100644 --- a/frontends/php/include/import.inc.php +++ b/frontends/php/include/import.inc.php @@ -38,7 +38,7 @@ $this->available_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_WRITE, PERM_RES_IDS_ARRAY, get_current_nodeid()); - $this->available_nodes = get_accessible_nodes_by_user($USER_DETAILS, PERM_READ_WRITE, null, PERM_RES_IDS_ARRAY, get_current_nodeid()); + $this->available_nodes = get_accessible_nodes_by_user($USER_DETAILS, PERM_READ_WRITE, PERM_RES_IDS_ARRAY, get_current_nodeid()); } function CharacterData($parser, $data) { diff --git a/frontends/php/include/page_header.php b/frontends/php/include/page_header.php index 11cf0141..4640657f 100644 --- a/frontends/php/include/page_header.php +++ b/frontends/php/include/page_header.php @@ -254,11 +254,10 @@ COpt::profiling_start("page"); $deny = true; } - if(isset($sub['node_perm'])){ - if(0==count(get_accessible_nodes_by_user( + if(isset($sub['node_perm'])){ + if(0 == count(get_accessible_nodes_by_user( $USER_DETAILS, $sub['node_perm'], - null, PERM_RES_IDS_ARRAY, get_current_nodeid(false)))) { @@ -291,8 +290,10 @@ COpt::profiling_start("page"); if(isset($sub_pages['node_perm'])){ if ( 0 == count(get_accessible_nodes_by_user( - $USER_DETAILS,$sub_pages['node_perm'],null, - PERM_RES_IDS_ARRAY,get_current_nodeid(false)))) + $USER_DETAILS, + $sub_pages['node_perm'], + PERM_RES_IDS_ARRAY, + get_current_nodeid(false)))) { unset($sub['pages'][$id]); continue; diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php index 7e70630b..04b5c6f4 100644 --- a/frontends/php/include/perm.inc.php +++ b/frontends/php/include/perm.inc.php @@ -19,110 +19,110 @@ **/ ?> <?php - function permission2str($group_permission) - { - $str_perm[PERM_READ_WRITE] = S_READ_WRITE; - $str_perm[PERM_READ_ONLY] = S_READ_ONLY; - $str_perm[PERM_DENY] = S_DENY; +function permission2str($group_permission) +{ + $str_perm[PERM_READ_WRITE] = S_READ_WRITE; + $str_perm[PERM_READ_ONLY] = S_READ_ONLY; + $str_perm[PERM_DENY] = S_DENY; - if(isset($str_perm[$group_permission])) - return $str_perm[$group_permission]; + if(isset($str_perm[$group_permission])) + return $str_perm[$group_permission]; - return S_UNKNOWN; - } + return S_UNKNOWN; +} /***************************************** CHECK USER AUTHORISATION *****************************************/ - function check_authorisation(){ - global $page; - global $PHP_AUTH_USER,$PHP_AUTH_PW; - global $USER_DETAILS; - global $ZBX_LOCALNODEID; +function check_authorisation(){ + global $page; + global $PHP_AUTH_USER,$PHP_AUTH_PW; + global $USER_DETAILS; + global $ZBX_LOCALNODEID; - $USER_DETAILS = NULL; - $login = FALSE; - - $sessionid = get_cookie("zbx_sessionid"); - - if(!is_null($sessionid)){ - $login = $USER_DETAILS = DBfetch(DBselect('SELECT u.*,s.* '. - ' FROM sessions s,users u'. - ' WHERE s.sessionid='.zbx_dbstr($sessionid). - ' AND s.userid=u.userid'. - ' AND ((s.lastaccess+u.autologout>'.time().') OR (u.autologout=0))'. - ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))); - - if(!$USER_DETAILS){ - $incorect_session = true; - } - else if($login['attempt_failed']){ - error('There was ['.$login['attempt_failed'].'] failed attempts to Login from ['.$login['attempt_ip'].'] at ['.date('d.m.Y H:i',$login['attempt_clock']).'] o\'clock!'); - DBexecute('UPDATE users SET attempt_failed=0 WHERE userid='.zbx_dbstr($login['userid'])); - } + $USER_DETAILS = NULL; + $login = FALSE; + + $sessionid = get_cookie("zbx_sessionid"); + + if(!is_null($sessionid)){ + $login = $USER_DETAILS = DBfetch(DBselect('SELECT u.*,s.* '. + ' FROM sessions s,users u'. + ' WHERE s.sessionid='.zbx_dbstr($sessionid). + ' AND s.userid=u.userid'. + ' AND ((s.lastaccess+u.autologout>'.time().') OR (u.autologout=0))'. + ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))); + + if(!$USER_DETAILS){ + $incorect_session = true; } - + else if($login['attempt_failed']){ + error('There was ['.$login['attempt_failed'].'] failed attempts to Login from ['.$login['attempt_ip'].'] at ['.date('d.m.Y H:i',$login['attempt_clock']).'] o\'clock!'); + DBexecute('UPDATE users SET attempt_failed=0 WHERE userid='.zbx_dbstr($login['userid'])); + } + } + + if(!$USER_DETAILS){ + $login = $USER_DETAILS = DBfetch(DBselect('SELECT u.* '. + ' FROM users u '. + ' WHERE u.alias='.zbx_dbstr(ZBX_GUEST_USER). + ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))); if(!$USER_DETAILS){ - $login = $USER_DETAILS = DBfetch(DBselect('SELECT u.* '. - ' FROM users u '. - ' WHERE u.alias='.zbx_dbstr(ZBX_GUEST_USER). - ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))); - if(!$USER_DETAILS){ - $missed_user_guest = true; - } + $missed_user_guest = true; } + } + + if($login){ + $login = (check_perm2login($USER_DETAILS['userid']) && check_perm2system($USER_DETAILS['userid'])); + } + + if($login){ + zbx_setcookie("zbx_sessionid",$sessionid,$USER_DETAILS['autologin']?(time()+86400*31):0); //1 month + DBexecute("update sessions set lastaccess=".time()." where sessionid=".zbx_dbstr($sessionid)); + } + else{ + $USER_DETAILS = NULL; - if($login){ - $login = (check_perm2login($USER_DETAILS['userid']) && check_perm2system($USER_DETAILS['userid'])); - } + zbx_unsetcookie('zbx_sessionid'); + DBexecute("delete from sessions where sessionid=".zbx_dbstr($sessionid)); + unset($sessionid); + } - if($login){ - zbx_setcookie("zbx_sessionid",$sessionid,$USER_DETAILS['autologin']?(time()+86400*31):0); //1 month - DBexecute("update sessions set lastaccess=".time()." where sessionid=".zbx_dbstr($sessionid)); - } - else{ - $USER_DETAILS = NULL; - - zbx_unsetcookie('zbx_sessionid'); - DBexecute("delete from sessions where sessionid=".zbx_dbstr($sessionid)); - unset($sessionid); + if($USER_DETAILS){ + $USER_DETAILS['node'] = DBfetch(DBselect('select * from nodes where nodeid='.id2nodeid($USER_DETAILS['userid']))); + if(empty($USER_DETAILS['node'])) + { + $USER_DETAILS['node']['name'] = '- unknown -'; + $USER_DETAILS['node']['nodeid'] = $ZBX_LOCALNODEID; } - - if($USER_DETAILS){ - $USER_DETAILS['node'] = DBfetch(DBselect('select * from nodes where nodeid='.id2nodeid($USER_DETAILS['userid']))); - if(empty($USER_DETAILS['node'])) - { - $USER_DETAILS['node']['name'] = '- unknown -'; - $USER_DETAILS['node']['nodeid'] = $ZBX_LOCALNODEID; + } + else{ + $USER_DETAILS = array( + "alias" =>ZBX_GUEST_USER, + "userid"=>0, + "lang" =>"en_gb", + "type" =>"0", + "node" =>array( + "name" =>'- unknown -', + "nodeid"=>0)); + } + + if(!$login || isset($incorrect_session) || isset($missed_user_guest)){ + if(isset($incorrect_session)) $message = "Session was ended, please relogin!"; + else if(isset($missed_user_guest)){ + $row = DBfetch(DBselect('SELECT count(u.userid) as user_cnt FROM users u')); + if(!$row || $row['user_cnt'] == 0){ + $message = "Table users is empty. Possible database corruption."; } } - else{ - $USER_DETAILS = array( - "alias" =>ZBX_GUEST_USER, - "userid"=>0, - "lang" =>"en_gb", - "type" =>"0", - "node" =>array( - "name" =>'- unknown -', - "nodeid"=>0)); - } - if(!$login || isset($incorrect_session) || isset($missed_user_guest)){ - if(isset($incorrect_session)) $message = "Session was ended, please relogin!"; - else if(isset($missed_user_guest)){ - $row = DBfetch(DBselect('SELECT count(u.userid) as user_cnt FROM users u')); - if(!$row || $row['user_cnt'] == 0){ - $message = "Table users is empty. Possible database corruption."; - } - } - - if(!isset($_REQUEST['message']) && isset($message)) $_REQUEST['message'] = $message; - - include('index.php'); - exit; - } + if(!isset($_REQUEST['message']) && isset($message)) $_REQUEST['message'] = $message; + + include('index.php'); + exit; } +} /***************************************** LDAP AUTHENTICATION @@ -159,16 +159,16 @@ return $result; * * Author: Aly */ - function check_perm2system($userid){ - $sql = 'SELECT COUNT(g.usrgrpid) as grp_count '. - ' FROM usrgrp g, users_groups ug '. - ' WHERE ug.userid = '.zbx_dbstr($userid). - ' AND g.usrgrpid = ug.usrgrpid '. - ' AND g.users_status = '.GROUP_STATUS_DISABLED; - $res = DBFetch(DBSelect($sql)); - - return ($res['grp_count'] == 0)?true:false; - } +function check_perm2system($userid){ + $sql = 'SELECT COUNT(g.usrgrpid) as grp_count '. + ' FROM usrgrp g, users_groups ug '. + ' WHERE ug.userid = '.zbx_dbstr($userid). + ' AND g.usrgrpid = ug.usrgrpid '. + ' AND g.users_status = '.GROUP_STATUS_DISABLED; + $res = DBFetch(DBSelect($sql)); + +return ($res['grp_count'] == 0)?true:false; +} /* Function: check_perm2login() * @@ -181,305 +181,271 @@ return $result; * Author: Aly */ - function check_perm2login($userid){ - $sql = 'SELECT COUNT(g.usrgrpid) as grp_count '. - ' FROM usrgrp g, users_groups ug '. - ' WHERE ug.userid = '.zbx_dbstr($userid). - ' AND g.usrgrpid = ug.usrgrpid '. - ' AND g.gui_access = '.GROUP_GUI_ACCESS_DISABLED; - $res = DBFetch(DBSelect($sql)); +function check_perm2login($userid){ + $sql = 'SELECT COUNT(g.usrgrpid) as grp_count '. + ' FROM usrgrp g, users_groups ug '. + ' WHERE ug.userid = '.zbx_dbstr($userid). + ' AND g.usrgrpid = ug.usrgrpid '. + ' AND g.gui_access = '.GROUP_GUI_ACCESS_DISABLED; + $res = DBFetch(DBSelect($sql)); - return ($res['grp_count'] == 0)?true:false; - } +return ($res['grp_count'] == 0)?true:false; +} /*********************************************** GET ACCESSIBLE RESOURCES BY USERID ************************************************/ - function perm_mode2comparator($perm_mode) - { - switch($perm_mode) - { - case PERM_MODE_NE: $perm_mode = '!='; break; - case PERM_MODE_EQ: $perm_mode = '=='; break; - case PERM_MODE_GT: $perm_mode = '>'; break; - case PERM_MODE_LT: $perm_mode = '<'; break; - case PERM_MODE_LE: $perm_mode = '<='; break; - case PERM_MODE_GE: - default: $perm_mode = '>='; break; - } - return $perm_mode; +function perm_mode2comparator($perm_mode){ + switch($perm_mode){ + case PERM_MODE_NE: $perm_mode = '!='; break; + case PERM_MODE_EQ: $perm_mode = '=='; break; + case PERM_MODE_GT: $perm_mode = '>'; break; + case PERM_MODE_LT: $perm_mode = '<'; break; + case PERM_MODE_LE: $perm_mode = '<='; break; + case PERM_MODE_GE: + default: $perm_mode = '>='; break; } +return $perm_mode; +} - function get_accessible_hosts_by_user(&$user_data,$perm,$perm_res=null,$nodeid=null,$cache=1){ - global $DB; - static $available_hosts; +function get_accessible_hosts_by_user(&$user_data,$perm,$perm_res=null,$nodeid=null,$cache=1){ +// global $DB; + static $available_hosts; - if(is_null($perm_res)) $perm_res = PERM_RES_STRING_LINE; - if($perm == PERM_READ_LIST) $perm = PERM_READ_ONLY; - - $result = array(); + if(is_null($perm_res)) $perm_res = PERM_RES_STRING_LINE; + if($perm == PERM_READ_LIST) $perm = PERM_READ_ONLY; + + $result = array(); - $userid =& $user_data['userid']; - $user_type =& $user_data['type']; + $userid =& $user_data['userid']; + $user_type =& $user_data['type']; - if(!isset($userid)) fatal_error('Incorrect user data in "get_accessible_hosts_by_user"'); - if(is_null($nodeid)) $nodeid = get_current_nodeid(); + if(!isset($userid)) fatal_error('Incorrect user data in "get_accessible_hosts_by_user"'); + if(is_null($nodeid)) $nodeid = get_current_nodeid(); - $nodeid_str =(is_array($nodeid))?md5(implode('',$nodeid)):strval($nodeid); - - if($cache && isset($available_hosts[$userid][$perm][$perm_res][$nodeid_str])){ - return $available_hosts[$userid][$perm][$perm_res][$nodeid_str]; - } + $nodeid_str =(is_array($nodeid))?md5(implode('',$nodeid)):strval($nodeid); - switch($perm_res){ - case PERM_RES_DATA_ARRAY: - $resdata = '$host_data'; - break; - default: - $resdata = '$host_data["hostid"]'; - break; - } + if($cache && isset($available_hosts[$userid][$perm][$perm_res][$nodeid_str])){ + return $available_hosts[$userid][$perm][$perm_res][$nodeid_str]; + } COpt::counter_up('perm_host['.$userid.','.$perm.','.$perm_res.','.$nodeid.']'); COpt::counter_up('perm'); - $where = array(); + $where = array(); - if(!is_null($nodeid)) - array_push($where, DBin_node('h.hostid', $nodeid)); - - if(count($where)) - $where = ' WHERE '.implode(' AND ',$where); - else - $where = ''; - + if(!is_null($nodeid)) + array_push($where, DBin_node('h.hostid', $nodeid)); + + if(count($where)) + $where = ' WHERE '.implode(' AND ',$where); + else + $where = ''; + // $sortorder = (isset($DB['TYPE']) && (($DB['TYPE'] == 'MYSQL') || ($DB['TYPE'] == 'SQLITE3')))?' DESC ':''; - - $sql = 'SELECT DISTINCT n.nodeid, n.name as node_name, h.hostid, h.host, min(r.permission) as permission, ug.userid '. - ' FROM hosts h '. - ' LEFT JOIN hosts_groups hg ON hg.hostid=h.hostid '. - ' LEFT JOIN groups g ON g.groupid=hg.groupid '. - ' LEFT JOIN rights r ON r.id=g.groupid and r.type='.RESOURCE_TYPE_GROUP. - ' LEFT JOIN users_groups ug ON ug.usrgrpid=r.groupid and ug.userid='.$userid. - ' LEFT JOIN nodes n ON '.DBid2nodeid('h.hostid').'=n.nodeid '. - $where. - ' GROUP BY h.hostid,n.nodeid,n.name,h.host,ug.userid '. - ' ORDER BY n.name,n.nodeid, h.host, permission, ug.userid '; - - $db_hosts = DBselect($sql); - - $processed = array(); - while($host_data = DBfetch($db_hosts)){ - if(zbx_empty($host_data['nodeid'])) $host_data['nodeid'] = id2nodeid($host_data['hostid']); - - /* if no rights defined used node rights */ - - if( zbx_empty($host_data['permission']) || zbx_empty($host_data['userid'])){ - if(isset($processed[$host_data['hostid']]) ) continue; - - if(!isset($nodes)){ - $nodes = get_accessible_nodes_by_user($user_data, PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY); + + $sql = 'SELECT DISTINCT n.nodeid, n.name as node_name, h.hostid, h.host, min(r.permission) as permission, ug.userid '. + ' FROM hosts h '. + ' LEFT JOIN hosts_groups hg ON hg.hostid=h.hostid '. + ' LEFT JOIN groups g ON g.groupid=hg.groupid '. + ' LEFT JOIN rights r ON r.id=g.groupid and r.type='.RESOURCE_TYPE_GROUP. + ' LEFT JOIN users_groups ug ON ug.usrgrpid=r.groupid and ug.userid='.$userid. + ' LEFT JOIN nodes n ON '.DBid2nodeid('h.hostid').'=n.nodeid '. + $where. + ' GROUP BY h.hostid,n.nodeid,n.name,h.host,ug.userid '. + ' ORDER BY n.name,n.nodeid, h.host, permission, ug.userid '; +//SDI($sql); + $db_hosts = DBselect($sql); + + $processed = array(); + while($host_data = DBfetch($db_hosts)){ + if(zbx_empty($host_data['nodeid'])) $host_data['nodeid'] = id2nodeid($host_data['hostid']); + +/* if no rights defined */ + if(USER_TYPE_SUPER_ADMIN == $user_type){ + $host_data['permission'] = PERM_MAX; + } + else{ + if(zbx_empty($host_data['permission']) || zbx_empty($host_data['userid'])) continue; + + if(isset($processed[$host_data['hostid']])){ + if(PERM_DENY == $host_data['permission']){ + unset($result[$host_data['hostid']]); + } + else if($processed[$host_data['hostid']] > $host_data['permission']){ + unset($processed[$host_data['hostid']]); + } + else{ + continue; } - - if(!isset($nodes[$host_data['nodeid']]) || $user_type==USER_TYPE_ZABBIX_USER ) - $host_data['permission'] = PERM_DENY; - else - $host_data['permission'] = $nodes[$host_data['nodeid']]['permission']; } - - $processed[$host_data['hostid']] = true; - - if($host_data['permission'] < $perm) continue; - - $result[$host_data['hostid']] = eval('return '.$resdata.';'); } - unset($processed, $host_data, $db_hosts); + $processed[$host_data['hostid']] = $host_data['permission']; + if($host_data['permission']<$perm) continue; - if(PERM_RES_STRING_LINE == $perm_res){ - if(count($result) == 0) - $result = '-1'; - else - $result = implode(',',$result); + switch($perm_res){ + case PERM_RES_DATA_ARRAY: + $result[$host_data['hostid']] = $host_data; + break; + default: + $result[$host_data['hostid']] = $host_data["hostid"]; } + } - $available_hosts[$userid][$perm][$perm_res][$nodeid_str] = $result; - return $result; + unset($processed, $host_data, $db_hosts); + + if(PERM_RES_STRING_LINE == $perm_res){ + if(count($result) == 0) + $result = '-1'; + else + $result = implode(',',$result); } - function get_accessible_groups_by_user($user_data,$perm,$perm_res=null,$nodeid=null){ - global $ZBX_LOCALNODEID; + $available_hosts[$userid][$perm][$perm_res][$nodeid_str] = $result; +return $result; +} - if(is_null($nodeid)) $nodeid = get_current_nodeid(); - if(is_null($perm_res)) $perm_res = PERM_RES_STRING_LINE; +function get_accessible_groups_by_user($user_data,$perm,$perm_res=null,$nodeid=null){ + global $ZBX_LOCALNODEID; - $result = array(); - - $userid =& $user_data['userid']; - if(!isset($userid)) fatal_error('Incorrect user data in "get_accessible_groups_by_user"'); - $user_type =& $user_data['type']; + if(is_null($nodeid)) $nodeid = get_current_nodeid(); + if(is_null($perm_res)) $perm_res = PERM_RES_STRING_LINE; - switch($perm_res){ - case PERM_RES_DATA_ARRAY: - $resdata = '$group_data'; - break; - default: - $resdata = '$group_data["groupid"]'; - break; - } + $result = array(); + + $userid =& $user_data['userid']; + if(!isset($userid)) fatal_error('Incorrect user data in "get_accessible_groups_by_user"'); + $user_type =& $user_data['type']; COpt::counter_up('perm_group['.$userid.','.$perm.','.$perm_res.','.$nodeid.']'); COpt::counter_up('perm'); - $where = array(); + $where = array(); - if(!is_null($nodeid)) - array_push($where, DBin_node('hg.groupid', $nodeid)); - - $where = count($where)?' where '.implode(' and ',$where):''; - - /* if no rights defined used node rights */ - $db_groups = DBselect('SELECT n.nodeid as nodeid,n.name as node_name,hg.groupid,hg.name,min(r.permission) as permission,g.userid'. - ' FROM groups hg '. - ' LEFT JOIN rights r ON r.id=hg.groupid AND r.type='.RESOURCE_TYPE_GROUP. - ' LEFT JOIN users_groups g ON r.groupid=g.usrgrpid AND g.userid='.$userid. - ' LEFT JOIN nodes n ON '.DBid2nodeid('hg.groupid').'=n.nodeid '. - $where. - ' GROUP BY n.nodeid, n.name, hg.groupid, hg.name, g.userid, g.userid '. - ' ORDER BY n.name, hg.name, permission '); - - $processed = array(); - while($group_data = DBfetch($db_groups)){ - if(zbx_empty($group_data['nodeid'])) $group_data['nodeid'] = id2nodeid($group_data['groupid']); - - /* deny if no rights defined */ - if( zbx_empty($group_data['permission']) || zbx_empty($group_data['userid']) ){ - if(isset($processed[$group_data['groupid']])) continue; - - if(!isset($nodes)){ - $nodes = get_accessible_nodes_by_user($user_data, - PERM_DENY,PERM_MODE_GE,PERM_RES_DATA_ARRAY); - } - - if( !isset($nodes[$group_data['nodeid']]) || $user_type==USER_TYPE_ZABBIX_USER ) - $group_data['permission'] = PERM_DENY; - else - $group_data['permission'] = $nodes[$group_data['nodeid']]['permission']; - } - - $processed[$group_data['groupid']] = true; - if($group_data['permission'] < $perm) continue; -// if(eval('return ('.$group_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;')) continue; + if(!is_null($nodeid)) + array_push($where, DBin_node('hg.groupid', $nodeid)); - $result[$group_data['groupid']] = eval('return '.$resdata.';'); - } + $where = count($where)?' WHERE '.implode(' AND ',$where):''; - unset($processed, $group_data, $db_groups); + $sql = 'SELECT n.nodeid as nodeid,n.name as node_name,hg.groupid,hg.name,min(r.permission) as permission,g.userid'. + ' FROM groups hg '. + ' LEFT JOIN rights r ON r.id=hg.groupid AND r.type='.RESOURCE_TYPE_GROUP. + ' LEFT JOIN users_groups g ON r.groupid=g.usrgrpid AND g.userid='.$userid. + ' LEFT JOIN nodes n ON '.DBid2nodeid('hg.groupid').'=n.nodeid '. + $where. + ' GROUP BY n.nodeid, n.name, hg.groupid, hg.name, g.userid, g.userid '. + ' ORDER BY n.name, hg.name, permission '; - if($perm_res == PERM_RES_STRING_LINE) { - if(count($result) == 0) - $result = '-1'; - else - $result = implode(',',$result); - } + $db_groups = DBselect($sql); - return $result; - } + $processed = array(); + while($group_data = DBfetch($db_groups)){ + if(zbx_empty($group_data['nodeid'])) $group_data['nodeid'] = id2nodeid($group_data['groupid']); - function get_accessible_nodes_by_user(&$user_data,$perm,$perm_mode=null,$perm_res=null,$nodeid=null) - { - global $ZBX_LOCALNODEID; - if(is_null($perm_mode)) $perm_mode=PERM_MODE_GE; - if(is_null($perm_res)) $perm_res=PERM_RES_STRING_LINE; +/* deny if no rights defined */ + if(USER_TYPE_SUPER_ADMIN == $user_type){ + $group_data['permission'] = PERM_MAX; + } + else{ + if(zbx_empty($group_data['permission']) || zbx_empty($group_data['userid'])) continue; + + if(isset($processed[$group_data['groupid']])){ + if(PERM_DENY == $group_data['permission']){ + unset($result[$group_data['groupid']]); + } + else if($processed[$group_data['groupid']] > $group_data['permission']){ + unset($processed[$group_data['groupid']]); + } + else{ + continue; + } + } + } - $userid =& $user_data['userid']; - $user_type =& $user_data['type']; - if(!isset($userid)) fatal_error('Incorrect user data in "get_accessible_nodes_by_user"'); + $processed[$group_data['groupid']] = $group_data['permission']; + if($group_data['permission'] < $perm) continue; - $result= array(); + switch($perm_res){ + case PERM_RES_DATA_ARRAY: + $result[$group_data['groupid']] = $group_data; + break; + default: + $result[$group_data['groupid']] = $group_data["groupid"]; + break; + } + } -COpt::counter_up('perm_nodes['.$userid.','.$perm.','.$perm_mode.','.$perm_res.','.$nodeid.']'); -COpt::counter_up('perm'); + unset($processed, $group_data, $db_groups); - if(is_null($nodeid)) - $where_nodeid = ''; - else if(is_array($nodeid)) - $where_nodeid = ' where n.nodeid in ('.implode(',', $nodeid).') '; + if($perm_res == PERM_RES_STRING_LINE) { + if(count($result) == 0) + $result = '-1'; else - $where_nodeid = ' where n.nodeid in ('.$nodeid.') '; - - - $db_nodes = DBselect('SELECT n.nodeid,min(r.permission) as permission, g.userid'. - ' FROM nodes n '. - ' left join rights r on r.id=n.nodeid and r.type='.RESOURCE_TYPE_NODE. - ' left join users_groups g on r.groupid=g.usrgrpid and g.userid='.$userid. - $where_nodeid. - ' GROUP BY n.nodeid, g.userid '. - ' ORDER BY nodeid desc, userid desc, permission desc'); + $result = implode(',',$result); + } - while(($node_data = DBfetch($db_nodes)) || (!isset($do_break) && !ZBX_DISTRIBUTED)){ + return $result; +} - if($node_data && ($perm_res == PERM_RES_DATA_ARRAY)){ - $node_data += DBfetch(DBselect('select * from nodes where nodeid='.$node_data['nodeid'])); - } +function get_accessible_nodes_by_user(&$user_data,$perm,$perm_res=null,$nodeid=null){ + global $ZBX_LOCALNODEID; - if($node_data && isset($processed_nodeids[$node_data["nodeid"]])) continue; + if(is_null($perm_res)) $perm_res=PERM_RES_STRING_LINE; - if(!ZBX_DISTRIBUTED){ - if(!$node_data){ - $node_data = array( - 'nodeid' => $ZBX_LOCALNODEID, - 'name' => 'local', - 'permission' => PERM_READ_WRITE, - 'userid' => null - ); + $userid =& $user_data['userid']; + $user_type =& $user_data['type']; + if(!isset($userid)) fatal_error('Incorrect user data in "get_accessible_nodes_by_user"'); - $do_break = true; + $node_data = array(); + $result = array(); + +//COpt::counter_up('perm_nodes['.$userid.','.$perm.','.$perm_mode.','.$perm_res.','.$nodeid.']'); +//COpt::counter_up('perm'); - if(isset($nodeid) && is_array($nodeid)){ - if(!uint_in_array($node_data['nodeid'],$nodeid)) continue; + $available_hosts = get_accessible_hosts_by_user($user_data,$perm,PERM_RES_IDS_ARRAY,$nodeid); + foreach($available_hosts as $id => $hostid){ + $node_data[id2nodeid($hostid)] = id2nodeid($hostid); + } + + switch($perm_res){ + case PERM_RES_DATA_ARRAY: + foreach($node_data as $nodeid => $node){ + $node = DBfetch(DBselect('SELECT * FROM nodes WHERE nodeid='.$nodeid)); + + if(!ZBX_DISTRIBUTED){ + if(!$node){ + $node = array( + 'nodeid' => $ZBX_LOCALNODEID, + 'name' => 'local', + 'permission' => PERM_READ_WRITE, + 'userid' => null + ); + } + else{ + continue; } - else if(isset($nodeid) && (bccomp($node_data['nodeid'] ,$nodeid) != 0)) continue; - } - else{ - $node_data['permission'] = PERM_DENY; } + + $result[$nodeid] = $node; } + break; + default: + $result = $node_data; + break; + } - $processed_nodeids[$node_data["nodeid"]] = $node_data["nodeid"]; - - /* deny if no rights defined (for local node read/write)*/ - if(zbx_empty($node_data['permission']) || zbx_empty($node_data['userid'])){ - if($user_type == USER_TYPE_SUPER_ADMIN) - $node_data['permission'] = PERM_READ_WRITE; - else - $node_data['permission'] = - (bccomp($node_data['nodeid'] ,$ZBX_LOCALNODEID)==0) ? PERM_READ_WRITE : PERM_DENY; - } - - /* special processing for PERM_READ_LIST*/ - if(PERM_DENY == $node_data['permission'] && PERM_READ_LIST == $perm){ - $groups = get_accessible_groups_by_user($user_data,$perm,PERM_RES_DATA_ARRAY,$node_data['nodeid']); - if(count($groups) == 0) continue; - } - else{ - if(eval('return ('.$node_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;')) - continue; - } - $result[$node_data["nodeid"]]= ($perm_res == PERM_RES_DATA_ARRAY)?$node_data:$node_data["nodeid"]; - } - - if($perm_res == PERM_RES_STRING_LINE) { - if(count($result) == 0) - $result = '-1'; - else - $result = implode(',',$result); - } - - return $result; + if($perm_res == PERM_RES_STRING_LINE) { + if(count($result) == 0) + $result = '-1'; + else + $result = implode(',',$result); } +return $result; +} + /*********************************************** GET ACCESSIBLE RESOURCES BY RIGHTS ************************************************/ @@ -491,253 +457,194 @@ COpt::counter_up('perm'); */ - function get_accessible_hosts_by_rights(&$rights,$user_type,$perm,$perm_mode=null,$perm_res=null,$nodeid=null) - { - if(is_null($perm_res)) $perm_res = PERM_RES_STRING_LINE; - if($perm == PERM_READ_LIST) $perm = PERM_READ_ONLY; - - $result = array(); - - switch($perm_res) - { - case PERM_RES_DATA_ARRAY: $resdata = '$host_data'; break; - default: $resdata = '$host_data["hostid"]'; break; - } +function get_accessible_hosts_by_rights(&$rights,$user_type,$perm,$perm_res=null,$nodeid=null){ + if(is_null($perm_res)) $perm_res = PERM_RES_STRING_LINE; + if($perm == PERM_READ_LIST) $perm = PERM_READ_ONLY; - $where = array(); - - if ( !is_null($nodeid) ) array_push($where, DBin_node('h.hostid', $nodeid)); + $result = array(); + $res_perm = array(); - if(count($where)) $where = ' where '.implode(' and ',$where); - else $where = ''; - - $db_hosts = DBselect('select n.nodeid as nodeid,n.name as node_name,hg.groupid as groupid,h.* '. - ' from hosts h left join hosts_groups hg on hg.hostid=h.hostid '. - ' left join nodes n on n.nodeid='.DBid2nodeid('h.hostid'). - $where.' order by n.name,h.host'); - - $res_perm = array(); - foreach($rights as $right) - { - $res_perm[$right['type']][$right['id']] = $right['permission']; - } + foreach($rights as $right){ + $res_perm[$right['type']][$right['id']] = $right['permission']; + } - $host_perm = array(); + $host_perm = array(); - while($host_data = DBfetch($db_hosts)) - { - if(isset($host_data['groupid']) && isset($res_perm[RESOURCE_TYPE_GROUP][$host_data['groupid']])) - { - $host_perm[$host_data['hostid']][RESOURCE_TYPE_GROUP][$host_data['groupid']] = - $res_perm[RESOURCE_TYPE_GROUP][$host_data['groupid']]; - } + $where = array(); + if(!is_null($nodeid)) array_push($where, DBin_node('h.hostid', $nodeid)); + $where = count($where)?$where = ' WHERE '.implode(' AND ',$where):''; - if(isset($res_perm[RESOURCE_TYPE_NODE][$host_data['nodeid']])) - { - $host_perm[$host_data['hostid']][RESOURCE_TYPE_NODE] = $res_perm[RESOURCE_TYPE_NODE][$host_data['nodeid']]; - } - $host_perm[$host_data['hostid']]['data'] = $host_data; + $sql = 'SELECT n.nodeid as nodeid,n.name as node_name,hg.groupid as groupid,h.hostid, h.host '. + ' FROM hosts h '. + ' LEFT JOIN hosts_groups hg ON hg.hostid=h.hostid '. + ' LEFT JOIN nodes n ON n.nodeid='.DBid2nodeid('h.hostid'). + $where. + ' ORDER BY n.name,h.host'; + $db_hosts = DBselect($sql); + while($host_data = DBfetch($db_hosts)){ + if(isset($host_data['groupid']) && isset($res_perm[RESOURCE_TYPE_GROUP][$host_data['groupid']])){ + $host_perm[$host_data['hostid']][RESOURCE_TYPE_GROUP][$host_data['groupid']] = $res_perm[RESOURCE_TYPE_GROUP][$host_data['groupid']]; } - foreach($host_perm as $hostid => $host_data) - { - $host_data = $host_data['data']; + if(isset($res_perm[RESOURCE_TYPE_NODE][$host_data['nodeid']])){ + $host_perm[$host_data['hostid']][RESOURCE_TYPE_NODE] = $res_perm[RESOURCE_TYPE_NODE][$host_data['nodeid']]; + } + + $host_perm[$host_data['hostid']]['data'] = $host_data; + } - if(isset($host_perm[$hostid][RESOURCE_TYPE_GROUP])) - { + foreach($host_perm as $hostid => $host_data){ + $host_data = $host_data['data']; + +// Select Min rights from groups + if(USER_TYPE_SUPER_ADMIN == $user_type){ + $host_data['permission'] = PERM_MAX; + } + else{ + if(isset($host_perm[$hostid][RESOURCE_TYPE_GROUP])){ $host_data['permission'] = min($host_perm[$hostid][RESOURCE_TYPE_GROUP]); } - else if(isset($host_perm[$hostid][RESOURCE_TYPE_NODE])) - { - $host_data['permission'] = $host_perm[$hostid][RESOURCE_TYPE_NODE]; - } - else - { + else{ if(is_null($host_data['nodeid'])) $host_data['nodeid'] = id2nodeid($host_data['groupid']); - - if(!isset($node_data[$host_data['nodeid']])) - { - $node_data = get_accessible_nodes_by_rights($rights,$user_type, - PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY, $host_data['nodeid']); - } - if( !isset($node_data[$host_data['nodeid']]) || $user_type==USER_TYPE_ZABBIX_USER ) - $host_data['permission'] = PERM_DENY; - else - $host_data['permission'] = $node_data[$host_data['nodeid']]['permission']; + + $host_data['permission'] = PERM_DENY; } - - if(eval('return ('.$host_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;')) - continue; - - $result[$host_data['hostid']] = eval('return '.$resdata.';'); - } - - if($perm_res == PERM_RES_STRING_LINE) - { - if(count($result) == 0) - $result = '-1'; - else - $result = implode(',',$result); + + if($host_data['permission']<$perm) continue; + switch($perm_res){ + case PERM_RES_DATA_ARRAY: + $result[$host_data['hostid']] = $host_data; + break; + default: + $result[$host_data['hostid']] = $host_data['hostid']; } + } - return $result; + if($perm_res == PERM_RES_STRING_LINE) { + if(count($result) == 0) + $result = '-1'; + else + $result = implode(',',$result); } - function get_accessible_groups_by_rights(&$rights,$user_type,$perm,$perm_mode=null,$perm_res=null,$nodeid=null) - { - if(is_null($perm_mode)) $perm_mode=PERM_MODE_GE; - if(is_null($perm_res)) $perm_res=PERM_RES_STRING_LINE; - $result= array(); +return $result; +} - switch($perm_res) - { - case PERM_RES_DATA_ARRAY: $resdata = '$group_data'; break; - default: $resdata = '$group_data["groupid"]'; break; - } +function get_accessible_groups_by_rights(&$rights,$user_type,$perm,$perm_res=null,$nodeid=null){ + if(is_null($perm_res)) $perm_res=PERM_RES_STRING_LINE; + $result= array(); - $where = array(); + $where = array(); - if ( !is_null($nodeid) ) array_push($where, DBin_node('g.groupid', $nodeid)); - - if(count($where)) $where = ' where '.implode(' and ',$where); - else $where = ''; + if(!is_null($nodeid)) + array_push($where, DBin_node('g.groupid', $nodeid)); - $group_perm = array(); - foreach($rights as $right) - { - if($right['type'] != RESOURCE_TYPE_GROUP) continue; - $group_perm[$right['id']] = $right['permission']; - } + if(count($where)) $where = ' WHERE '.implode(' AND ',$where); + else $where = ''; + + $group_perm = array(); + foreach($rights as $right){ + if($right['type'] != RESOURCE_TYPE_GROUP) continue; + $group_perm[$right['id']] = $right['permission']; + } - $db_groups = DBselect('select n.nodeid as nodeid,n.name as node_name, g.*, '.PERM_DENY.' as permission from groups g '. - ' left join nodes n on '.DBid2nodeid('g.groupid').'=n.nodeid '. - $where.' order by n.name, g.name'); + $sql = 'SELECT n.nodeid as nodeid,n.name as node_name, g.*, '.PERM_DENY.' as permission '. + ' FROM groups g '. + ' LEFT JOIN nodes n ON '.DBid2nodeid('g.groupid').'=n.nodeid '. + $where. + ' ORDER BY n.name, g.name'; - while($group_data = DBfetch($db_groups)) - { - if(isset($group_perm[$group_data['groupid']])) - { + $db_groups = DBselect($sql); + + while($group_data = DBfetch($db_groups)){ + + if(USER_TYPE_SUPER_ADMIN == $user_type){ + $group_data['permission'] = PERM_MAX; + } + else{ + if(isset($group_perm[$group_data['groupid']])){ $group_data['permission'] = $group_perm[$group_data['groupid']]; } - else - { + else{ if(is_null($group_data['nodeid'])) $group_data['nodeid'] = id2nodeid($group_data['groupid']); - - if(!isset($node_data[$group_data['nodeid']])) - { - $node_data = get_accessible_nodes_by_rights($rights,$user_type, - PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY, $group_data['nodeid']); - } - if( !isset($node_data[$group_data['nodeid']]) || $user_type==USER_TYPE_ZABBIX_USER ) - $group_data['permission'] = PERM_DENY; - else - $group_data['permission'] = $node_data[$group_data['nodeid']]['permission']; + $group_data['permission'] = PERM_DENY; } - - if(eval('return ('.$group_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;')) - continue; - - $result[$group_data["groupid"]] = eval('return '.$resdata.';'); } + + if($group_data['permission']<$perm) continue; - if($perm_res == PERM_RES_STRING_LINE) - { - if(count($result) == 0) - $result = '-1'; - else - $result = implode(',',$result); + switch($perm_res){ + case PERM_RES_DATA_ARRAY: + $result[$group_data['groupid']] = $group_data; + break; + default: + $result[$group_data['groupid']] = $group_data['groupid']; } - - return $result; } - function get_accessible_nodes_by_rights(&$rights,$user_type,$perm,$perm_mode=null,$perm_res=null,$nodeid=null) - { - global $ZBX_LOCALNODEID; - - if(is_null($perm_mode)) $perm_mode=PERM_MODE_GE; - if(is_null($perm_res)) $perm_res=PERM_RES_STRING_LINE; - - $result= array(); - - if(is_null($user_type)) $user_type = USER_TYPE_ZABBIX_USER; + if($perm_res == PERM_RES_STRING_LINE) { + if(count($result) == 0) + $result = '-1'; + else + $result = implode(',',$result); + } - switch($perm_res) - { - case PERM_RES_DATA_ARRAY: $resdata = '$node_data'; break; - default: $resdata = '$node_data["nodeid"]'; break; - } +return $result; +} - if(is_null($nodeid)) $where_nodeid = ''; - else if(is_array($nodeid)) $where_nodeid = ' where n.nodeid in ('.implode(',', $nodeid).') '; - else $where_nodeid = ' where n.nodeid in ('.$nodeid.') '; +function get_accessible_nodes_by_rights(&$rights,$user_type,$perm,$perm_res=null,$nodeid=null){ + global $ZBX_LOCALNODEID; - $node_perm = array(); - foreach($rights as $right) - { - if($right['type'] != RESOURCE_TYPE_NODE) continue; - $node_perm[$right['id']] = $right['permission']; - } + if(is_null($perm_res)) $perm_res=PERM_RES_STRING_LINE; + if(is_null($user_type)) $user_type = USER_TYPE_ZABBIX_USER; - $db_nodes = DBselect('select n.*, '.PERM_DENY.' as permission from nodes n '.$where_nodeid.' order by n.name'); + $node_data = array(); + $result = array(); + +//COpt::counter_up('perm_nodes['.$userid.','.$perm.','.$perm_mode.','.$perm_res.','.$nodeid.']'); +//COpt::counter_up('perm'); - while(($node_data = DBfetch($db_nodes)) || (!isset($do_break) && !ZBX_DISTRIBUTED)) - { - if(!ZBX_DISTRIBUTED) - { - if(!$node_data) - { - $node_data = array( - 'nodeid' => $ZBX_LOCALNODEID, - 'name' => 'local', - 'permission' => PERM_READ_WRITE - ); - - $do_break = true; - - if(is_array($nodeid) && !uint_in_array($node_data['nodeid'],$nodeid)) continue; - else if(isset($nodeid) and (bccomp($node_data['nodeid'] ,$nodeid) != 0)) continue; - } - else - { - $node_perm[$node_data['nodeid']] = PERM_DENY; + $available_hosts = get_accessible_hosts_by_rights($rights,$user_type,$perm,PERM_RES_IDS_ARRAY,$nodeid); + foreach($available_hosts as $id => $hostid){ + $node_data[id2nodeid($hostid)] = id2nodeid($hostid); + } + + switch($perm_res){ + case PERM_RES_DATA_ARRAY: + foreach($node_data as $nodeid => $node){ + $node = DBfetch(DBselect('SELECT * FROM nodes WHERE nodeid='.$nodeid)); + + if(!ZBX_DISTRIBUTED){ + if(!$node){ + $node = array( + 'nodeid' => $ZBX_LOCALNODEID, + 'name' => 'local', + 'permission' => PERM_READ_WRITE, + 'userid' => null + ); + } + else{ + continue; + } } + + $result[$nodeid] = $node; } + break; + default: + $result = $node_data; + break; + } - if(isset($node_perm[$node_data['nodeid']])) - $node_data['permission'] = $node_perm[$node_data['nodeid']]; - elseif((bccomp($node_data['nodeid'], $ZBX_LOCALNODEID)==0) || $user_type == USER_TYPE_SUPER_ADMIN) - /* for local node or superuser default permission is READ_WRITE */ - $node_data['permission'] = PERM_READ_WRITE; - - - /* special processing for PERM_READ_LIST*/ - if(PERM_DENY == $node_data['permission'] && PERM_READ_LIST == $perm) - { - $groups = get_accessible_groups_by_rights($rights,$user_type, - $perm, PERM_MODE_GE, PERM_RES_DATA_ARRAY, $node_data['nodeid']); - if(count($groups) == 0) continue; - } - else - { - if(eval('return ('.$node_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;')) - continue; - } - - $result[$node_data["nodeid"]] = eval('return '.$resdata.';'); - } - - if($perm_res == PERM_RES_STRING_LINE) - { - if(count($result) == 0) - $result = '-1'; - else - $result = implode(',',$result); - } - - return $result; + if($perm_res == PERM_RES_STRING_LINE) { + if(count($result) == 0) + $result = '-1'; + else + $result = implode(',',$result); } -?> +return $result; +} +?>
\ No newline at end of file diff --git a/frontends/php/include/scripts.inc.php b/frontends/php/include/scripts.inc.php index 8e7b3e73..f7c1082c 100644 --- a/frontends/php/include/scripts.inc.php +++ b/frontends/php/include/scripts.inc.php @@ -175,7 +175,7 @@ function get_accessible_scripts_by_hosts($hosts){ } /* */ - +//SDI($scripts_by_host); return $scripts_by_host; } ?>
\ No newline at end of file diff --git a/frontends/php/nodes.php b/frontends/php/nodes.php index abf71c60..32412cb8 100644 --- a/frontends/php/nodes.php +++ b/frontends/php/nodes.php @@ -57,7 +57,7 @@ include_once "include/page_header.php"; check_fields($fields); validate_sort_and_sortorder(); - $accessible_nodes = get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_LIST,null,PERM_RES_IDS_ARRAY, get_current_nodeid(true)); + $accessible_nodes = get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_LIST,PERM_RES_IDS_ARRAY, get_current_nodeid(true)); if ( 0 == count($accessible_nodes) ) { diff --git a/frontends/php/popup.php b/frontends/php/popup.php index 154f34b7..b32d5b6a 100644 --- a/frontends/php/popup.php +++ b/frontends/php/popup.php @@ -251,7 +251,7 @@ include_once "include/page_header.php"; validate_group(PERM_READ_LIST,$validation_param); } - $available_nodes = get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_LIST,null,null,get_current_nodeid(true)); + $available_nodes = get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_LIST,null,get_current_nodeid(true)); $available_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY,PERM_RES_IDS_ARRAY); $nodeid = get_current_nodeid(); diff --git a/frontends/php/sysmaps.php b/frontends/php/sysmaps.php index ac2090b8..7368239e 100644 --- a/frontends/php/sysmaps.php +++ b/frontends/php/sysmaps.php @@ -76,7 +76,7 @@ include_once "include/page_header.php"; show_messages($result,"Network map updated","Cannot update network map"); } else { - if(count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_MODE_LT,PERM_RES_IDS_ARRAY,get_current_nodeid()))) + if(!count(get_accessible_nodes_by_user($USER_DETAILS,PERM_READ_WRITE,PERM_RES_IDS_ARRAY,get_current_nodeid()))) access_deny(); DBstart(); diff --git a/frontends/php/tr_status.php b/frontends/php/tr_status.php index c95ec9d2..9945d25c 100644 --- a/frontends/php/tr_status.php +++ b/frontends/php/tr_status.php @@ -166,11 +166,11 @@ include_once "include/page_header.php"; $cmbGroup->AddItem(0,S_ALL_SMALL); $cmbHosts->AddItem(0,S_ALL_SMALL); + $available_groups= get_accessible_groups_by_user($USER_DETAILS,PERM_READ_ONLY); $available_hosts = get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY); $available_triggers = get_accessible_triggers(PERM_READ_ONLY,PERM_RES_IDS_ARRAY); - - + $scripts_by_hosts = get_accessible_scripts_by_hosts(explode(',',$available_hosts)); $result=DBselect('SELECT DISTINCT g.groupid,g.name '. |