From 0c12891108a86a1059340fd5597a08bd05db8024 Mon Sep 17 00:00:00 2001 From: artem Date: Tue, 29 Jan 2008 12:12:26 +0000 Subject: - [DEV-103] added support of disabling login rights for a users group (Artem) git-svn-id: svn://svn.zabbix.com/trunk@5287 97f52cf1-0a1b-0410-bd0e-c28be96e8082 --- frontends/php/include/classes/ctag.inc.php | 13 +- frontends/php/include/db.inc.php | 4 +- frontends/php/include/defines.inc.php | 7 +- frontends/php/include/forms.inc.php | 52 ++-- frontends/php/include/locales/en_gb.inc.php | 7 + frontends/php/include/perm.inc.php | 71 +++++- frontends/php/include/users.inc.php | 377 ++++++++++++++++++++++++---- 7 files changed, 448 insertions(+), 83 deletions(-) (limited to 'frontends/php/include') diff --git a/frontends/php/include/classes/ctag.inc.php b/frontends/php/include/classes/ctag.inc.php index 97cc2325..44cc5050 100644 --- a/frontends/php/include/classes/ctag.inc.php +++ b/frontends/php/include/classes/ctag.inc.php @@ -221,7 +221,7 @@ { unset($this->options[$name]); } - function &GetOption($name) + function GetOption($name) { $ret = NULL; if(isset($this->options[$name])) @@ -256,13 +256,20 @@ function AddAction($name, $value) { - if(!empty($value)) + if(is_object($value)){ + $this->options[$name] = unpack_object($value); + } + else if(!empty($value)){ $this->options[$name] = htmlentities(str_replace(array("\r", "\n"), '', strval($value)),ENT_COMPAT,S_HTML_CHARSET); + } } function AddOption($name, $value) { - if(isset($value)) + if(is_object($value)){ + $this->options[$name] = unpack_object($value); + } + else if(isset($value)) $this->options[$name] = htmlspecialchars(strval($value)); else unset($this->options[$name]); diff --git a/frontends/php/include/db.inc.php b/frontends/php/include/db.inc.php index 46d56c7f..e60bc250 100644 --- a/frontends/php/include/db.inc.php +++ b/frontends/php/include/db.inc.php @@ -408,10 +408,10 @@ switch($DB_TYPE) { case "MYSQL": - $result = mysql_fetch_array($cursor); + $result = mysql_fetch_assoc($cursor); break; case "POSTGRESQL": - $result = pg_fetch_array($cursor); + $result = pg_fetch_assoc($cursor); break; case "ORACLE": if(ocifetchinto($cursor, $row, OCI_ASSOC+OCI_NUM+OCI_RETURN_NULLS)) diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php index 7328c677..8bbceb64 100644 --- a/frontends/php/include/defines.inc.php +++ b/frontends/php/include/defines.inc.php @@ -338,8 +338,11 @@ define('USER_TYPE_ZABBIX_ADMIN', 2); define('USER_TYPE_SUPER_ADMIN', 3); - define('USER_STATUS_DISABLED', 1); - define('USER_STATUS_ENABLED', 0); + define('GROUP_STATUS_DISABLED', 1); + define('GROUP_STATUS_ENABLED', 0); + + define('GROUP_GUI_ACCESS_DISABLED', 1); + define('GROUP_GUI_ACCESS_ENABLED', 0); define('PERM_MAX', 3); define('PERM_READ_WRITE', 3); diff --git a/frontends/php/include/forms.inc.php b/frontends/php/include/forms.inc.php index 21c2170c..6a895cef 100644 --- a/frontends/php/include/forms.inc.php +++ b/frontends/php/include/forms.inc.php @@ -702,7 +702,6 @@ $autologout = $user["autologout"]; $lang = $user["lang"]; $refresh = $user["refresh"]; - $status = $user["status"]; $user_type = $user["type"]; $user_groups = array(); @@ -743,7 +742,6 @@ $autologout = get_request("autologout",900); $lang = get_request("lang","en_gb"); $refresh = get_request("refresh",30); - $status = get_request('status',0); $user_type = get_request("user_type",USER_TYPE_ZABBIX_USER);; $user_groups = get_request("user_groups",array()); $change_password = get_request("change_password", null); @@ -883,18 +881,6 @@ $frmUser->AddRow(S_URL_AFTER_LOGIN, new CTextBox("url",$url,50)); $frmUser->AddRow(S_SCREEN_REFRESH, new CNumericBox("refresh",$refresh,4)); - if((bccomp($USER_DETAILS['userid'],$userid) == 0)){ - $frmUser->AddVar('status',USER_STATUS_ENABLED); - $frmUser->AddRow(S_STATUS, new CSpan(S_ENABLED,'green')); - } - else{ - $cmbStat = new CComboBox('status',$status); - $cmbStat->AddItem(USER_STATUS_ENABLED,S_ENABLED); - $cmbStat->AddItem(USER_STATUS_DISABLED,S_DISABLED); - - $frmUser->AddRow(S_STATUS, $cmbStat); - } - if($profile==0) { $frmUser->AddVar('perm_details', $perm_details); @@ -964,7 +950,7 @@ # Insert form for User Groups function insert_usergroups_form() { - global $_REQUEST; + global $USER_DETAILS; $frm_title = S_USER_GROUP; if(isset($_REQUEST["usrgrpid"])) @@ -975,8 +961,11 @@ if(isset($_REQUEST["usrgrpid"]) && !isset($_REQUEST["form_refresh"])) { - $name = $usrgrp["name"]; + $name = $usrgrp['name']; + $users_status = $usrgrp['users_status']; + $gui_access = $usrgrp['gui_access']; + $group_users = array(); $db_users=DBselect("SELECT distinct u.userid,u.alias FROM users u,users_groups ug ". "where u.userid=ug.userid AND ug.usrgrpid=".$_REQUEST["usrgrpid"]. @@ -1012,7 +1001,9 @@ } else { - $name = get_request("gname",""); + $name = get_request("gname",""); + $users_status = get_request('users_status',0); + $gui_access = get_request('gui_access',0); $group_users = get_request("group_users",array()); $group_rights = get_request("group_rights",array()); } @@ -1054,6 +1045,33 @@ (count($group_users) > 0) ? new CButton('del_group_user',S_DELETE_SELECTED) : null )); + $granted = true; + if(isset($_REQUEST['usrgrpid'])){ + $granted = granted2update_group($_REQUEST['usrgrpid']); + } + + if($granted){ + $cmbGUI = new CComboBox('gui_access',$gui_access); + $cmbGUI->AddItem(GROUP_GUI_ACCESS_ENABLED,S_ENABLED); + $cmbGUI->AddItem(GROUP_GUI_ACCESS_DISABLED,S_DISABLED); + + $frmUserG->AddRow(S_GUI_ACCESS, $cmbGUI); + + $cmbStat = new CComboBox('users_status',$users_status); + $cmbStat->AddItem(GROUP_STATUS_ENABLED,S_ENABLED); + $cmbStat->AddItem(GROUP_STATUS_DISABLED,S_DISABLED); + + $frmUserG->AddRow(S_USERS_STATUS, $cmbStat); + + } + else{ + $frmUserG->AddVar('gui_access',GROUP_GUI_ACCESS_ENABLED); + $frmUserG->AddRow(S_GUI_ACCESS, new CSpan(S_ENABLED,'green')); + + $frmUserG->AddVar('users_status',GROUP_STATUS_ENABLED); + $frmUserG->AddRow(S_USERS_STATUS, new CSpan(S_ENABLED,'green')); + } + $table_Rights = new CTable(S_NO_RIGHTS_DEFINED,'right_table'); $lstWrite = new CListBox('right_to_del[read_write][]' ,null ,20); diff --git a/frontends/php/include/locales/en_gb.inc.php b/frontends/php/include/locales/en_gb.inc.php index d24778a8..3422f27c 100644 --- a/frontends/php/include/locales/en_gb.inc.php +++ b/frontends/php/include/locales/en_gb.inc.php @@ -1297,6 +1297,8 @@ 'S_GROUP_DELETED'=> 'Group deleted', 'S_CANNOT_DELETE_GROUP'=> 'Cannot delete group', 'S_USER_CANNOT_DISABLE_ITSELF'=> 'User cannot disable itself', + 'S_USER_CANNOT_CHANGE_STATUS'=> 'User cannot change status to itself', + 'S_USER_CANNOT_CHANGE_GUI_ACCESS'=> 'User cannot change GUI access to itself', 'S_USER_CANNOT_DELETE_ITSELF'=> 'User cannot delete itself', 'S_CONFIGURATION_OF_USERS_AND_USER_GROUPS'=>'CONFIGURATION OF USERS AND USER GROUPS', 'S_USER_GROUPS_BIG'=> 'USER GROUPS', @@ -1316,6 +1318,8 @@ 'S_PERMISSION'=> 'Permission', 'S_RIGHT'=> 'Right', 'S_RIGHTS'=> 'Rights', + 'S_GUI_ACCESS'=> 'GUI access', + 'S_USERS_STATUS'=> 'Users status', 'S_NO_RIGHTS_DEFINED'=> 'No rights defined', 'S_RESOURCE_NAME'=> 'Resource name', 'S_READ_ONLY'=> 'Read only', @@ -1332,6 +1336,9 @@ 'S_CREATE_GROUP'=> 'Create Group', 'S_DELETE_SELECTED_USERS_Q'=> 'Delete selected users?', 'S_NO_ACCESSIBLE_RESOURCES'=> 'No accessibles resources', + 'S_ADD_TO'=> 'Add to', + 'S_REMOVE_FROM'=> 'Remove from', + 'S_STATUS_DISABLED'=> 'Status disabled', //scripts.php 'S_SCRIPTS'=> 'Scripts', diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php index 750ffe1b..10522455 100644 --- a/frontends/php/include/perm.inc.php +++ b/frontends/php/include/perm.inc.php @@ -48,21 +48,25 @@ if( !is_null($sessionid)) { - if(!($USER_DETAILS = DBfetch(DBselect('SELECT u.*,s.* FROM sessions s,users u'. - ' WHERE s.sessionid='.zbx_dbstr($sessionid). - ' AND s.userid=u.userid'. - ' AND ((s.lastaccess+u.autologout>'.time().') OR (u.autologout=0))'. - ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID). - ' AND u.status='.USER_STATUS_ENABLED)))) - { + $login = $USER_DETAILS = DBfetch(DBselect('SELECT u.*,s.* FROM sessions s,users u'. + ' WHERE s.sessionid='.zbx_dbstr($sessionid). + ' AND s.userid=u.userid'. + ' AND ((s.lastaccess+u.autologout>'.time().') OR (u.autologout=0))'. + ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))); + if($login){ + $login = (check_perm2login($USER_DETAILS['userid']) && check_perm2system($USER_DETAILS['userid'])); + } + + if(!$login){ + $USER_DETAILS = NULL; + zbx_unsetcookie('zbx_sessionid'); DBexecute("delete from sessions where sessionid=".zbx_dbstr($sessionid)); unset($sessionid); $incorrect_session = true; } - else - { + else{ zbx_setcookie("zbx_sessionid",$sessionid); DBexecute("update sessions set lastaccess=".time()." where sessionid=".zbx_dbstr($sessionid)); } @@ -71,8 +75,7 @@ if(!$USER_DETAILS){ if(!($USER_DETAILS = DBfetch(DBselect('SELECT u.* FROM users u '. ' WHERE u.alias='.zbx_dbstr(ZBX_GUEST_USER). - ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID). - ' AND u.status='.USER_STATUS_ENABLED)))) + ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))))) { $missed_user_guest = true; } @@ -114,6 +117,52 @@ } } +/*********************************************** + CHECK USER ACCESS TO SYSTEM STATUS +************************************************/ +/* Function: check_perm2system() + * + * Description: + * Checking user permissions to access system (affects server side: no notification will be sent) + * + * Comments: + * return true if permission is positive + * + * Author: Aly + */ + function check_perm2system($userid){ + $sql = 'SELECT COUNT(g.usrgrpid) as grp_count '. + ' FROM usrgrp g, users_groups ug '. + ' WHERE ug.userid = '.zbx_dbstr($userid). + ' AND g.usrgrpid = ug.usrgrpid '. + ' AND g.users_status = '.GROUP_STATUS_DISABLED; + $res = DBFetch(DBSelect($sql)); + + return ($res['grp_count'] == 0)?true:false; + } + +/* Function: check_perm2login() + * + * Description: + * Checking user permissions to Login in frontend + * + * Comments: + * return true if permission is positive + * + * Author: Aly + */ + + function check_perm2login($userid){ + $sql = 'SELECT COUNT(g.usrgrpid) as grp_count '. + ' FROM usrgrp g, users_groups ug '. + ' WHERE ug.userid = '.zbx_dbstr($userid). + ' AND g.usrgrpid = ug.usrgrpid '. + ' AND g.gui_access = '.GROUP_GUI_ACCESS_DISABLED; + $res = DBFetch(DBSelect($sql)); + + return ($res['grp_count'] == 0)?true:false; + } + /*********************************************** GET ACCESSIBLE RESOURCES BY USERID ************************************************/ diff --git a/frontends/php/include/users.inc.php b/frontends/php/include/users.inc.php index af84528d..4c2e8ae1 100644 --- a/frontends/php/include/users.inc.php +++ b/frontends/php/include/users.inc.php @@ -33,7 +33,7 @@ # Add User definition - function add_user($name,$surname,$alias,$passwd,$url,$autologout,$lang,$refresh,$user_type,$status,$user_groups,$user_medias) + function add_user($name,$surname,$alias,$passwd,$url,$autologout,$lang,$refresh,$user_type,$user_groups,$user_medias) { global $USER_DETAILS; @@ -54,8 +54,6 @@ ' values ('.$userid.','.zbx_dbstr($name).','.zbx_dbstr($surname).','.zbx_dbstr($alias).','. zbx_dbstr(md5($passwd)).','.zbx_dbstr($url).','.$autologout.','.zbx_dbstr($lang).','.$refresh.','.$user_type.')'); - $result &= change_user_status($userid,$status); - if($result) { DBexecute('delete from users_groups where userid='.$userid); @@ -88,7 +86,7 @@ # Update User definition - function update_user($userid,$name,$surname,$alias,$passwd, $url,$autologout,$lang,$refresh,$user_type,$status,$user_groups,$user_medias) + function update_user($userid,$name,$surname,$alias,$passwd, $url,$autologout,$lang,$refresh,$user_type,$user_groups,$user_medias) { if(DBfetch(DBselect("select * from users where alias=".zbx_dbstr($alias). " and userid<>$userid and ".DBin_node('userid', get_current_nodeid(false))))) @@ -102,8 +100,6 @@ ",url=".zbx_dbstr($url).","."autologout=$autologout,lang=".zbx_dbstr($lang).",refresh=$refresh,". "type=$user_type". " where userid=$userid"); - - $result &= change_user_status($userid,$status); if($result) { @@ -182,33 +178,86 @@ } - function get_user_by_userid($userid){ + function get_user_by_userid($userid){ if($row = DBfetch(DBselect('select * from users where userid='.zbx_dbstr($userid)))){ return $row; } /* error("No user with id [$userid]"); */ return false; } + - function change_user_status($userid,$status){ - global $USER_DETAILS; - $res = false; - if((bccomp($USER_DETAILS['userid'],$userid) == 0) && ($status==USER_STATUS_DISABLED)){ - error(S_USER_CANNOT_DISABLE_ITSELF); + function get_userid_by_usrgrpid($usrgrpid){ + $userids = array(); + if($res=DBselect('SELECT DISTINCT u.userid '. + ' FROM users u,users_groups ug '. + ' WHERE u.userid=ug.userid '. + ' AND ug.usrgrpid='.$usrgrpid. + ' AND '.DBin_node('ug.usrgrpid', get_current_nodeid(false)))) + { + while($rows = DBFetch($res)) $userids[]=$rows['userid']; + } + + return $userids; + } + + + function add_user_to_group($userid,$usrgrpid){ + $result = false; + if(granted2move_user($userid,$usrgrpid)){ + DBexecute('delete from users_groups where userid='.$userid.' and usrgrpid='.$usrgrpid); + + $users_groups_id = get_dbid("users_groups","id"); + $result = DBexecute('insert into users_groups (id,usrgrpid,userid) values('.$users_groups_id.','.$usrgrpid.','.$userid.')'); } else{ - $res = DBexecute('UPDATE users SET status='.$status.' WHERE userid='.zbx_dbstr($userid)); + error(S_USER_CANNOT_CHANGE_STATUS); } - return $res; + return $result; + } + + function remove_user_from_group($userid,$usrgrpid){ + $result = false; + if(granted2move_user($userid,$usrgrpid)){ + $result = DBexecute('delete from users_groups where userid='.$userid.' and usrgrpid='.$usrgrpid); + } + else{ + error(S_USER_CANNOT_CHANGE_STATUS); + } + return $result; + } + + +// description: +// checks if user is adding himself to disabled group + function granted2update_group($usrgrpid){ + global $USER_DETAILS; + $users = get_userid_by_usrgrpid($usrgrpid); + $result=(!uint_in_array($USER_DETAILS['userid'],$users)); + return $result; } + + +// description: +// checks if user is adding himself to disabled group + function granted2move_user($userid,$usrgrpid){ + global $USER_DETAILS; + + $result = true; + $group = get_group_by_usrgrpid($usrgrpid); + if(($group['gui_access'] == GROUP_GUI_ACCESS_DISABLED) || ($group['users_status'] == GROUP_STATUS_DISABLED)){ + $result=(bccomp($USER_DETAILS['userid'],$userid)!=0); + } + return $result; + } /************************** USER GROUPS **************************/ - function add_user_group($name,$users=array(),$rights=array()) - { + function add_user_group($name,$users_status,$gui_access,$users=array(),$rights=array()){ + if(DBfetch(DBselect('select * from usrgrp where name='.zbx_dbstr($name).' and '.DBin_node('usrgrpid', get_current_nodeid(false))))) { error("Group '$name' already exists"); @@ -219,29 +268,33 @@ $result=DBexecute("insert into usrgrp (usrgrpid,name) values ($usrgrpid,".zbx_dbstr($name).")"); if(!$result) return $result; - - $result=DBexecute("delete from users_groups where usrgrpid=".$usrgrpid); - foreach($users as $userid => $name) - { - $id = get_dbid('users_groups','id'); - $result=DBexecute('insert into users_groups (id,usrgrpid,userid) values ('.$id.','.$usrgrpid.','.$userid.')'); + +// must come before adding user to group + $result&=change_group_status($usrgrpid,$users_status); + $result&=change_group_gui_access($usrgrpid,$gui_access); + if(!$result) return $result; +//-------- + + foreach($users as $userid => $name){ + $result &= add_user_to_group($userid,$usrgrpid); if(!$result) return $result; } $result=DBexecute("delete from rights where groupid=".$usrgrpid); - foreach($rights as $right) - { + foreach($rights as $right){ $id = get_dbid('rights','rightid'); $result=DBexecute('insert into rights (rightid,groupid,type,permission,id)'. ' values ('.$id.','.$usrgrpid.','.$right['type'].','.$right['permission'].','.$right['id'].')'); + if(!$result) return $result; } - + return $result; } - function update_user_group($usrgrpid,$name,$users=array(),$rights=array()) - { + function update_user_group($usrgrpid,$name,$users_status,$gui_access,$users=array(),$rights=array()){ + global $USER_DETAILS; + if(DBfetch(DBselect('select * from usrgrp where name='.zbx_dbstr($name). ' and usrgrpid<>'.$usrgrpid.' and '.DBin_node('usrgrpid', get_current_nodeid(false))))) { @@ -250,33 +303,43 @@ } $result=DBexecute("update usrgrp set name=".zbx_dbstr($name)." where usrgrpid=$usrgrpid"); - if(!$result) - { - return $result; - } + if(!$result) return $result; + +// must come before adding user to group + $result&=change_group_status($usrgrpid,$users_status); + $result&=change_group_gui_access($usrgrpid,$gui_access); + if(!$result) return $result; +//------- - $result=DBexecute("delete from users_groups where usrgrpid=".$usrgrpid); - foreach($users as $userid => $name) - { - $id = get_dbid('users_groups','id'); - $result=DBexecute('insert into users_groups (id,usrgrpid,userid) values ('.$id.','.$usrgrpid.','.$userid.')'); - if(!$result) return $result; + $grant = true; + if(($gui_access == GROUP_GUI_ACCESS_DISABLED) || ($users_status == GROUP_STATUS_DISABLED)){ + $grant = (!uint_in_array($USER_DETAILS['userid'],$users)); } - + if($grant){ + $result = DBexecute('delete from users_groups where usrgrpid='.zbx_dbstr($usrgrpid)); + foreach($users as $userid => $name){ + $result &= add_user_to_group($userid,$usrgrpid); + if(!$result) return $result; + } + } + else{ + error(S_USER_CANNOT_DISABLE_ITSELF); + return false; + } + $result=DBexecute("delete from rights where groupid=".$usrgrpid); - foreach($rights as $right) - { + foreach($rights as $right){ $id = get_dbid('rights','rightid'); $result=DBexecute('insert into rights (rightid,groupid,type,permission,id)'. ' values ('.$id.','.$usrgrpid.','.$right['type'].','.$right['permission'].','.$right['id'].')'); + if(!$result) return $result; } return $result; } - function delete_user_group($usrgrpid) - { + function delete_user_group($usrgrpid){ $result = DBexecute("delete from rights where groupid=$usrgrpid"); if(!$result) return $result; @@ -286,16 +349,234 @@ if(!$result) return $result; $result = DBexecute("delete from usrgrp where usrgrpid=$usrgrpid"); - return $result; + return $result; } - function get_group_by_usrgrpid($usrgrpid) - { - if($row = DBfetch(DBselect("select * from usrgrp where usrgrpid=".$usrgrpid))) - { + function get_group_by_usrgrpid($usrgrpid){ + if($row = DBfetch(DBselect("select * from usrgrp where usrgrpid=".$usrgrpid))){ return $row; } /* error("No user groups with id [$usrgrpid]"); */ - return FALSE; + return FALSE; + } + + + function change_group_status($usrgrpid,$users_status){ + $res = false; + + $grant = true; + if($users_status == GROUP_STATUS_DISABLED) $grant = granted2update_group($usrgrpid); + + if($grant){ + $res = DBexecute('UPDATE usrgrp SET users_status='.$users_status.' WHERE usrgrpid='.$usrgrpid); + } + else{ + error(S_USER_CANNOT_CHANGE_STATUS); + } + return $res; + } + + + function change_group_gui_access($usrgrpid,$gui_access){ + $res = false; + + $grant = true; + if($gui_access == GROUP_GUI_ACCESS_DISABLED) $grant= granted2update_group($usrgrpid); + + if($grant){ + $res = DBexecute('UPDATE usrgrp SET gui_access='.$gui_access.' WHERE usrgrpid='.$usrgrpid); + } + else{ + error(S_USER_CANNOT_CHANGE_GUI_ACCESS); + } + return $res; } + +/********************************/ + + function get_user_actionmenu($userid){ + global $USER_DETAILS; + + $action = new CSpan(S_SELECT); + +// add to group + $menus = "Array(Array('".S_GROUPS."',null,null,{'outer' : ['pum_oheader'],'inner' : ['pum_iheader']}), + Array('".S_ADD_TO."',null,null,{'outer' : ['pum_o_submenu'],'inner' : ['pum_i_submenu']},"; + $menus.= "['".S_GROUPS."',null,null,{'outer' : ['pum_oheader'],'inner' : ['pum_iheader']}],"; + + $grp_list = '('; + if($res = DBselect('SELECT DISTINCT ug.usrgrpid '. + ' FROM users_groups ug'. + ' WHERE ug.userid='.zbx_dbstr($userid). + ' AND '.DBin_node('ug.usrgrpid', get_current_nodeid(false)))) + { + while($tmp = DBFetch($res)) $grp_list.= "'".$tmp['usrgrpid']."'".','; + } + $grp_list=rtrim($grp_list,',').')'; + + $res = DBselect('SELECT DISTINCT g.usrgrpid, g.name, g.gui_access, g.users_status'. + ' FROM usrgrp g'. + ' WHERE g.usrgrpid NOT IN'.$grp_list. + ' AND '.DBin_node('g.usrgrpid', get_current_nodeid(false)). + ' ORDER BY g.name'); + + while($group=DBfetch($res)){ + if(!granted2move_user($userid,$group['usrgrpid'])) continue; + + $caption = new CSpan($group['name']); + if($group['users_status'] == GROUP_STATUS_DISABLED){ + $caption->SetClass('red'); + } + else if($group['gui_access'] == GROUP_GUI_ACCESS_DISABLED){ + $caption->SetClass('orange'); + } + + $caption = htmlspecialchars(unpack_object($caption)); + $menus.="['".$caption."','users.php?config=0&form=update&grpaction=1&userid=".$userid."&usrgrpid=".$group['usrgrpid']."']\n,"; + } + + $menus=rtrim($menus,',').'),'; +// remove from group + $menus.= "Array('".S_REMOVE_FROM."',null,null,{'outer' : 'pum_o_submenu','inner' : ['pum_i_submenu']},"; + $menus.= "['".S_GROUPS."',null,null,{'outer' : ['pum_oheader'],'inner' : ['pum_iheader']}],"; + + $res = DBselect('SELECT DISTINCT g.usrgrpid, g.name, g.gui_access, g.users_status '. + ' FROM usrgrp g, users_groups ug'. + ' WHERE ug.userid='.zbx_dbstr($userid). + ' AND ug.usrgrpid = g.usrgrpid '. + ' AND '.DBin_node('g.usrgrpid', get_current_nodeid(false)). + ' ORDER BY g.name'); + + while($group=DBfetch($res)){ + if(!granted2move_user($userid,$group['usrgrpid'])) continue; + + $caption = new CSpan($group['name']); + if($group['users_status'] == GROUP_STATUS_DISABLED){ + $caption->SetClass('red'); + } + else if($group['gui_access'] == GROUP_GUI_ACCESS_DISABLED){ + $caption->SetClass('orange'); + } + + $caption = htmlspecialchars(unpack_object($caption)); + $menus.="['".$caption."','users.php?config=0&form=update&grpaction=0&userid=".$userid."&usrgrpid=".$group['usrgrpid']."']\n,"; + } + + $menus=rtrim($menus,',').'),'; + if($USER_DETAILS['userid'] == $userid){ + $menus=rtrim($menus,',').')'; + } + else{ +// add to GUI ACCESS + $menus.= "Array('".S_GUI_ACCESS."',null,null,{'outer' : ['pum_oheader'],'inner' : ['pum_iheader']}), + Array('".S_ADD_TO."',null,null,{'outer' : 'pum_o_submenu','inner' : ['pum_i_submenu']},"; + $menus.= "['".S_GUI_ACCESS."',null,null,{'outer' : ['pum_oheader'],'inner' : ['pum_iheader']}],"; + + $grp_list = '('; + if($res = DBselect('SELECT DISTINCT ug.usrgrpid '. + ' FROM users_groups ug, usrgrp g'. + ' WHERE ug.userid='.zbx_dbstr($userid). + ' AND g.gui_access='.GROUP_GUI_ACCESS_DISABLED. + ' AND '.DBin_node('g.usrgrpid', get_current_nodeid(false)))) + { + while($tmp = DBFetch($res)) $grp_list.= "'".$tmp['usrgrpid']."'".','; + } + $grp_list=rtrim($grp_list,',').')'; + + $res = DBselect('SELECT DISTINCT g.usrgrpid, g.name'. + ' FROM usrgrp g'. + ' WHERE g.usrgrpid NOT IN'.$grp_list. + ' AND g.gui_access='.GROUP_GUI_ACCESS_DISABLED. + ' AND '.DBin_node('g.usrgrpid', get_current_nodeid(false)). + ' ORDER BY g.name'); + + while($group=DBfetch($res)){ + $caption = new CSpan($group['name'],'orange'); + $caption = htmlspecialchars(unpack_object($caption)); + $menus.="['".$caption."','users.php?config=0&form=update&grpaction=1&userid=".$userid."&usrgrpid=".$group['usrgrpid']."']\n,"; + } + + $menus=rtrim($menus,',').'),'; +// remove from GUI ACCESS + $menus.= "Array('".S_REMOVE_FROM."',null,null,{'outer' : 'pum_o_submenu','inner' : ['pum_i_submenu']},"; + $menus.= "['".S_GUI_ACCESS."',null,null,{'outer' : ['pum_oheader'],'inner' : ['pum_iheader']}],"; + + $res = DBselect('SELECT g.name, g.usrgrpid'. + ' FROM usrgrp g, users_groups ug'. + ' WHERE ug.userid='.zbx_dbstr($userid). + ' AND ug.usrgrpid = g.usrgrpid '. + ' AND g.gui_access='.GROUP_GUI_ACCESS_DISABLED. + ' AND '.DBin_node('g.usrgrpid', get_current_nodeid(false)). + ' ORDER BY g.name'); + + while($group=DBfetch($res)){ + $caption = new CSpan($group['name'],'orange'); + $caption = htmlspecialchars(unpack_object($caption)); + + $menus.="['".$caption."','users.php?config=0&form=update&grpaction=0&userid=".$userid."&usrgrpid=".$group['usrgrpid']."']\n,"; + } + + $menus=rtrim($menus,',').'),'; + +// add to DISABLED + $menus.= "Array('".S_STATUS_DISABLED."',null,null,{'outer' : ['pum_oheader'],'inner' : ['pum_iheader']}), + Array('".S_ADD_TO."',null,null,{'outer' : 'pum_o_submenu','inner' : ['pum_i_submenu']},"; + $menus.= "['".S_STATUS_DISABLED."',null,null,{'outer' : ['pum_oheader'],'inner' : ['pum_iheader']}],"; + + $grp_list = '('; + if($res = DBselect('SELECT DISTINCT ug.usrgrpid '. + ' FROM users_groups ug, usrgrp g'. + ' WHERE ug.userid='.zbx_dbstr($userid). + ' AND g.users_status='.GROUP_STATUS_DISABLED. + ' AND '.DBin_node('g.usrgrpid', get_current_nodeid(false)))) + { + while($tmp = DBFetch($res)) $grp_list.= "'".$tmp['usrgrpid']."'".','; + } + $grp_list=rtrim($grp_list,',').')'; + + $res = DBselect('SELECT DISTINCT g.usrgrpid, g.name'. + ' FROM usrgrp g'. + ' WHERE g.usrgrpid NOT IN'.$grp_list. + ' AND g.users_status='.GROUP_STATUS_DISABLED. + ' AND '.DBin_node('g.usrgrpid', get_current_nodeid(false)). + ' ORDER BY g.name'); + + while($group=DBfetch($res)){ + $caption = new CSpan($group['name'],'red'); + $caption = htmlspecialchars(unpack_object($caption)); + + $menus.="['".$caption."','users.php?config=0&form=update&grpaction=1&userid=".$userid."&usrgrpid=".$group['usrgrpid']."']\n,"; + } + + $menus=rtrim($menus,',').'),'; +// remove from DISABLED + $menus.= "Array('".S_REMOVE_FROM."',null,null,{'outer' : 'pum_o_submenu','inner' : ['pum_i_submenu']},"; + $menus.= "['".S_STATUS_DISABLED."',null,null,{'outer' : ['pum_oheader'],'inner' : ['pum_iheader']}],"; + + $res = DBselect('SELECT g.name, g.usrgrpid'. + ' FROM usrgrp g, users_groups ug'. + ' WHERE ug.userid='.zbx_dbstr($userid). + ' AND ug.usrgrpid = g.usrgrpid '. + ' AND g.users_status='.GROUP_STATUS_DISABLED. + ' AND '.DBin_node('g.usrgrpid', get_current_nodeid(false)). + ' ORDER BY g.name'); + + + while($group=DBfetch($res)){ + $caption = new CSpan($group['name'],'red'); + $caption = htmlspecialchars(unpack_object($caption)); + + $menus.="['".$caption."','users.php?config=0&form=update&grpaction=0&userid=".$userid."&usrgrpid=".$group['usrgrpid']."']\n,"; + } + + $menus=rtrim($menus,',').'))'; + } + + $script = new CScript("javascript: show_popup_menu(event,".$menus.",240);"); + $action->AddAction('onclick',$script); + $action->AddOption('onmouseover','javascript: this.style.cursor = "pointer";'); + + return $action; + } + ?> -- cgit