From 8dffbd722749472d9704f6d5d5547f83f738198c Mon Sep 17 00:00:00 2001 From: artem Date: Wed, 2 Jul 2008 11:59:49 +0000 Subject: - [DEV-144] add possibility to force user groups to authenticate internally (Artem) git-svn-id: svn://svn.zabbix.com/trunk@5810 97f52cf1-0a1b-0410-bd0e-c28be96e8082 --- frontends/php/authentication.php | 60 +++++++++++++-------- frontends/php/dashboard.php | 24 +++++---- frontends/php/include/defines.inc.php | 9 ++-- frontends/php/include/forms.inc.php | 23 ++++---- frontends/php/include/func.inc.php | 1 + frontends/php/include/locales/en_gb.inc.php | 10 ++-- frontends/php/include/perm.inc.php | 35 ++++++++++--- frontends/php/include/users.inc.php | 59 +++++++++++++-------- frontends/php/index.php | 22 ++++++-- frontends/php/users.php | 81 +++++++++++++++-------------- 10 files changed, 203 insertions(+), 121 deletions(-) diff --git a/frontends/php/authentication.php b/frontends/php/authentication.php index f23436f4..561c83b8 100644 --- a/frontends/php/authentication.php +++ b/frontends/php/authentication.php @@ -91,7 +91,7 @@ include_once('include/page_header.php'); // If we do save and auth_type changed or is set to LDAP, reset all sessions if($result && (($cur_auth_type<>$config['authentication_type']) || (ZBX_AUTH_LDAP == $config['authentication_type']))){ - DBexecute('DELETE FROM sessions WHERE sessionid<>'.zbx_dbstr($USER_DETAILS['sessionid'])); + DBexecute('UPDATE sessions SET status='.ZBX_SESSION_PASSIVE.' WHERE sessionid<>'.zbx_dbstr($USER_DETAILS['sessionid'])); } if($result){ @@ -119,28 +119,44 @@ include_once('include/page_header.php'); } if(ZBX_AUTH_HTTP==$_REQUEST['config']){ if(isset($_REQUEST['save'])){ - - $config=select_config(); - - $cur_auth_type = $config['authentication_type'] ; - $config['authentication_type'] = ZBX_AUTH_HTTP; - foreach($config as $id => $value){ - if(isset($_REQUEST[$id])){ - $config[$id] = $_REQUEST[$id]; - } - else{ - unset($config[$id]); + $update = true; + if(ZBX_AUTH_HTTP == $_REQUEST['authentication_type']){ + $sql = 'SELECT COUNT(g.usrgrpid) as cnt_usrgrp FROM usrgrp g WHERE g.gui_access='.GROUP_GUI_ACCESS_INTERNAL; + $res = DBfetch(DBselect($sql)); + if($res['cnt_usrgrp'] > 0){ + $update = false; } } + + if($update){ + $config=select_config(); + + $cur_auth_type = $config['authentication_type'] ; + $config['authentication_type'] = ZBX_AUTH_HTTP; + + foreach($config as $id => $value){ + if(isset($_REQUEST[$id])){ + $config[$id] = $_REQUEST[$id]; + } + else{ + unset($config[$id]); + } + } + + // If we do save and auth_type changed or is set to LDAP, reset all sessions + if(($cur_auth_type<>$config['authentication_type']) || (ZBX_AUTH_HTTP == $config['authentication_type'])){ + DBexecute('UPDATE sessions SET status='.ZBX_SESSION_PASSIVE.' WHERE sessionid<>'.zbx_dbstr($USER_DETAILS['sessionid'])); + } -// If we do save and auth_type changed or is set to LDAP, reset all sessions - if(($cur_auth_type<>$config['authentication_type']) || (ZBX_AUTH_HTTP == $config['authentication_type'])){ - DBexecute('DELETE FROM sessions WHERE sessionid<>'.zbx_dbstr($USER_DETAILS['sessionid'])); + $result=update_config($config); } - $result=update_config($config); - - show_messages($result, S_HTTP_AUTH.SPACE.S_UPDATED, S_HTTP_AUTH.SPACE.S_WAS_NOT.SPACE.S_UPDATED); + else{ + info('Exists ['.$res['usrgrp'].'] groups with ['.S_INTERNAL.'] GUI access.'); + $result=false; + } + + show_messages($result, S_HTTP_AUTH.SPACE.S_UPDATED, S_CANNOT_UPDATE.SPACE.S_HTTP_AUTH); if($result){ add_audit(AUDIT_ACTION_UPDATE,AUDIT_RESOURCE_ZABBIX_CONFIG,S_HTTP_AUTH); @@ -195,7 +211,7 @@ include_once('include/page_header.php'); $frmAuth->AddRow(S_BIND_DN.'*', new CTextBox('ldap_bind_dn',$config['ldap_bind_dn'],64)); $frmAuth->AddRow(S_BIND_PASSWORD.'*',new CPassBox('ldap_bind_password',$config['ldap_bind_password'])); - $action = "javascript: if(confirm('Switching LDAP authentication will delete all current sessions! Continue?')) return true; else return false;"; + $action = "javascript: if(confirm('Switching LDAP authentication will reset all current sessions! Continue?')) return true; else return false;"; $frmAuth->AddRow(S_LDAP.SPACE.S_AUTHENTICATION.SPACE.S_ENABLED, new CCheckBox('authentication_type', $config['authentication_type'],$action,ZBX_AUTH_LDAP)); $frmAuth->AddRow(S_TEST.SPACE.S_AUTHENTICATION, ' ['.S_MUST_BE_VALID_SMALL.SPACE.S_LDAP.SPACE.S_USER.']'); @@ -210,7 +226,7 @@ include_once('include/page_header.php'); } else if(ZBX_AUTH_HTTP==$_REQUEST['config']){ $config=select_config(); - +/* if(isset($_REQUEST['form_refresh'])){ foreach($config as $id => $value){ if(isset($_REQUEST[$id])){ @@ -221,7 +237,7 @@ include_once('include/page_header.php'); } } } - +//*/ $form_refresh = get_request('form_refresh',0); $form_refresh++; @@ -230,7 +246,7 @@ include_once('include/page_header.php'); $frmAuth->AddVar('config',get_request('config',ZBX_AUTH_HTTP)); $frmAuth->AddVar('form_refresh',$form_refresh); - $action = "javascript: if(confirm('Switching HTTP authentication will delete all current sessions! Continue?')) return true; else return false;"; + $action = "javascript: if(confirm('Switching HTTP authentication will reset all current sessions! Continue?')) return true; else return false;"; $frmAuth->AddRow(S_HTTP_AUTH.SPACE.S_ENABLED, new CCheckBox('authentication_type', (ZBX_AUTH_HTTP == $config['authentication_type']), $action, ZBX_AUTH_HTTP)); $frmAuth->AddItemToBottomRow(new CButton('save',S_SAVE)); diff --git a/frontends/php/dashboard.php b/frontends/php/dashboard.php index f80a2de0..e6a72041 100644 --- a/frontends/php/dashboard.php +++ b/frontends/php/dashboard.php @@ -245,6 +245,19 @@ include_once "include/page_header.php"; get_profile('web.dashboard.hats.hat_favgrph.state',1) )); + $screen_menu = new CDiv(SPACE,'iconmenu'); + $screen_menu->AddAction('onclick','javascript: create_menu(event,"screens");'); + $screen_menu->AddOption('title',S_MENU); + + $left_tab->AddRow(create_hat( + S_FAVORITE.SPACE.S_SCREENS, + make_favorite_screens(), + array($screen_menu), + 'hat_favscr', + get_profile('web.dashboard.hats.hat_favscr.state',1) + )); + + $sysmap_menu = new CDiv(SPACE,'iconmenu'); $sysmap_menu->AddAction('onclick','javascript: create_menu(event,"sysmaps");'); $sysmap_menu->AddOption('title',S_MENU); @@ -257,17 +270,6 @@ include_once "include/page_header.php"; get_profile('web.dashboard.hats.hat_favmap.state',1) )); - $screen_menu = new CDiv(SPACE,'iconmenu'); - $screen_menu->AddAction('onclick','javascript: create_menu(event,"screens");'); - $screen_menu->AddOption('title',S_MENU); - - $left_tab->AddRow(create_hat( - S_FAVORITE.SPACE.S_SCREENS, - make_favorite_screens(), - array($screen_menu), - 'hat_favscr', - get_profile('web.dashboard.hats.hat_favscr.state',1) - )); $left_tab->AddRow(SPACE); $right_tab = new CTable(); diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php index 122fbb2b..7176620a 100644 --- a/frontends/php/include/defines.inc.php +++ b/frontends/php/include/defines.inc.php @@ -32,7 +32,7 @@ define('PAGE_TYPE_HTML_BLOCK', 4); //simple block of html (as text) define('ZBX_LOGIN_ATTEMPTS', 5); - define('ZBX_LOGIN_BLOCK', 30); + define('ZBX_LOGIN_BLOCK', 30); // sec define('ZBX_SESSION_ACTIVE', 0); define('ZBX_SESSION_PASSIVE', 1); @@ -347,8 +347,11 @@ define('GROUP_STATUS_DISABLED', 1); define('GROUP_STATUS_ENABLED', 0); - define('GROUP_GUI_ACCESS_DISABLED', 1); - define('GROUP_GUI_ACCESS_ENABLED', 0); +// IMPORTANT!!! by priority DESC + define('GROUP_GUI_ACCESS_SYSTEM', 0); + define('GROUP_GUI_ACCESS_INTERNAL', 1); + define('GROUP_GUI_ACCESS_DISABLED', 2); + define('PERM_MAX', 3); define('PERM_READ_WRITE', 3); diff --git a/frontends/php/include/forms.inc.php b/frontends/php/include/forms.inc.php index b69001e8..4e8a8294 100644 --- a/frontends/php/include/forms.inc.php +++ b/frontends/php/include/forms.inc.php @@ -961,7 +961,9 @@ # Insert form for User Groups function insert_usergroups_form(){ global $USER_DETAILS; - + + $config = select_config(); + $frm_title = S_USER_GROUP; if(isset($_REQUEST["usrgrpid"])){ $usrgrp = get_group_by_usrgrpid($_REQUEST["usrgrpid"]); @@ -1009,8 +1011,8 @@ } else{ $name = get_request('gname',''); - $users_status = get_request('users_status',0); - $gui_access = get_request('gui_access',0); + $users_status = get_request('users_status',GROUP_STATUS_ENABLED); + $gui_access = get_request('gui_access',GROUP_GUI_ACCESS_SYSTEM); $group_users = get_request("group_users",array()); $group_rights = get_request("group_rights",array()); } @@ -1037,8 +1039,7 @@ $lstUsers = new CListBox('group_users_to_del[]'); $lstUsers->options['style'] = 'width: 280px'; - foreach($group_users as $userid => $alias) - { + foreach($group_users as $userid => $alias){ $lstUsers->AddItem($userid, $alias); } @@ -1059,8 +1060,12 @@ if($granted){ $cmbGUI = new CComboBox('gui_access',$gui_access); - $cmbGUI->AddItem(GROUP_GUI_ACCESS_ENABLED,S_ENABLED); - $cmbGUI->AddItem(GROUP_GUI_ACCESS_DISABLED,S_DISABLED); + $cmbGUI->AddItem(GROUP_GUI_ACCESS_SYSTEM,user_auth_type2str(GROUP_GUI_ACCESS_SYSTEM)); + + if(ZBX_AUTH_HTTP != $config['authentication_type']) + $cmbGUI->AddItem(GROUP_GUI_ACCESS_INTERNAL,user_auth_type2str(GROUP_GUI_ACCESS_INTERNAL)); + + $cmbGUI->AddItem(GROUP_GUI_ACCESS_DISABLED,user_auth_type2str(GROUP_GUI_ACCESS_DISABLED)); $frmUserG->AddRow(S_GUI_ACCESS, $cmbGUI); @@ -1072,8 +1077,8 @@ } else{ - $frmUserG->AddVar('gui_access',GROUP_GUI_ACCESS_ENABLED); - $frmUserG->AddRow(S_GUI_ACCESS, new CSpan(S_ENABLED,'green')); + $frmUserG->AddVar('gui_access',$gui_access); + $frmUserG->AddRow(S_GUI_ACCESS, new CSpan(user_auth_type2str($gui_access),'green')); $frmUserG->AddVar('users_status',GROUP_STATUS_ENABLED); $frmUserG->AddRow(S_USERS_STATUS, new CSpan(S_ENABLED,'green')); diff --git a/frontends/php/include/func.inc.php b/frontends/php/include/func.inc.php index 180b6e37..2e67e260 100644 --- a/frontends/php/include/func.inc.php +++ b/frontends/php/include/func.inc.php @@ -225,6 +225,7 @@ function zbx_rksort(&$array, $flags=NULL){ /************* ZBX MISC *************/ function zbx_numeric($value){ if(is_array($value)) return false; + if(zbx_empty($value)) return false; $value = strval($value); return ctype_digit($value); diff --git a/frontends/php/include/locales/en_gb.inc.php b/frontends/php/include/locales/en_gb.inc.php index 8d7746df..3b13e2c8 100644 --- a/frontends/php/include/locales/en_gb.inc.php +++ b/frontends/php/include/locales/en_gb.inc.php @@ -170,10 +170,10 @@ // admin.php 'S_PREVIOUS'=> '<< Previous', - 'S_NEXT'=> 'Next >>', - 'S_RETRY'=> 'Retry', + 'S_NEXT'=> 'Next >>', + 'S_RETRY'=> 'Retry', 'S_FINISH'=> 'Finish', - 'S_FAIL'=> 'Fail', + 'S_FAIL'=> 'Fail', 'S_UPDATE_BIG'=> 'UPDATE', 'S_INSTALLATION'=> 'Installation', 'S_NEW_INSTALLATION'=> 'New installation', @@ -1428,6 +1428,9 @@ 'S_CANNOT_UPDATE_PROXY'=> 'Cannot update proxy', 'S_PROXY_DELETED'=> 'Proxy deleted', 'S_CANNOT_DELETE_PROXY'=> 'Cannot delete proxy', + 'S_GUI_ACCESS_UPDATED'=> 'GUI access updated', + 'S_CANNOT_UPDATE_GUI_ACCESS'=> 'Cannot update GUI access', + 'S_CANNOT_SET'=> 'Cannot set', 'S_USER_CANNOT_DISABLE_ITSELF'=> 'User cannot disable itself', 'S_USER_CANNOT_CHANGE_STATUS'=> 'User cannot change status to itself', 'S_USER_CANNOT_CHANGE_GUI_ACCESS'=> 'User cannot change GUI access to itself', @@ -1472,6 +1475,7 @@ 'S_ADD_TO'=> 'Add to', 'S_REMOVE_FROM'=> 'Remove from', 'S_STATUS_DISABLED'=> 'Status disabled', + 'S_INTERNAL'=> 'Internal', //scripts.php 'S_SCRIPTS'=> 'Scripts', diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php index e8565471..e47d104c 100644 --- a/frontends/php/include/perm.inc.php +++ b/frontends/php/include/perm.inc.php @@ -173,7 +173,7 @@ function check_perm2system($userid){ ' WHERE ug.userid = '.zbx_dbstr($userid). ' AND g.usrgrpid = ug.usrgrpid '. ' AND g.users_status = '.GROUP_STATUS_DISABLED; - $res = DBFetch(DBSelect($sql)); + $res = DBfetch(DBSelect($sql)); return ($res['grp_count'] == 0)?true:false; } @@ -189,15 +189,34 @@ return ($res['grp_count'] == 0)?true:false; * Author: Aly */ -function check_perm2login($userid){ - $sql = 'SELECT COUNT(g.usrgrpid) as grp_count '. +function check_perm2login($userid){ + $res = get_user_auth($userid); + +return (GROUP_GUI_ACCESS_DISABLED == $res)?false:true; +} + +/* Function: get_user_auth() + * + * Description: + * Returns user authentication type + * + * Comments: + * default is SYSTEM auth + * + * Author: Aly + */ +function get_user_auth($userid){ + $result = GROUP_GUI_ACCESS_SYSTEM; + + $sql = 'SELECT MAX(g.gui_access) as gui_access '. ' FROM usrgrp g, users_groups ug '. - ' WHERE ug.userid = '.zbx_dbstr($userid). - ' AND g.usrgrpid = ug.usrgrpid '. - ' AND g.gui_access = '.GROUP_GUI_ACCESS_DISABLED; - $res = DBFetch(DBSelect($sql)); + ' WHERE ug.userid='.zbx_dbstr($userid). + ' AND g.usrgrpid=ug.usrgrpid '; + $acc = DBfetch(DBselect($sql)); -return ($res['grp_count'] == 0)?true:false; + if(!zbx_empty($acc['gui_access'])) $result=$acc['gui_access']; + +return $result; } /*********************************************** diff --git a/frontends/php/include/users.inc.php b/frontends/php/include/users.inc.php index 0db25825..402eafb6 100644 --- a/frontends/php/include/users.inc.php +++ b/frontends/php/include/users.inc.php @@ -19,8 +19,7 @@ **/ ?> $grou_pname) - { + foreach($user_groups as $groupid => $grou_pname){ $users_groups_id = get_dbid("users_groups","id"); $result = DBexecute('insert into users_groups (id,usrgrpid,userid)'. 'values('.$users_groups_id.','.$groupid.','.$userid.')'); @@ -386,18 +397,24 @@ } - function change_group_gui_access($usrgrpid,$gui_access){ + function change_group_gui_access($usrgrpid,$gui_access){ $res = false; - $grant = true; - if($gui_access == GROUP_GUI_ACCESS_DISABLED) $grant= granted2update_group($usrgrpid); - - if($grant){ - $res = DBexecute('UPDATE usrgrp SET gui_access='.$gui_access.' WHERE usrgrpid='.$usrgrpid); - } - else{ + if(($gui_access == GROUP_GUI_ACCESS_DISABLED) && !granted2update_group($usrgrpid)){ error(S_USER_CANNOT_CHANGE_GUI_ACCESS); + return false; + } + + if(GROUP_GUI_ACCESS_INTERNAL == $gui_access){ + $config = select_config(); + if(ZBX_AUTH_HTTP == $config['authentication_type']){ + error(S_CANNOT_SET.' ['.S_INTERNAL.'] '.S_GROUP.' '.S_GUI_ACCESS); + return false; + } } + + $res = DBexecute('UPDATE usrgrp SET gui_access='.$gui_access.' WHERE usrgrpid='.$usrgrpid); + return $res; } diff --git a/frontends/php/index.php b/frontends/php/index.php index fd0a1381..a53c2cdd 100644 --- a/frontends/php/index.php +++ b/frontends/php/index.php @@ -56,7 +56,9 @@ } $config = select_config(); - if($config['authentication_type'] == ZBX_AUTH_HTTP){ + $authentication_type = $config['authentication_type']; + + if($authentication_type == ZBX_AUTH_HTTP){ if(isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])){ if(!isset($sessionid)) $_REQUEST['enter'] = 'Enter'; @@ -90,7 +92,17 @@ sleep(ZBX_LOGIN_BLOCK); } - switch($config['authentication_type']){ + switch(get_user_auth($login['userid'])){ + case GROUP_GUI_ACCESS_INTERNAL: + $authentication_type = ZBX_AUTH_INTERNAL; + break; + case GROUP_GUI_ACCESS_SYSTEM: + case GROUP_GUI_ACCESS_DISABLED: + default: + break; + } + + switch($authentication_type){ case ZBX_AUTH_LDAP: $login = ldap_authentication($name,get_request('password','')); break; @@ -108,12 +120,12 @@ $login = $row = DBfetch(DBselect('SELECT u.userid,u.alias,u.name,u.surname,u.url,u.refresh,u.passwd '. ' FROM users u, users_groups ug, usrgrp g '. ' WHERE u.alias='.zbx_dbstr($name). - ((ZBX_AUTH_INTERNAL==$config['authentication_type'])?' AND u.passwd='.zbx_dbstr($password):''). + ((ZBX_AUTH_INTERNAL==$authentication_type)?' AND u.passwd='.zbx_dbstr($password):''). ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))); } /* update internal pass if it's different - if($login && ($row['passwd']!=$password) && (ZBX_AUTH_INTERNAL!=$config['authentication_type'])){ + if($login && ($row['passwd']!=$password) && (ZBX_AUTH_INTERNAL!=$authentication_type)){ DBexecute('UPDATE users SET passwd='.zbx_dbstr($password).' WHERE userid='.zbx_dbstr($row['userid'])); } */ @@ -163,7 +175,7 @@ include_once "include/page_header.php"; if(isset($_REQUEST['message'])) show_error_message($_REQUEST['message']); if(!isset($sessionid)){ - switch($config['authentication_type']){ + switch($authentication_type){ case ZBX_AUTH_HTTP: break; case ZBX_AUTH_LDAP: diff --git a/frontends/php/users.php b/frontends/php/users.php index 26dc7c22..9f7330ba 100644 --- a/frontends/php/users.php +++ b/frontends/php/users.php @@ -40,15 +40,15 @@ include_once "include/page_header.php"; array(T_ZBX_INT, O_OPT, null, IN('0,1'), null), + 'config'=> array(T_ZBX_INT, O_OPT, null, IN('0,1'), null), 'perm_details'=>array(T_ZBX_INT, O_OPT, null, IN('0,1'), null), /* user */ - 'userid'=> array(T_ZBX_INT, O_NO, P_SYS, DB_ID,'(isset({config})&&({config}==0))&&(isset({form})&&({form}=="update"))'), + 'userid'=> array(T_ZBX_INT, O_NO, P_SYS, DB_ID,'(isset({config})&&({config}==0))&&(isset({form})&&({form}=="update"))'), 'group_userid'=>array(T_ZBX_INT, O_OPT, P_SYS, DB_ID, null), - 'alias'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==0))&&isset({save})'), - 'name'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==0))&&isset({save})'), - 'surname'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==0))&&isset({save})'), + 'alias'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==0))&&isset({save})'), + 'name'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==0))&&isset({save})'), + 'surname'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==0))&&isset({save})'), 'password1'=> array(T_ZBX_STR, O_OPT, null, null, '(isset({config})&&({config}==0))&&isset({save})&&(isset({form})&&({form}!="update"))&&isset({change_password})'), "password2"=> array(T_ZBX_STR, O_OPT, null, null, '(isset({config})&&({config}==0))&&isset({save})&&(isset({form})&&({form}!="update"))&&isset({change_password})'), 'user_type'=> array(T_ZBX_INT, O_OPT, null, IN('1,2,3'), '(isset({config})&&({config}==0))&&isset({save})'), @@ -60,30 +60,27 @@ include_once "include/page_header.php"; 'new_media'=> array(T_ZBX_STR, O_OPT, null, null, null), 'enable_media'=>array(T_ZBX_INT, O_OPT, null, null, null), 'disable_media'=>array(T_ZBX_INT, O_OPT,null, null, null), - 'lang'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==0))&&isset({save})'), - 'theme'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==0))&&isset({save})'), + 'lang'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==0))&&isset({save})'), + 'theme'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==0))&&isset({save})'), 'autologin'=> array(T_ZBX_INT, O_OPT, null, IN('0,1'), null), 'autologout'=> array(T_ZBX_INT, O_OPT, null, BETWEEN(0,3600),'(isset({config})&&({config}==0))&&isset({save})'), - 'url'=> array(T_ZBX_STR, O_OPT, null, null, '(isset({config})&&({config}==0))&&isset({save})'), - 'refresh'=> array(T_ZBX_INT, O_OPT, null, BETWEEN(0,3600),'(isset({config})&&({config}==0))&&isset({save})'), - - 'right'=> array(T_ZBX_STR, O_NO, null, NOT_EMPTY, - '(isset({register})&&({register}=="add permission"))&&isset({userid})'), - 'permission'=> array(T_ZBX_STR, O_NO, null, NOT_EMPTY, - '(isset({register})&&({register}=="add permission"))&&isset({userid})'), - 'id'=> array(T_ZBX_INT, O_NO, null, DB_ID, - '(isset({register})&&({register}=="add permission"))&&isset({userid})'), - 'rightid'=> array(T_ZBX_INT, O_NO, null, DB_ID, - '(isset({register})&&({register}=="delete permission"))&&isset({userid})'), + 'url'=> array(T_ZBX_STR, O_OPT, null, null, '(isset({config})&&({config}==0))&&isset({save})'), + 'refresh'=> array(T_ZBX_INT, O_OPT, null, BETWEEN(0,3600),'(isset({config})&&({config}==0))&&isset({save})'), + + 'right'=> array(T_ZBX_STR, O_NO, null, NOT_EMPTY, '(isset({register})&&({register}=="add permission"))&&isset({userid})'), + 'permission'=> array(T_ZBX_STR, O_NO, null, NOT_EMPTY, '(isset({register})&&({register}=="add permission"))&&isset({userid})'), + 'id'=> array(T_ZBX_INT, O_NO, null, DB_ID, '(isset({register})&&({register}=="add permission"))&&isset({userid})'), + 'rightid'=> array(T_ZBX_INT, O_NO, null, DB_ID, '(isset({register})&&({register}=="delete permission"))&&isset({userid})'), + 'grpaction'=> array(T_ZBX_INT, O_OPT, null, IN('0,1'), null), /* group */ 'usrgrpid'=> array(T_ZBX_INT, O_NO, P_SYS, DB_ID,'(isset({config})&&(({config}==1) || isset({grpaction})))&&(isset({form})&&({form}=="update"))'), 'group_groupid'=>array(T_ZBX_INT, O_OPT, P_SYS, DB_ID, null), - 'gname'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==1))&&isset({save})'), - 'users'=> array(T_ZBX_INT, O_OPT, P_SYS, DB_ID, null), + 'gname'=> array(T_ZBX_STR, O_OPT, null, NOT_EMPTY, '(isset({config})&&({config}==1))&&isset({save})'), + 'users'=> array(T_ZBX_INT, O_OPT, P_SYS, DB_ID, null), 'users_status'=>array(T_ZBX_INT, O_OPT, null, IN('0,1'), '(isset({config})&&({config}==1))&&isset({save})'), - 'gui_access'=> array(T_ZBX_INT, O_OPT, null, IN('0,1'), '(isset({config})&&({config}==1))&&isset({save})'), + 'gui_access'=> array(T_ZBX_INT, O_OPT, null, IN('0,1,2'), '(isset({config})&&({config}==1))&&isset({save})'), 'new_right'=> array(T_ZBX_STR, O_OPT, null, null, null), 'new_user'=> array(T_ZBX_STR, O_OPT, null, null, null), 'right_to_del'=>array(T_ZBX_STR, O_OPT, null, null, null), @@ -92,7 +89,7 @@ include_once "include/page_header.php"; 'group_rights'=>array(T_ZBX_STR, O_OPT, null, null, null), 'set_users_status'=> array(T_ZBX_INT, O_OPT, null, IN('0,1'), null), - 'set_gui_access'=> array(T_ZBX_INT, O_OPT, null, IN('0,1'), null), + 'set_gui_access'=> array(T_ZBX_INT, O_OPT, null, IN('0,1,2'), null), /* actions */ 'register'=> array(T_ZBX_STR, O_OPT, P_SYS|P_ACT, @@ -392,12 +389,9 @@ include_once "include/page_header.php"; $group=get_group_by_usrgrpid($_REQUEST["usrgrpid"]); $result=change_group_gui_access($_REQUEST["usrgrpid"],$_REQUEST['set_gui_access']); - $status_msg1 = ($_REQUEST['set_gui_access'] == GROUP_GUI_ACCESS_ENABLED)?S_ENABLED:S_DISABLED; - $status_msg2 = ($_REQUEST['set_gui_access'] == GROUP_GUI_ACCESS_ENABLED)?S_ENABLE:S_DISABLE; - - show_messages($result, S_GROUP.SPACE.'"'.$group['name'].'"'.SPACE.S_GUI_ACCESS.SPACE.$status_msg1, S_CANNOT.SPACE.$status_msg2.SPACE.S_GROUP); + show_messages($result, S_GROUP.' "'.$group['name'].'" '.S_GUI_ACCESS_UPDATED, S_CANNOT_UPDATE_GUI_ACCESS); if($result){ - $audit_action = ($_REQUEST['set_gui_access'] == GROUP_GUI_ACCESS_ENABLED)?AUDIT_ACTION_ENABLE:AUDIT_ACTION_DISABLE; + $audit_action = ($_REQUEST['set_gui_access'] == GROUP_GUI_ACCESS_DISABLED)?AUDIT_ACTION_DISABLE:AUDIT_ACTION_UPDATE; add_audit($audit_action,AUDIT_RESOURCE_USER_GROUP,'GUI access for group name ['.$group['name'].']'); unset($_REQUEST["usrgrpid"]); @@ -497,12 +491,12 @@ include_once "include/page_header.php"; array_push($user_groups,empty($user_groups)?'':BR(),$db_group['name']); $db_user['users_status'] = check_perm2system($db_user['userid']); - $db_user['gui_access'] = check_perm2login($db_user['userid']); - + $db_user['gui_access'] = get_user_auth($db_user['userid']); + $users_status = ($db_user['users_status'])?S_ENABLED:S_DISABLED; - $gui_access = ($db_user['gui_access'])?S_ENABLED:S_DISABLED; + $gui_access = user_auth_type2str($db_user['gui_access']); - $gui_access = new CSpan($gui_access,($db_user['gui_access'])?'green':'orange'); + $gui_access = new CSpan($gui_access,($db_user['gui_access'] == GROUP_GUI_ACCESS_DISABLED)?'orange':'green'); $users_status = new CSpan($users_status,($db_user['users_status'])?'green':'red'); $action = get_user_actionmenu($db_user['userid']); @@ -562,8 +556,8 @@ include_once "include/page_header.php"; ' FROM usrgrp ug'. ' WHERE '.DBin_node('ug.usrgrpid'). order_by('ug.name')); - while($row=DBfetch($result)) - { + while($row=DBfetch($result)){ + $users = array(); $users_id = array(); @@ -577,17 +571,26 @@ include_once "include/page_header.php"; $users[$db_user['userid']] = $db_user['alias']; } - $gui_access = ($row['gui_access'] == GROUP_GUI_ACCESS_ENABLED)?S_ENABLED:S_DISABLED; + $gui_access = user_auth_type2str($row['gui_access']); $users_status = ($row['users_status'] == GROUP_STATUS_ENABLED)?S_ENABLED:S_DISABLED; - + if(granted2update_group($row['usrgrpid'])){ + + $next_gui_auth = ($row['gui_access']+1 > GROUP_GUI_ACCESS_DISABLED)?GROUP_GUI_ACCESS_SYSTEM:($row['gui_access']+1); + + if(GROUP_GUI_ACCESS_INTERNAL == $next_gui_auth){ + $config = select_config(); + if(ZBX_AUTH_HTTP == $config['authentication_type']){ + $next_gui_auth++; + } + } + $gui_access = new CLink($gui_access, 'users.php?form=update'. - '&set_gui_access='.(($row['gui_access'] == GROUP_GUI_ACCESS_ENABLED)?GROUP_GUI_ACCESS_DISABLED:GROUP_GUI_ACCESS_ENABLED). + '&set_gui_access='.$next_gui_auth. '&usrgrpid='.$row["usrgrpid"]. url_param("config"), - - ($row['gui_access'] == GROUP_GUI_ACCESS_ENABLED)?'enabled':'orange'); + ($row['gui_access'] == GROUP_GUI_ACCESS_DISABLED)?'orange':'enabled'); $users_status = new CLink($users_status, 'users.php?form=update'. @@ -598,7 +601,7 @@ include_once "include/page_header.php"; } else{ - $gui_access = new CSpan($gui_access,($row['gui_access'] == GROUP_GUI_ACCESS_ENABLED)?'green':'orange'); + $gui_access = new CSpan($gui_access,($row['gui_access'] == GROUP_GUI_ACCESS_DISABLED)?'orange':'green'); $users_status = new CSpan($users_status,($row['users_status'] == GROUP_STATUS_ENABLED)?'green':'red'); } -- cgit