diff options
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | create/mysql/schema.sql | 5 | ||||
-rw-r--r-- | frontends/php/alarms.php | 12 | ||||
-rw-r--r-- | frontends/php/config.php | 10 | ||||
-rw-r--r-- | frontends/php/hosts.php | 25 | ||||
-rw-r--r-- | frontends/php/include/config.inc | 230 | ||||
-rw-r--r-- | frontends/php/include/db.inc | 4 | ||||
-rw-r--r-- | frontends/php/items.php | 29 | ||||
-rw-r--r-- | frontends/php/latest.php | 18 | ||||
-rw-r--r-- | frontends/php/latestalarms.php | 4 | ||||
-rw-r--r-- | frontends/php/queue.php | 19 | ||||
-rw-r--r-- | frontends/php/tr_status.php | 62 | ||||
-rw-r--r-- | frontends/php/triggers.php | 15 | ||||
-rw-r--r-- | frontends/php/users.php | 85 |
14 files changed, 483 insertions, 37 deletions
@@ -16,6 +16,8 @@ Not ready yet: Changes for 1.0beta3: + - added support for Inverse Select in status of triggers (Alexei) + - added support for flexible permissions (Alexei) - fixed items.php (Alexei) - added table 'rights' (Alexei) - added time legend for simple graph (Alexei) diff --git a/create/mysql/schema.sql b/create/mysql/schema.sql index 9e419d9f..6d53ce31 100644 --- a/create/mysql/schema.sql +++ b/create/mysql/schema.sql @@ -334,9 +334,10 @@ CREATE TABLE users ( -- CREATE TABLE rights ( - userid int(4) NOT NULL auto_increment, + rightid int(4) NOT NULL auto_increment, + userid int(4) DEFAULT '' NOT NULL, name char(255) DEFAULT '' NOT NULL, permission char(1) DEFAULT '' NOT NULL, id int(4), - KEY (userid) + PRIMARY KEY (rightid) ); diff --git a/frontends/php/alarms.php b/frontends/php/alarms.php index 736e984b..181b8e46 100644 --- a/frontends/php/alarms.php +++ b/frontends/php/alarms.php @@ -7,6 +7,16 @@ ?> <? + if(!check_right_on_trigger("R",$triggerid)) + { + show_table_header("<font color=\"AA0000\">No permissions !</font +>"); + show_footer(); + exit; + } +?> + +<? show_table_header_begin(); echo "ALARMS"; @@ -54,7 +64,7 @@ <FONT COLOR="#000000"> <? - $sql="select clock,istrue as status from alarms where triggerid=$triggerid order by clock desc $limit"; + $sql="select clock,istrue as status,triggerid from alarms where triggerid=$triggerid order by clock desc $limit"; $result=DBselect($sql); echo "<CENTER>"; diff --git a/frontends/php/config.php b/frontends/php/config.php index bb06f093..f704a26d 100644 --- a/frontends/php/config.php +++ b/frontends/php/config.php @@ -7,6 +7,16 @@ ?> <? + if(!check_right("Configuration of Zabbix","R",0)) + { + show_table_header("<font color=\"AA0000\">No permissions !</font +>"); + show_footer(); + exit; + } +?> + +<? if(isset($register) && ($register=="update")) { if(isset($password_required) && ($password_required=="true")) diff --git a/frontends/php/hosts.php b/frontends/php/hosts.php index ba62603d..509654e7 100644 --- a/frontends/php/hosts.php +++ b/frontends/php/hosts.php @@ -6,6 +6,16 @@ ?> <? + if(!check_right("Host","R",0)) + { + show_table_header("<font color=\"AA0000\">No permissions !</font +>"); + show_footer(); + exit; + } +?> + +<? if(isset($register)) { if($register=="add") @@ -41,6 +51,7 @@ show_table_header("HOSTS"); echo "<TABLE BORDER=0 COLS=4 WIDTH=\"100%\" BGCOLOR=\"#CCCCCC\" cellspacing=1 cellpadding=3>"; echo "<TR>"; + echo "<TD WIDTH=\"3%\" NOSAVE><B>Id</B></TD>"; echo "<TD WIDTH=\"10%\" NOSAVE><B>Host</B></TD>"; echo "<TD WIDTH=\"10%\" NOSAVE><B>Port</B></TD>"; echo "<TD WIDTH=\"10%\" NOSAVE><B>Status</B></TD>"; @@ -53,9 +64,14 @@ while($row=DBfetch($result)) // for($i=0;$i<DBnum_rows($result);$i++) { + if(!check_right("Host","R",$row["hostid"])) + { + continue; + } if($col++%2==0) { echo "<TR BGCOLOR=#EEEEEE>"; } else { echo "<TR BGCOLOR=#DDDDDD>"; } + echo "<TD>".$row["hostid"]."</TD>"; echo "<TD><a href=\"items.php?hostid=".$row["hostid"]."\">".$row["host"]."</a></TD>"; echo "<TD>".$row["port"]."</TD>"; echo "<TD>"; @@ -68,7 +84,14 @@ else echo "Unknown"; echo "</TD>"; - echo "<TD><A HREF=\"hosts.php?register=change&hostid=".$row["hostid"]."#form\">Change</A></TD>"; + if(check_right("Host","U",$row["hostid"])) + { + echo "<TD><A HREF=\"hosts.php?register=change&hostid=".$row["hostid"]."#form\">Change</A></TD>"; + } + else + { + echo "<TD>Change</TD>"; + } echo "</TR>"; } echo "</TABLE>"; diff --git a/frontends/php/include/config.inc b/frontends/php/include/config.inc index 2e7dcc45..88dffba8 100644 --- a/frontends/php/include/config.inc +++ b/frontends/php/include/config.inc @@ -8,20 +8,76 @@ { global $USER_DETAILS; - $sql="select * from users u,rights r where u.userid=r.userid and r.name='$right' and r.permission='$permission'"; + $sql="select permission from rights where name='Default permission' and userid=".$USER_DETAILS["userid"]; + $result=DBselect($sql); + + $default_permission="H"; + if(DBnum_rows($result)>0) + { + $row=DBfetch($result); + $default_permission=$row["permission"]; + } + + if($permission=='R') + { + $cond="'R','U'"; + } + else + { + $cond="'".$permission."'"; + } + + if($id==0) + { + $sql="select * from rights where name='$right' and permission in ($cond) and userid=".$USER_DETAILS["userid"]; + } + else + { + $sql="select * from rights where name='$right' and permission in ($cond) and (id=$id or id=0) and userid=".$USER_DETAILS["userid"]; + } +// echo $sql; $result=DBselect($sql); if(DBnum_rows($result)>0) { - return 0; + return 1; } else { - return -1; + if(($default_permission=="R")&&($permission=="R")) + { + return 1; + } + if(($default_permission=="U")&&($permission=="R")) + { + return 1; + } + if(($default_permission=="U")&&($permission=="U")) + { + return 1; + } + return 0; } } + function check_right_on_trigger($permission,$triggerid) + { + $sql="select distinct h.hostid from functions f,items i,hosts h +where h.hostid=i.hostid and i.itemid=f.itemid and f.triggerid=$triggerid"; + $result=DBselect($sql); + $ok=0; + while($row=DBfetch($result)) + { + if(check_right("Host",$permission,$row["hostid"])) + { + $ok=1; + } + } + return $ok; +} + + // The hash has form <md5sum of triggerid>,<sum of priorities> function calc_trigger_hash() { @@ -40,7 +96,23 @@ $md5sum=md5($triggerids); return "$priorities,$md5sum"; + } + + function get_user_by_userid($userid) + { + global $ERROR_MSG; + $sql="select * from users where userid=$userid"; + $result=DBselect($sql); + if(DBnum_rows($result) == 1) + { + return DBfetch($result); + } + else + { + $ERROR_MSG="No user with itemid=[$userid]"; + } + return $user; } function get_item_by_itemid($itemid) @@ -118,7 +190,7 @@ return $config; } - function select_host_by_hostid($hostid) + function get_host_by_hostid($hostid) { global $ERROR_MSG; @@ -462,8 +534,11 @@ <tr> <td colspan=1 bgcolor=FFFFFF align=center valign="top" width="15%"> <font face="Arial,Helvetica" size=2> - <a href="latest.php"> <? + if(check_right("Host","R",0)) + { + echo "<a href=\"latest.php\">"; + } if( ($page["file"]=="latest.php") || ($page["file"]=="history.php")) { @@ -478,8 +553,11 @@ </td> <td colspan=1 bgcolor=FFFFFF align=center valign="top" width="10%"> <font face="Arial,Helvetica" size=2> - <a href="tr_status.php?notitle=true&onlytrue=true&noactions=true&compact=true"> <? + if(check_right("Host","R",0)) + { + echo "<a href=\"tr_status.php?notitle=true&onlytrue=true&noactions=true&compact=true\">"; + } if($page["file"]=="tr_status.php") { echo "<b>[STATUS OF TRIGGERS]</b></a>"; @@ -493,8 +571,11 @@ </td> <td colspan=1 bgcolor=FFFFFF align=center valign="top" width="10%"> <font face="Arial,Helvetica" size=2> - <a href="queue.php"> <? + if(check_right("Host","R",0)) + { + echo "<a href=\"queue.php\">"; + } if($page["file"]=="queue.php") { echo "<b>[QUEUE]</b></a>"; @@ -635,8 +716,11 @@ <tr> <td colspan=1 bgcolor=FFFFFF align=center valign="top" width="15%"> <font face="Arial,Helvetica" size=2> - <a href="config.php"> <? + if(check_right("Configuration of Zabbix","R",0)) + { + echo "<a href=\"config.php\">"; + } if($page["file"]=="config.php") { echo "<b>[CONFIG]</b></a>"; @@ -650,8 +734,11 @@ </td> <td colspan=1 bgcolor=FFFFFF align=center valign="top" width="10%"> <font face="Arial,Helvetica" size=2> - <a href="users.php"> <? + if(check_right("User","R",0)) + { + echo "<a href=\"users.php\">"; + } if( ($page["file"]=="users.php")|| ($page["file"]=="media.php")) { @@ -666,8 +753,11 @@ </td> <td colspan=1 bgcolor=FFFFFF align=center valign="top" width="10%"> <font face="Arial,Helvetica" size=2> - <a href="hosts.php"> <? + if(check_right("Host","R",0)) + { + echo "<a href=\"hosts.php\">"; + } if($page["file"]=="hosts.php") { echo "<b>[HOSTS]</b></a>"; @@ -681,8 +771,11 @@ </td> <td colspan=1 bgcolor=FFFFFF align=center valign="top" width="10%"> <font face="Arial,Helvetica" size=2> - <a href="items.php"> <? + if(check_right("Host","R",0)) + { + echo "<a href=\"items.php\">"; + } if($page["file"]=="items.php") { echo "<b>[ITEMS]</b></a>"; @@ -696,8 +789,11 @@ </td> <td colspan=1 bgcolor=FFFFFF align=center valign="top" width="15%"> <font face="Arial,Helvetica" size=2> - <a href="triggers.php"> <? + if(check_right("Host","R",0)) + { + echo "<a href=\"triggers.php\">"; + } if( ($page["file"]=="triggers.php")|| ($page["file"]=="actions.php")) { @@ -964,6 +1060,8 @@ function update_trigger_comments($triggerid,$comments) { + global $ERROR_MSG; + $comments=addslashes($comments); $sql="update triggers set comments='$comments' where triggerid=$triggerid"; return DBexecute($sql); @@ -1432,6 +1530,13 @@ return DBexecute($sql); } + # Add permission + + function add_permission($userid,$right,$permission,$id) + { + $sql="insert into rights (rightid,userid,name,permission,id) values (NULL,$userid,'$right','$permission',$id)"; + return DBexecute($sql); + } # Add User definition @@ -1670,6 +1775,14 @@ function update_config($smtp_server,$smtp_helo,$smtp_email,$password_required,$alarm_history,$alert_history) { + global $ERROR_MSG; + + if(!check_right("Configuration of Zabbix","U",0)) + { + $ERROR_MSG="Insufficient permissions"; + return 0; + } + $sql="update config set smtp_server='$smtp_server',smtp_helo='$smtp_helo',smtp_email='$smtp_email',password_required=$password_required,alarm_history=$alarm_history,alert_history=$alert_history"; return DBexecute($sql); } @@ -1726,6 +1839,14 @@ return DBexecute($sql); } + # Delete User permission + + function delete_permission($rightid) + { + $sql="delete from rights where rightid=$rightid"; + return DBexecute($sql); + } + # Delete User definition function delete_user($userid) @@ -2237,6 +2358,49 @@ <? } + # Insert form for User permissions + function insert_permissions_form($userid) + { + show_table2_header_begin(); + echo "New permission"; + + show_table2_v_delimiter(); + echo "<form method=\"post\" action=\"users.php\">"; + if(isset($userid)) + { + echo "<input name=\"userid\" type=\"hidden\" value=\"$userid\" size=8>"; + } + echo "Resource"; + show_table2_h_delimiter(); + echo "<select name=\"right\">"; + echo "<option value=\"Configuration of Zabbix\">Configuration of Zabbix"; + echo "<option value=\"Default permission\">Default permission"; + echo "<option value=\"Host\">Host"; + echo "<option value=\"Item\">Item"; + echo "<option value=\"Trigger comment\">Trigger's comment"; + echo "<option value=\"User\">User"; + echo "</select>"; + + show_table2_v_delimiter(); + echo "Permission"; + show_table2_h_delimiter(); + echo "<select name=\"permission\">"; + echo "<option value=\"R\">Read-only"; + echo "<option value=\"U\">Read-write"; + echo "<option value=\"H\">Hide"; + echo "<option value=\"A\">Add"; + echo "</select>"; + + show_table2_v_delimiter(); + echo "Resource ID (0 for all)"; + show_table2_h_delimiter(); + echo "<input name=\"id\" value=\"0\" size=4>"; + + show_table2_v_delimiter2(); + echo "<input type=\"submit\" name=\"register\" value=\"add permission\">"; + show_table2_header_end(); + } + # Insert form for User function insert_user_form($userid) { @@ -2606,4 +2770,46 @@ return $ret; } + function get_resource_name($permission,$id) + { + $res="-"; + if($permission=="Host") + { + if(isset($id)&&($id!=0)) + { + $host=get_host_by_hostid($id); + $res=$host["host"]; + } + else + { + $res="All hosts"; + } + } + else if($permission=="Item") + { + if(isset($id)&&($id!=0)) + { + $item=get_item_by_itemid($id); + $host=get_host_by_hostid($item["hostid"]); + $res=$host["host"].":".$item["description"]; + } + else + { + $res="All items"; + } + } + else if($permission=="User") + { + if(isset($id)&&($id!=0)) + { + $user=get_user_by_userid($id); + $res=$user["name"]." ".$user["surname"]; + } + else + { + $res="All users"; + } + } + return $res; + } ?> diff --git a/frontends/php/include/db.inc b/frontends/php/include/db.inc index df8af72a..2de3acce 100644 --- a/frontends/php/include/db.inc +++ b/frontends/php/include/db.inc @@ -29,7 +29,7 @@ { global $DB,$DB_TYPE; - echo $query,"<br>"; +// echo $query,"<br>"; if($DB_TYPE == "MYSQL") { @@ -47,7 +47,7 @@ { global $DB,$DB_TYPE; - echo $query,"<br>"; +// echo $query,"<br>"; if($DB_TYPE == "MYSQL") { diff --git a/frontends/php/items.php b/frontends/php/items.php index 10fd128c..19f96b38 100644 --- a/frontends/php/items.php +++ b/frontends/php/items.php @@ -7,6 +7,16 @@ ?> <? + if(!check_right("Host","R",0)) + { + show_table_header("<font color=\"AA0000\">No permissions !</font +>"); + show_footer(); + exit; + } +?> + +<? if(isset($register)) { if($register=="update") @@ -46,6 +56,10 @@ $result=DBselect("select hostid,host from hosts order by host"); while($row=DBfetch($result)) { + if(!check_right("Host","R",$row["hostid"])) + { + continue; + } if(isset($hostid) && ($hostid == $row["hostid"])) { echo "<b>["; @@ -67,6 +81,10 @@ $col=0; while($row=DBfetch($result)) { + if(check_right("Item","H",$row["itemid"])) + { + continue; + } if($lasthost != $row["host"]) { if($lasthost != "") @@ -77,6 +95,7 @@ show_table_header("<A HREF='items.php?hostid=".$row["hostid"]."'>".$row["host"]."</A>"); echo "<TABLE BORDER=0 COLS=13 WIDTH=\"100%\" BGCOLOR=\"#CCCCCC\" cellspacing=1 cellpadding=3>"; echo "<TR>"; + echo "<TD WIDTH=\"3%\" NOSAVE><B>Id</B></TD>"; echo "<TD WIDTH=\"10%\" NOSAVE><B>Host</B></TD>"; echo "<TD WIDTH=\"10%\" NOSAVE><B>Key</B></TD>"; echo "<TD WIDTH=\"10%\" NOSAVE><B>Description</B></TD>"; @@ -91,6 +110,7 @@ if($col++%2 == 1) { echo "<TR BGCOLOR=#DDDDDD>"; } else { echo "<TR BGCOLOR=#EEEEEE>"; } + echo "<TD>".$row["itemid"]."</TD>"; echo "<TD>".$row["host"]."</TD>"; echo "<TD>".$row["key_"]."</TD>"; echo "<TD>".$row["description"]."</TD>"; @@ -141,7 +161,14 @@ } echo "</td>"; - echo "<TD><A HREF=\"items.php?itemid=".$row["itemid"]."#form\">Change</A></TD>"; + if(check_right("Item","U",$row["itemid"])) + { + echo "<TD><A HREF=\"items.php?itemid=".$row["itemid"]."#form\">Change</A></TD>"; + } + else + { + echo "<TD>Change</TD>"; + } echo "</TR>"; } echo "</TABLE>"; diff --git a/frontends/php/latest.php b/frontends/php/latest.php index 9ec4a8ec..53622438 100644 --- a/frontends/php/latest.php +++ b/frontends/php/latest.php @@ -6,6 +6,16 @@ ?> <? + if(!check_right("Host","R",0)) + { + show_table_header("<font color=\"AA0000\">No permissions !</font +>"); + show_footer(); + exit; + } +?> + +<? show_table_header_begin(); echo "LATEST DATA"; @@ -17,6 +27,10 @@ while($row=DBfetch($result)) { + if(!check_right("Host","R",$row["hostid"])) + { + continue; + } if( isset($hostid) && ($hostid == $row["hostid"]) ) { echo "<b>["; @@ -112,6 +126,10 @@ $result=DBselect("select h.host,i.itemid,i.description,i.lastvalue,i.prevvalue,i.lastclock,i.status,h.hostid,i.value_type from items i,hosts h where h.hostid=i.hostid and h.status in (0,2) and i.status in (0,2) and h.hostid=$hostid $sort"); while($row=DBfetch($result)) { + if(check_right("Item","H",$row["itemid"])) + { + continue; + } if($col++%2 == 1) { echo "<tr bgcolor=#DDDDDD>"; } else { echo "<tr bgcolor=#EEEEEE>"; } diff --git a/frontends/php/latestalarms.php b/frontends/php/latestalarms.php index 2b583c65..b779d3bc 100644 --- a/frontends/php/latestalarms.php +++ b/frontends/php/latestalarms.php @@ -53,6 +53,10 @@ $col=0; while($row=DBfetch($result)) { + if(!check_right_on_trigger("R",$row["triggerid"])) + { + continue; + } if($col++%2==0) { echo "<tr bgcolor=#DDDDDD>"; } else { echo "<tr bgcolor=#EEEEEE>"; } diff --git a/frontends/php/queue.php b/frontends/php/queue.php index 986c2b13..b2692048 100644 --- a/frontends/php/queue.php +++ b/frontends/php/queue.php @@ -7,15 +7,23 @@ ?> <? - show_table_header("QUEUE OF ITEMS TO BE UPDATED"); + if(!check_right("Host","R",0)) + { + show_table_header("<font color=\"AA0000\">No permissions !</font>"); + show_footer(); + exit; + } +?> +<? + show_table_header("QUEUE OF ITEMS TO BE UPDATED"); echo "<br>"; show_table_header("QUEUE"); ?> <? $now=time(); - $result=DBselect("select i.itemid, i.nextcheck, i.description, h.host from items i,hosts h where i.status=0 and h.status in (0,2) and i.hostid=h.hostid and i.nextcheck<$now order by i.nextcheck"); + $result=DBselect("select i.itemid, i.nextcheck, i.description, h.host,h.hostid from items i,hosts h where i.status=0 and h.status in (0,2) and i.hostid=h.hostid and i.nextcheck<$now order by i.nextcheck"); echo "<table border=0 width=100% bgcolor='#CCCCCC' cellspacing=1 cellpadding=3>"; echo "\n"; echo "<tr><td><b>Next time to check</b></td><td><b>Host</b></td><td><b>Description</b></td></tr>"; @@ -23,6 +31,10 @@ $col=0; while($row=DBfetch($result)) { + if(!check_right("Host","R",$row["hostid"])) + { + continue; + } if($col++%2==0) { echo "<tr bgcolor=#EEEEEE>"; } else { echo "<tr bgcolor=#DDDDDD>"; } echo "<td>".date("m.d.Y H:i:s",$row["nextcheck"])."</td>"; @@ -33,8 +45,7 @@ echo "</table>"; ?> <? - $i=DBnum_rows($result); - show_table_header("Total:$i"); + show_table_header("Total:$col"); ?> <? diff --git a/frontends/php/tr_status.php b/frontends/php/tr_status.php index eea81201..034e1a9f 100644 --- a/frontends/php/tr_status.php +++ b/frontends/php/tr_status.php @@ -3,7 +3,8 @@ $page["file"] = "tr_status.php"; include "include/config.inc"; - +?> +<? $tr_hash=calc_trigger_hash(); setcookie("triggers_hash",$tr_hash,time()+1800); @@ -14,6 +15,15 @@ $new=explode(",",$tr_hash); $old=explode(",",$triggers_hash); + setcookie("triggers_hash",$tr_hash,time()+1800); + + if(!isset($triggers_hash)) + { + $triggers_hash="0,0"; + } + + $new=explode(",",$tr_hash); + $old=explode(",",$triggers_hash); // Number of trigger decreased if(($old[1]!=$new[1])&&($new[0]<$old[0])) @@ -29,7 +39,8 @@ } // echo "$tr_hash<br>$triggers_hash<br>".$old[1]."<br>".$new[1]; - +?> +<? $refresh=10; if(!isset($onlytrue)) { @@ -43,7 +54,17 @@ { show_header($page["title"],$refresh,0); } - +?> +<? + if(!check_right("Host","R",0)) + { + show_header($page["title"],$refresh,0); + show_table_header("<font color=\"AA0000\">No permissions !</font>"); + show_footer(); + exit; + } +?> +<? if(isset($audio)) { echo "<BGSOUND src=\"audio/$audio\" loop=0>"; @@ -81,6 +102,15 @@ $txt_select=""; } + if(isset($btnSelect)&&($btnSelect=="Inverse select")) + { + $select_cond="not like '%$txt_select%'"; + } + else + { + $select_cond="like '%$txt_select%'"; + } + if(!isset($fullscreen)) { show_table_header_begin(); @@ -98,6 +128,10 @@ } while($row=DBfetch($result)) { + if(!check_right("Host","R",$row["hostid"])) + { + continue; + } if(isset($hostid) && ($row["hostid"] == $hostid)) { echo "<b>[<A HREF=\"tr_status.php?hostid=".$row["hostid"]."&onlytrue=$onlytrue&noactions=$noactions&compact=$compact&sort=$sort\">".$row["host"]."</A>]</b> "; @@ -157,6 +191,7 @@ echo "<form name=\"form1\" method=\"get\" action=\"tr_status.php?select=true\"> <input type=\"text\" name=\"txt_select\" value=\"$txt_select\"> <input type=\"submit\" name=\"btnSelect\" value=\"Select\"> + <input type=\"submit\" name=\"btnSelect\" value=\"Inverse select\"> <INPUT NAME=\"compact\" TYPE=\"HIDDEN\" value=\"$compact\"> <INPUT NAME=\"onlytrue\" TYPE=\"HIDDEN\" value=\"$onlytrue\"> <INPUT NAME=\"noactions\" TYPE=\"HIDDEN\" value=\"$noactions\"> @@ -166,8 +201,7 @@ show_table_header_end(); echo "<br>"; } - - + $time=date("[H:i:s]",time()); if(isset($fullscreen)) { @@ -178,14 +212,16 @@ { $cond=" and h.hostid=$hostid "; } + if($onlytrue=='true') { - $result=DBselect("select t.priority,count(*) from triggers t,hosts h,items i,functions f where t.istrue=1 and f.itemid=i.itemid and h.hostid=i.hostid and t.triggerid=f.triggerid and t.description like \"%$txt_select%\" and i.status in (0,2) $cond group by 1"); + $sql="select t.priority,count(*) from triggers t,hosts h,items i,functions f where t.istrue=1 and f.itemid=i.itemid and h.hostid=i.hostid and t.triggerid=f.triggerid and t.description $select_cond and i.status in (0,2) $cond group by 1"; } else { - $result=DBselect("select t.priority,count(*) from triggers t,hosts h,items i,functions f where f.itemid=i.itemid and h.hostid=i.hostid and t.triggerid=f.triggerid and t.description like \"%$txt_select%\" and i.status in (0,2) $cond group by 1"); + $sql="select t.priority,count(*) from triggers t,hosts h,items i,functions f where f.itemid=i.itemid and h.hostid=i.hostid and t.triggerid=f.triggerid and t.description $select_cond and i.status in (0,2) $cond group by 1"; } + $result=DBselect($sql); $p0=$p1=$p2=$p3=$p4=$p5=0; for($i=0;$i<DBnum_rows($result);$i++) { @@ -299,15 +335,19 @@ if($onlytrue=='true') { - $result=DBselect("select distinct t.triggerid,t.istrue,t.description,t.expression,t.priority,t.lastchange,t.comments,t.url from triggers t,hosts h,items i,functions f where t.istrue=1 and f.itemid=i.itemid and h.hostid=i.hostid and t.description like \"%$txt_select%\" and t.triggerid=f.triggerid and i.status in (0,2) $cond $sort"); + $result=DBselect("select distinct t.triggerid,t.istrue,t.description,t.expression,t.priority,t.lastchange,t.comments,t.url from triggers t,hosts h,items i,functions f where t.istrue=1 and f.itemid=i.itemid and h.hostid=i.hostid and t.description $select_cond and t.triggerid=f.triggerid and i.status in (0,2) $cond $sort"); } else { - $result=DBselect("select distinct t.triggerid,t.istrue,t.description,t.expression,t.priority,t.lastchange,t.comments,t.url from triggers t,hosts h,items i,functions f where f.itemid=i.itemid and h.hostid=i.hostid and t.triggerid=f.triggerid and t.description like \"%$txt_select%\" and i.status in (0,2) $cond $sort"); + $result=DBselect("select distinct t.triggerid,t.istrue,t.description,t.expression,t.priority,t.lastchange,t.comments,t.url from triggers t,hosts h,items i,functions f where f.itemid=i.itemid and h.hostid=i.hostid and t.triggerid=f.triggerid and t.description $select_cond and i.status in (0,2) $cond $sort"); } $col=0; while($row=DBfetch($result)) { + if(!check_right_on_trigger("R",$row["triggerid"])) + { + continue; + } // Check for dependencies @@ -384,9 +424,7 @@ } echo "</TABLE>"; - $i=DBnum_rows($result); - - show_table_header("Total:$i"); + show_table_header("Total:$col"); ?> <? diff --git a/frontends/php/triggers.php b/frontends/php/triggers.php index f5160797..6d1c53c0 100644 --- a/frontends/php/triggers.php +++ b/frontends/php/triggers.php @@ -7,6 +7,17 @@ ?> <? + if(!check_right("Host","R",0)) + { + show_table_header("<font color=\"AA0000\">No permissions !</font +>"); + show_footer(); + exit; + } +?> + + +<? if(isset($register)) { if($register=="add dependency") @@ -77,6 +88,10 @@ $result=DBselect("select hostid,host from hosts order by host"); while($row=DBfetch($result)) { + if(!check_right("Host","R",$row["hostid"])) + { + continue; + } if(isset($hostid) && ($row["hostid"] == $hostid)) { echo "<b>[<A HREF=\"triggers.php?hostid=".$row["hostid"]."\">".$row["host"]."</A>]</b> "; diff --git a/frontends/php/users.php b/frontends/php/users.php index aa5763f3..4299e439 100644 --- a/frontends/php/users.php +++ b/frontends/php/users.php @@ -6,6 +6,15 @@ show_header($page["title"],0,0); ?> +<? + if(!check_right("User","R",0)) + { + show_table_header("<font color=\"AA0000\">No permissions !</font +>"); + show_footer(); + exit; + } +?> <? if(isset($register)) @@ -28,6 +37,17 @@ show_messages($result, "User successfully deleted", "Cannot delete user"); unset($userid); } + if($register=="delete_permission") + { + $result=delete_permission($rightid); + show_messages($result, "Permission successfully deleted", "Cannot delete permission"); + unset($rightid); + } + if($register=="add permission") + { + $result=add_permission($userid,$right,$permission,$id); + show_messages($result, "Permission successfully added", "Cannot add permission"); + } if($register=="update") { if($password1==$password2) @@ -51,7 +71,8 @@ <? show_table_header("USERS"); echo "<TABLE BORDER=0 COLS=4 WIDTH=\"100%\" BGCOLOR=\"#CCCCCC\" cellspacing=1 cellpadding=3>"; - echo "<TR><TD WIDTH=\"10%\"><B>Group</B></TD>"; + echo "<TR><TD WIDTH=\"3%\"><B>Id</B></TD>"; + echo "<TD WIDTH=\"10%\"><B>Group</B></TD>"; echo "<TD WIDTH=\"10%\"><B>Alias</B></TD>"; echo "<TD WIDTH=\"10%\" NOSAVE><B>Name</B></TD>"; echo "<TD WIDTH=\"10%\" NOSAVE><B>Surname</B></TD>"; @@ -66,11 +87,19 @@ if($col++%2==0) { echo "<TR BGCOLOR=#EEEEEE>"; } else { echo "<TR BGCOLOR=#DDDDDD>"; } + echo "<TD>".$row["userid"]."</TD>"; echo "<TD>".$row["grp"]."</TD>"; echo "<TD>".$row["alias"]."</TD>"; echo "<TD>".$row["name"]."</TD>"; echo "<TD>".$row["surname"]."</TD>"; - echo "<TD><A HREF=\"users.php?register=change&userid=".$row["userid"]."\">Change</A> - <A HREF=\"media.php?userid=".$row["userid"]."\">Media</A>"; + if(check_right("User","U",$row["userid"])) + { + echo "<TD><A HREF=\"users.php?register=change&userid=".$row["userid"]."\">Change</A> - <A HREF=\"media.php?userid=".$row["userid"]."\">Media</A>"; + } + else + { + echo "<TD>Change - Media"; + } echo "</TD>"; echo "</TR>"; } @@ -78,6 +107,58 @@ ?> <? + if(isset($userid)) + { + + echo "<br>"; + show_table_header("USER PERMISSIONS"); + echo "<TABLE BORDER=0 COLS=4 WIDTH=\"100%\" BGCOLOR=\"#CCCCCC\" cellspacing=1 cellpadding=3>"; + echo "<TR><TD WIDTH=\"10%\"><B>Permission</B></TD>"; + echo "<TD WIDTH=\"10%\"><B>Right</B></TD>"; + echo "<TD WIDTH=\"10%\" NOSAVE><B>Resource name</B></TD>"; + echo "<TD WIDTH=\"10%\" NOSAVE><B>Actions</B></TD>"; + echo "</TR>"; + $result=DBselect("select rightid,name,permission,id from rights where userid=$userid order by name,permission,id"); + echo "<CENTER>"; + $col=0; + while($row=DBfetch($result)) + { +// if(!check_right("User","R",$row["userid"])) +// { +// continue; +// } + if($col++%2==0) { echo "<TR BGCOLOR=#EEEEEE>"; } + else { echo "<TR BGCOLOR=#DDDDDD>"; } + + echo "<TD>".$row["name"]."</TD>"; + if($row["permission"]=="R") + { + echo "<TD>Read only</TD>"; + } + else if($row["permission"]=="U") + { + echo "<TD>Read-write</TD>"; + } + else if($row["permission"]=="H") + { + echo "<TD>Hide</TD>"; + } + else + { + echo "<TD>".$row["permission"]."</TD>"; + } + echo "<TD>".get_resource_name($row["name"],$row["id"])."</TD>"; + echo "<TD><A HREF=users.php?userid=$userid&rightid=".$row["rightid"]."®ister=delete_permission>Delete</A></TD>"; + } + echo "</TR>"; + echo "</TABLE>"; + + insert_permissions_form($userid); + + } +?> + +<? echo "<br>"; @insert_user_form($userid); |