← Back to branch summary

~ubuntu-dev/ubuntu/lucid/zabbix/lucid-201002110857

« back to all changes in this revision

Viewing changes to frontends/php/include/perm.inc.php

  • Committer: Bazaar Package Importer
  • Author(s): Michael Ablassmeier
  • Date: 2007-07-02 09:06:51 UTC
  • mfrom: (1.1.4 upstream)
  • Revision ID: james.westby@ubuntu.com-20070702090651-8l6fl3fjw9rh6l2u
Tags: 1:1.4.1-2
Add patch from SVN in order to fix Incorrect processing of character '%'
in user parameters and remote commands.

Show diffs side-by-side

added added

removed removed

Lines of Context:
frontends/php/include/perm.inc.php
19
19
**/
20
20
?>
21
21
<?php
22
 
 
23
 
 
24
 
define("ANY_ELEMENT_RIGHT",     -1);
25
 
define("GROUP_RIGHT",           0);
 
22
        require_once "include/db.inc.php";
 
23
 
 
24
        function        permission2str($group_permission)
 
25
        {
 
26
                $str_perm[PERM_READ_WRITE]      = S_READ_WRITE;
 
27
                $str_perm[PERM_READ_ONLY]       = S_READ_ONLY;
 
28
                $str_perm[PERM_DENY]            = S_DENY;
 
29
 
 
30
                if(isset($str_perm[$group_permission]))
 
31
                        return $str_perm[$group_permission];
 
32
 
 
33
                return S_UNKNOWN;
 
34
        }
 
35
 
 
36
/*****************************************
 
37
        CHECK USER AUTHORISATION
 
38
*****************************************/
26
39
 
27
40
        function        check_authorisation()
28
41
        {
29
42
                global  $page;
30
43
                global  $PHP_AUTH_USER,$PHP_AUTH_PW;
31
44
                global  $USER_DETAILS;
32
 
                global  $USER_RIGHTS;
33
 
                global  $_COOKIE;
34
45
                global  $_REQUEST;
 
46
                global  $ZBX_LOCALNODEID;
35
47
 
36
48
                $USER_DETAILS = NULL;
37
 
                $USER_RIGHTS = array();
38
 
 
39
 
                if(isset($_COOKIE["zbx_sessionid"]))
 
49
                
 
50
                $sessionid = get_cookie("zbx_sessionid");
 
51
                
 
52
                if( !is_null($sessionid))
40
53
                {
41
 
                        $sessionid = $_COOKIE["zbx_sessionid"];
42
 
                        $USER_DETAILS = DBfetch(DBselect("select u.*,s.* from sessions s,users u".
 
54
                        if(!($USER_DETAILS = DBfetch(DBselect("select u.*,s.* from sessions s,users u".
43
55
                                " where s.sessionid=".zbx_dbstr($sessionid)." and s.userid=u.userid".
44
 
                                " and ((s.lastaccess+u.autologout>".time().") or (u.autologout=0))"));
45
 
 
46
 
                        if(!$USER_DETAILS)
 
56
                                " and ((s.lastaccess+u.autologout>".time().") or (u.autologout=0))".
 
57
                                " and ".DBid2nodeid('u.userid')." = ".$ZBX_LOCALNODEID))))
47
58
                        {
48
 
                                $USER_DETAILS = array("alias"=>"- unknown -","userid"=>0);
49
 
 
50
 
                                setcookie("zbx_sessionid",$sessionid,time()-3600);
51
 
                                unset($_COOKIE["zbx_sessionid"]);
 
59
                                zbx_unsetcookie('zbx_sessionid');
 
60
                                DBexecute("delete from sessions where sessionid=".zbx_dbstr($sessionid));
52
61
                                unset($sessionid);
53
62
 
54
 
                                show_header("Login",0,0,1);
55
 
                                show_error_message("Session was ended, please relogin!");
56
 
                                show_page_footer();
57
 
                                exit;
58
 
                        }
59
 
                } else {
60
 
                        $USER_DETAILS = DBfetch(DBselect("select u.* from users u where u.alias='guest'"));
 
63
                                $incorrect_session = true;
 
64
                        }
 
65
                        else
 
66
                        {
 
67
                                zbx_setcookie("zbx_sessionid",$sessionid);
 
68
                                DBexecute("update sessions set lastaccess=".time()." where sessionid=".zbx_dbstr($sessionid));
 
69
                        }
 
70
                }
 
71
                
 
72
                if(!$USER_DETAILS)
 
73
                {
 
74
                        if(!($USER_DETAILS = DBfetch(DBselect("select u.* from users u where u.alias='guest'".
 
75
                                " and ".DBid2nodeid('u.userid')."=$ZBX_LOCALNODEID"))))
 
76
                        {
 
77
                                $missed_user_guest = true;
 
78
                        }
61
79
                }
62
80
 
63
81
                if($USER_DETAILS)
64
82
                {
65
 
                        if(isset($sessionid))
66
 
                        {
67
 
                                setcookie("zbx_sessionid",$sessionid);
68
 
                                DBexecute("update sessions set lastaccess=".time()." where sessionid=".zbx_dbstr($sessionid));
69
 
                        }
70
 
 
71
 
                        $USER_RIGHTS = array();
72
 
 
73
 
                        $db_rights = DBselect("select * from rights where userid=".$USER_DETAILS["userid"]);
74
 
                        while($db_right = DBfetch($db_rights))
75
 
                        {
76
 
                                $usr_right = array(
77
 
                                        "name"=>        $db_right["name"],
78
 
                                        "id"=>          $db_right["id"],
79
 
                                        "permission"=>  $db_right["permission"]
80
 
                                        );
81
 
 
82
 
                                array_push($USER_RIGHTS,$usr_right);
83
 
                        }
84
 
                        return;
 
83
                        $USER_DETAILS['node'] = DBfetch(DBselect('select * from nodes where nodeid='.id2nodeid($USER_DETAILS['userid'])));
 
84
                        if(empty($USER_DETAILS['node']))
 
85
                        {
 
86
                                $USER_DETAILS['node']['name'] = '- unknown -';
 
87
                                $USER_DETAILS['node']['nodeid'] = $ZBX_LOCALNODEID;
 
88
                        }
85
89
                }
86
90
                else
87
91
                {
88
 
                        $USER_DETAILS = array("alias"=>"- unknown -","userid"=>0);
89
 
                }
90
 
 
91
 
                // Incorrect login
92
 
 
93
 
                if(isset($sessionid))
94
 
                {
95
 
                        setcookie("zbx_sessionid",$sessionid,time()-3600);
96
 
                        unset($_COOKIE["zbx_sessionid"]);
97
 
                }
98
 
 
99
 
                if($page["file"]!="index.php")
100
 
                {
101
 
                        echo "<meta http-equiv=\"refresh\" content=\"0; url=index.php\">";
 
92
                        $USER_DETAILS = array(
 
93
                                "alias" =>"guest",
 
94
                                "userid"=>0,
 
95
                                "lang"  =>"en_gb",
 
96
                                "type"  =>"0",
 
97
                                "node"  =>array(
 
98
                                        "name"  =>'- unknown -',
 
99
                                        "nodeid"=>0));
 
100
                }
 
101
                
 
102
                if(isset($incorrect_session) || isset($missed_user_guest))
 
103
                {
 
104
                        if(isset($incorrect_session))           $message = "Session was ended, please relogin!";
 
105
                        else if(isset($missed_user_guest))      $message = "Database corrupted, missed default user 'guest'";
 
106
                        
 
107
                        global $_REQUEST;
 
108
 
 
109
                        if(!isset($_REQUEST['message'])) $_REQUEST['message'] = $message;
 
110
                        
 
111
                        include('index.php');
102
112
                        exit;
103
113
                }
104
 
                show_header("Login",0,0,1);
105
 
                show_error_message("Login name or password is incorrect");
106
 
                insert_login_form();
107
 
                show_page_footer();
108
 
                
109
 
                exit;
110
 
        }
111
 
 
112
 
        function        permission2int($permission)
113
 
        {
114
 
                $int_rights = array(
115
 
                        "A" => 3,
116
 
                        "U" => 2,
117
 
                        "R" => 1,
118
 
                        "H" => 0
119
 
                        );
120
 
 
121
 
                if(isset($int_rights[$permission])) 
122
 
                        return ($int_rights[$permission]);
123
 
 
124
 
                return ($int_rights["R"]);
125
 
        }
126
 
 
127
 
        function        permission_min($permission1, $permission2) // NOTE: only for integer permissions !!! see: permission2int
128
 
        {
129
 
                if(is_null($permission1) && is_null($permission2)) return NULL;
130
 
                if(is_null($permission1))       return $permission2;
131
 
                if(is_null($permission2))       return $permission1;
132
 
                return min($permission1,$permission2);
133
 
        }
134
 
        function        permission_max($permission1, $permission2) // NOTE: only for integer permissions !!! see: permission2int
135
 
        {
136
 
                if(is_null($permission1) && is_null($permission2)) return NULL;
137
 
                if(is_null($permission1))       return $permission2;
138
 
                if(is_null($permission2))       return $permission1;
139
 
                return max($permission1,$permission2);
140
 
        }
141
 
 
142
 
        function        check_right($right,$permission,$id = GROUP_RIGHT)
143
 
        {
144
 
                global $USER_RIGHTS;
145
 
 
146
 
                $default_permission = permission2int("H");
147
 
                $group_permission = NULL;
148
 
                $id_permission = NULL;
149
 
                $any_permission = NULL;
150
 
 
151
 
                $permission = permission2int($permission);
152
 
 
153
 
                if(count($USER_RIGHTS) > 0)
154
 
                {
155
 
                        foreach($USER_RIGHTS as $usr_right)
156
 
                        {
157
 
                                $int_permision = permission2int($usr_right["permission"]);
158
 
                                if($usr_right["name"] == $right) {
159
 
 
160
 
                                        if($usr_right["id"] == $id)
161
 
                                                $id_permission = permission_max($id_permission, $int_permision);
162
 
                                        if($usr_right["id"] == GROUP_RIGHT)
163
 
                                                $group_permission = permission_max($group_permission, $int_permision);
164
 
                                        else
165
 
                                                $any_permission = permission_max($any_permission, $int_permision);
166
 
                                }
167
 
                                if($usr_right["name"] == 'Default permission') 
168
 
                                {
169
 
                                        $default_permission = permission_max($default_permission, $int_permision);
170
 
                                }
171
 
                        }
172
 
                }
173
 
 
174
 
                if($id == ANY_ELEMENT_RIGHT)
175
 
                        $access = permission_max($any_permission, $default_permission);
176
 
                else
177
 
                        $access = $id_permission;
178
 
                
179
 
                if(is_null($access))    $access = $group_permission;
180
 
                if(is_null($access))    $access = $default_permission;
181
 
 
182
 
 
183
 
//SDI($right.": ".$access." >= ".$permission);
184
 
                return (($access >= $permission) ? 1 : 0);
185
 
        }
186
 
 
187
 
        function        check_anyright($right,$permission)
188
 
        {
189
 
                return check_right($right,$permission, ANY_ELEMENT_RIGHT);
190
 
        }
191
 
 
 
114
        }
 
115
 
 
116
/***********************************************
 
117
        GET ACCESSIBLE RESOURCES BY USERID
 
118
************************************************/
 
119
        function        perm_mode2comparator($perm_mode)
 
120
        {
 
121
                switch($perm_mode)
 
122
                {
 
123
                        case PERM_MODE_NE:      $perm_mode = '!='; break;
 
124
                        case PERM_MODE_EQ:      $perm_mode = '=='; break;
 
125
                        case PERM_MODE_GT:      $perm_mode = '>'; break;
 
126
                        case PERM_MODE_LT:      $perm_mode = '<'; break;
 
127
                        case PERM_MODE_LE:      $perm_mode = '<='; break;
 
128
                        case PERM_MODE_GE:
 
129
                        default:                $perm_mode = '>='; break;
 
130
                }
 
131
                return $perm_mode;
 
132
        }
 
133
 
 
134
        function        get_accessible_hosts_by_user(&$user_data,$perm,$perm_mode=null,$perm_res=null,$nodeid=null,$hostid=null)
 
135
        {
 
136
                if(is_null($perm_res))          $perm_res       = PERM_RES_STRING_LINE;
 
137
                if($perm == PERM_READ_LIST)     $perm           = PERM_READ_ONLY;
 
138
 
 
139
                $result = array();
 
140
 
 
141
                $userid =& $user_data['userid'];
 
142
                $user_type =& $user_data['type'];
 
143
 
 
144
                if(!isset($userid)) fatal_error('Incorrect user data in "get_accessible_hosts_by_user"');
 
145
 
 
146
                switch($perm_res)
 
147
                {
 
148
                        case PERM_RES_DATA_ARRAY:       $resdata = '$host_data'; break;
 
149
                        default:                        $resdata = '$host_data["hostid"]'; break;
 
150
                }
 
151
 
 
152
COpt::counter_up('perm_host['.$userid.','.$perm.','.$perm_mode.','.$perm_res.','.$nodeid.']');
 
153
COpt::counter_up('perm');
 
154
 
 
155
                $where = array();
 
156
 
 
157
                if(is_array($nodeid))   array_push($where, DBid2nodeid('h.hostid').' in ('.implode(',', $nodeid).') ');
 
158
                elseif(isset($nodeid))  array_push($where, DBid2nodeid('h.hostid').' in ('.$nodeid.') ');
 
159
        
 
160
                if(is_array($hostid))   array_push($where, ' h.hostid in ('.implode(',', $hostid).') ');
 
161
                elseif(isset($hostid))  array_push($where, ' h.hostid in ('.$hostid.') ');
 
162
 
 
163
                if(count($where))       $where = ' where '.implode(' and ',$where);
 
164
                else                    $where = '';
 
165
        
 
166
                $db_hosts = DBselect('select distinct n.nodeid,n.name as node_name,h.hostid,h.host, min(r.permission) as permission,ug.userid '.
 
167
                        ' from hosts h left join hosts_groups hg on hg.hostid=h.hostid '.
 
168
                        ' left join groups g on g.groupid=hg.groupid '.
 
169
                        ' left join rights r on r.id=g.groupid and r.type='.RESOURCE_TYPE_GROUP.
 
170
                        ' left join users_groups ug on ug.usrgrpid=r.groupid and ug.userid='.$userid.
 
171
                        ' left join nodes n on '.DBid2nodeid('h.hostid').'=n.nodeid '.
 
172
                        $where.' group by h.hostid,n.nodeid,n.name,h.host,ug.userid '.
 
173
                        ' order by n.name,n.nodeid, h.host, permission desc, userid desc');
 
174
 
 
175
                $processed = array();
 
176
                while($host_data = DBfetch($db_hosts))
 
177
                {
 
178
                        $host_data += DBfetch(DBselect('select * from hosts where hostid='.$host_data['hostid']));
 
179
 
 
180
                        if(is_null($host_data['nodeid'])) $host_data['nodeid'] = id2nodeid($host_data['hostid']);
 
181
 
 
182
                        /* if no rights defined used node rights */
 
183
                        if( (is_null($host_data['permission']) || is_null($host_data['userid'])) )
 
184
                        {
 
185
                                if( isset($processed[$host_data['hostid']]) )
 
186
                                        continue;
 
187
 
 
188
                                if(!isset($nodes))
 
189
                                {
 
190
                                        $nodes = get_accessible_nodes_by_user($user_data,
 
191
                                                PERM_DENY,PERM_MODE_GE,PERM_RES_DATA_ARRAY);
 
192
                                }
 
193
                                if( !isset($nodes[$host_data['nodeid']]) || $user_type==USER_TYPE_ZABBIX_USER )
 
194
                                        $host_data['permission'] = PERM_DENY;
 
195
                                else
 
196
                                        $host_data['permission'] = $nodes[$host_data['nodeid']]['permission'];
 
197
                        }
 
198
 
 
199
                        $processed[$host_data['hostid']] = true;
 
200
 
 
201
                        if(eval('return ('.$host_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;'))
 
202
                                continue;
 
203
 
 
204
                        $result[$host_data['hostid']] = eval('return '.$resdata.';');
 
205
                }
 
206
 
 
207
                unset($processed, $host_data, $db_hosts);
 
208
 
 
209
                if($perm_res == PERM_RES_STRING_LINE) 
 
210
                {
 
211
                        if(count($result) == 0) 
 
212
                                $result = '-1';
 
213
                        else
 
214
                                $result = implode(',',$result);
 
215
                }
 
216
 
 
217
                return $result;
 
218
        }
 
219
 
 
220
        function        get_accessible_groups_by_user($user_data,$perm,$perm_mode=null,$perm_res=null,$nodeid=null)
 
221
        {
 
222
                global $ZBX_LOCALNODEID;
 
223
 
 
224
                if(is_null($perm_mode))         $perm_mode      = PERM_MODE_GE;
 
225
                if(is_null($perm_res))          $perm_res       = PERM_RES_STRING_LINE;
 
226
 
 
227
                $result = array();
 
228
 
 
229
                $userid =& $user_data['userid'];
 
230
                if(!isset($userid)) fatal_error('Incorrect user data in "get_accessible_groups_by_user"');
 
231
                $user_type =& $user_data['type'];
 
232
 
 
233
                switch($perm_res)
 
234
                {
 
235
                        case PERM_RES_DATA_ARRAY:       $resdata = '$group_data'; break;
 
236
                        default:                        $resdata = '$group_data["groupid"]'; break;
 
237
                }
 
238
 
 
239
COpt::counter_up('perm_group['.$userid.','.$perm.','.$perm_mode.','.$perm_res.','.$nodeid.']');
 
240
COpt::counter_up('perm');
 
241
 
 
242
                $where = array();
 
243
 
 
244
                if(is_array($nodeid))   array_push($where, DBid2nodeid('hg.groupid').' in ('.implode(',', $nodeid).') ');
 
245
                elseif(isset($nodeid))  array_push($where, DBid2nodeid('hg.groupid').' in ('.$nodeid.') ');
 
246
        
 
247
                if(count($where))       $where = ' where '.implode(' and ',$where);
 
248
                else                    $where = '';
 
249
        
 
250
                /* if no rights defined used node rights */
 
251
                $db_groups = DBselect('select n.nodeid as nodeid,n.name as node_name,hg.groupid,hg.name,min(r.permission) as permission,g.userid'.
 
252
                        ' from groups hg left join rights r on r.id=hg.groupid and r.type='.RESOURCE_TYPE_GROUP.
 
253
                        ' left join users_groups g on r.groupid=g.usrgrpid and g.userid='.$userid.
 
254
                        ' left join nodes n on '.DBid2nodeid('hg.groupid').'=n.nodeid '.
 
255
                        $where.' group by n.nodeid, n.name, hg.groupid, hg.name, g.userid, g.userid '.
 
256
                        ' order by n.name, hg.name, permission desc');
 
257
 
 
258
                $processed = array();
 
259
                while($group_data = DBfetch($db_groups))
 
260
                {
 
261
                        if(is_null($group_data['nodeid'])) $group_data['nodeid'] = id2nodeid($group_data['groupid']);
 
262
 
 
263
                        /* deny if no rights defined */
 
264
                        if( is_null($group_data['permission']) || is_null($group_data['userid']) )
 
265
                        {
 
266
                                if(isset($processed[$group_data['groupid']]))
 
267
                                        continue;
 
268
 
 
269
                                if(!isset($nodes))
 
270
                                {
 
271
                                        $nodes = get_accessible_nodes_by_user($user_data,
 
272
                                                PERM_DENY,PERM_MODE_GE,PERM_RES_DATA_ARRAY);
 
273
                                }
 
274
 
 
275
                                if( !isset($nodes[$group_data['nodeid']]) || $user_type==USER_TYPE_ZABBIX_USER )
 
276
                                        $group_data['permission'] = PERM_DENY;
 
277
                                else
 
278
                                        $group_data['permission'] = $nodes[$group_data['nodeid']]['permission'];
 
279
                        }
 
280
 
 
281
//                      $processed[$group_data['permission']] = true;
 
282
                        $processed[$group_data['groupid']] = true;
 
283
 
 
284
                        if(eval('return ('.$group_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;'))
 
285
                                continue;
 
286
 
 
287
                        $result[$group_data['groupid']] = eval('return '.$resdata.';');
 
288
                }
 
289
 
 
290
                unset($processed, $group_data, $db_groups);
 
291
 
 
292
                if($perm_res == PERM_RES_STRING_LINE) 
 
293
                {
 
294
                        if(count($result) == 0) 
 
295
                                $result = '-1';
 
296
                        else
 
297
                                $result = implode(',',$result);
 
298
                }
 
299
 
 
300
                return $result;
 
301
        }
 
302
 
 
303
        function        get_accessible_nodes_by_user(&$user_data,$perm,$perm_mode=null,$perm_res=null,$nodeid=null)
 
304
        {
 
305
                global $ZBX_LOCALNODEID;
 
306
 
 
307
                if(is_null($perm_mode)) $perm_mode=PERM_MODE_GE;
 
308
                if(is_null($perm_res))  $perm_res=PERM_RES_STRING_LINE;
 
309
 
 
310
                $userid         =& $user_data['userid'];
 
311
                $user_type      =& $user_data['type'];
 
312
                if(!isset($userid)) fatal_error('Incorrect user data in "get_accessible_nodes_by_user"');
 
313
 
 
314
                $result= array();
 
315
 
 
316
                switch($perm_res)
 
317
                {
 
318
                        case PERM_RES_DATA_ARRAY:       $resdata = '$node_data'; break;
 
319
                        default:                        $resdata = '$node_data["nodeid"]'; break;
 
320
                }
 
321
 
 
322
COpt::counter_up('perm_nodes['.$userid.','.$perm.','.$perm_mode.','.$perm_res.','.$nodeid.']');
 
323
COpt::counter_up('perm');
 
324
 
 
325
                if(is_null($nodeid))            $where_nodeid = '';
 
326
                else if(is_array($nodeid))      $where_nodeid = ' where n.nodeid in ('.implode(',', $nodeid).') ';
 
327
                else                            $where_nodeid = ' where  n.nodeid in ('.$nodeid.') ';
 
328
 
 
329
 
 
330
                $db_nodes = DBselect('select n.nodeid,min(r.permission) as permission, g.userid'.
 
331
                        ' from nodes n left join rights r on r.id=n.nodeid and r.type='.RESOURCE_TYPE_NODE.
 
332
                        ' left join users_groups g on r.groupid=g.usrgrpid and g.userid='.$userid.
 
333
                        $where_nodeid.' group by n.nodeid, g.userid order by nodeid desc, userid desc, permission desc');
 
334
 
 
335
                while(($node_data = DBfetch($db_nodes)) || (!isset($do_break) && !ZBX_DISTRIBUTED))
 
336
                {
 
337
                        if($node_data && $perm_res == PERM_RES_DATA_ARRAY)
 
338
                        {
 
339
                                $node_data += DBfetch(DBselect('select * from nodes where nodeid='.$node_data['nodeid']));
 
340
                        }
 
341
 
 
342
                        if($node_data && isset($processed_nodeids[$node_data["nodeid"]])) continue;
 
343
 
 
344
                        if(!ZBX_DISTRIBUTED)
 
345
                        {
 
346
                                if(!$node_data)
 
347
                                {
 
348
                                        $node_data = array(
 
349
                                                'nodeid'        => $ZBX_LOCALNODEID,
 
350
                                                'name'          => 'local',
 
351
                                                'permission'    => PERM_READ_WRITE,
 
352
                                                'userid'        => null
 
353
                                                );
 
354
 
 
355
                                        $do_break = true;
 
356
 
 
357
                                        if(is_array($nodeid) && !in_array($node_data['nodeid'],$nodeid))        continue;
 
358
                                        else if(isset($nodeid) and $node_data['nodeid'] != $nodeid)             continue;
 
359
                                }
 
360
                                else
 
361
                                {
 
362
                                        $node_data['permission'] = PERM_DENY;
 
363
                                }
 
364
                        }
 
365
 
 
366
                        $processed_nodeids[$node_data["nodeid"]] = $node_data["nodeid"];
 
367
 
 
368
                        /* deny if no rights defined (for local node read/write)*/
 
369
                        if(is_null($node_data['permission']) || is_null($node_data['userid']))
 
370
                        {
 
371
                                if($user_type == USER_TYPE_SUPER_ADMIN)
 
372
                                        $node_data['permission'] = PERM_READ_WRITE;
 
373
                                else
 
374
                                        $node_data['permission'] = 
 
375
                                                ($node_data['nodeid'] == $ZBX_LOCALNODEID) ? PERM_READ_WRITE : PERM_DENY;
 
376
                        }
 
377
 
 
378
                        /* special processing for PERM_READ_LIST*/
 
379
                        if(PERM_DENY == $node_data['permission'] && PERM_READ_LIST == $perm)
 
380
                        {
 
381
                                $groups = get_accessible_groups_by_user($user_data,
 
382
                                        $perm, PERM_MODE_GE,PERM_RES_DATA_ARRAY,$node_data['nodeid']);
 
383
                                if(count($groups) == 0)  continue;
 
384
                        }
 
385
                        else
 
386
                        {
 
387
                                if(eval('return ('.$node_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;'))
 
388
                                        continue;
 
389
                        }
 
390
 
 
391
                        $result[$node_data["nodeid"]] = eval('return '.$resdata.';');
 
392
                }
 
393
 
 
394
                if($perm_res == PERM_RES_STRING_LINE) 
 
395
                {
 
396
                        if(count($result) == 0) 
 
397
                                $result = '-1';
 
398
                        else
 
399
                                $result = implode(',',$result);
 
400
                }
 
401
 
 
402
                return $result;
 
403
        }
 
404
 
 
405
/***********************************************
 
406
        GET ACCESSIBLE RESOURCES BY RIGHTS
 
407
************************************************/
 
408
        /* NOTE: right structure is
 
409
 
 
410
                $rights[i]['type']      = type of resource
 
411
                $rights[i]['permission']= permission for resource
 
412
                $rights[i]['id']        = resource id
 
413
                
 
414
        */
 
415
 
 
416
        function        get_accessible_hosts_by_rights(&$rights,$user_type,$perm,$perm_mode=null,$perm_res=null,$nodeid=null)
 
417
        {
 
418
                if(is_null($perm_res))          $perm_res       = PERM_RES_STRING_LINE;
 
419
                if($perm == PERM_READ_LIST)     $perm           = PERM_READ_ONLY;
 
420
 
 
421
                $result = array();
 
422
 
 
423
                switch($perm_res)
 
424
                {
 
425
                        case PERM_RES_DATA_ARRAY:       $resdata = '$host_data'; break;
 
426
                        default:                        $resdata = '$host_data["hostid"]'; break;
 
427
                }
 
428
 
 
429
                $where = array();
 
430
 
 
431
                if(is_array($nodeid))   array_push($where, DBid2nodeid('h.hostid').' in ('.implode(',', $nodeid).') ');
 
432
                elseif(isset($nodeid))  array_push($where, DBid2nodeid('h.hostid').' in ('.$nodeid.') ');
 
433
        
 
434
                if(count($where))       $where = ' where '.implode(' and ',$where);
 
435
                else                    $where = '';
 
436
 
 
437
                $db_hosts = DBselect('select n.nodeid as nodeid,n.name as node_name,hg.groupid as groupid,h.* '.
 
438
                        ' from hosts h left join hosts_groups hg on hg.hostid=h.hostid '.
 
439
                        ' left join nodes n on n.nodeid='.DBid2nodeid('h.hostid').
 
440
                        $where.' order by n.name,h.host');
 
441
 
 
442
                $res_perm = array();
 
443
                foreach($rights as $right)
 
444
                {
 
445
                        $res_perm[$right['type']][$right['id']] = $right['permission'];
 
446
                }
 
447
 
 
448
                $host_perm = array();
 
449
 
 
450
                while($host_data = DBfetch($db_hosts))
 
451
                {
 
452
                        if(isset($host_data['groupid']) && isset($res_perm[RESOURCE_TYPE_GROUP][$host_data['groupid']]))
 
453
                        {
 
454
                                $host_perm[$host_data['hostid']][RESOURCE_TYPE_GROUP][$host_data['groupid']] =
 
455
                                        $res_perm[RESOURCE_TYPE_GROUP][$host_data['groupid']];
 
456
                        }
 
457
 
 
458
                        if(isset($res_perm[RESOURCE_TYPE_NODE][$host_data['nodeid']]))
 
459
                        {
 
460
                                $host_perm[$host_data['hostid']][RESOURCE_TYPE_NODE] = $res_perm[RESOURCE_TYPE_NODE][$host_data['nodeid']];
 
461
                        }
 
462
                        $host_perm[$host_data['hostid']]['data'] = $host_data;
 
463
 
 
464
                }
 
465
 
 
466
                foreach($host_perm as $hostid => $host_data)
 
467
                {
 
468
                        $host_data = $host_data['data'];
 
469
 
 
470
                        if(isset($host_perm[$hostid][RESOURCE_TYPE_GROUP]))
 
471
                        {
 
472
                                $host_data['permission'] = min($host_perm[$hostid][RESOURCE_TYPE_GROUP]);
 
473
                        }
 
474
                        else if(isset($host_perm[$hostid][RESOURCE_TYPE_NODE]))
 
475
                        {
 
476
                                $host_data['permission'] = $host_perm[$hostid][RESOURCE_TYPE_NODE];
 
477
                        }
 
478
                        else
 
479
                        {
 
480
                                if(is_null($host_data['nodeid'])) $host_data['nodeid'] = id2nodeid($host_data['groupid']);
 
481
                                
 
482
                                if(!isset($node_data[$host_data['nodeid']]))
 
483
                                {
 
484
                                        $node_data = get_accessible_nodes_by_rights($rights,$user_type,
 
485
                                                PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY, $host_data['nodeid']);
 
486
                                }
 
487
                                if( !isset($node_data[$host_data['nodeid']]) || $user_type==USER_TYPE_ZABBIX_USER )
 
488
                                        $host_data['permission'] = PERM_DENY;
 
489
                                else
 
490
                                        $host_data['permission'] = $node_data[$host_data['nodeid']]['permission'];
 
491
                        }
 
492
                        
 
493
                        if(eval('return ('.$host_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;'))
 
494
                                continue;
 
495
 
 
496
                        $result[$host_data['hostid']] = eval('return '.$resdata.';');
 
497
 
 
498
                }
 
499
 
 
500
                if($perm_res == PERM_RES_STRING_LINE) 
 
501
                {
 
502
                        if(count($result) == 0) 
 
503
                                $result = '-1';
 
504
                        else
 
505
                                $result = implode(',',$result);
 
506
                }
 
507
 
 
508
                return $result;
 
509
        }
 
510
        function        get_accessible_groups_by_rights(&$rights,$user_type,$perm,$perm_mode=null,$perm_res=null,$nodeid=null)
 
511
        {
 
512
                if(is_null($perm_mode)) $perm_mode=PERM_MODE_GE;
 
513
                if(is_null($perm_res))  $perm_res=PERM_RES_STRING_LINE;
 
514
 
 
515
                $result= array();
 
516
 
 
517
                switch($perm_res)
 
518
                {
 
519
                        case PERM_RES_DATA_ARRAY:       $resdata = '$group_data'; break;
 
520
                        default:                        $resdata = '$group_data["groupid"]'; break;
 
521
                }
 
522
 
 
523
                $where = array();
 
524
 
 
525
                if(is_array($nodeid))   array_push($where, DBid2nodeid('g.groupid').' in ('.implode(',', $nodeid).') ');
 
526
                elseif(isset($nodeid))  array_push($where, DBid2nodeid('g.groupid').' in ('.$nodeid.') ');
 
527
        
 
528
                if(count($where))       $where = ' where '.implode(' and ',$where);
 
529
                else                    $where = '';
 
530
 
 
531
                $group_perm = array();
 
532
                foreach($rights as $right)
 
533
                {
 
534
                        if($right['type'] != RESOURCE_TYPE_GROUP) continue;
 
535
                        $group_perm[$right['id']] = $right['permission'];
 
536
                }
 
537
 
 
538
                $db_groups = DBselect('select n.nodeid as nodeid,n.name as node_name, g.*, '.PERM_DENY.' as permission from groups g '.
 
539
                                ' left join nodes n on '.DBid2nodeid('g.groupid').'=n.nodeid '.
 
540
                                $where.' order by n.name, g.name');
 
541
 
 
542
                while($group_data = DBfetch($db_groups))
 
543
                {
 
544
                        if(isset($group_perm[$group_data['groupid']]))
 
545
                        {
 
546
                                $group_data['permission'] = $group_perm[$group_data['groupid']];
 
547
                        }
 
548
                        else
 
549
                        {
 
550
                                if(is_null($group_data['nodeid'])) $group_data['nodeid'] = id2nodeid($group_data['groupid']);
 
551
                                
 
552
                                if(!isset($node_data[$group_data['nodeid']]))
 
553
                                {
 
554
                                        $node_data = get_accessible_nodes_by_rights($rights,$user_type,
 
555
                                                PERM_DENY, PERM_MODE_GE, PERM_RES_DATA_ARRAY, $group_data['nodeid']);
 
556
                                }
 
557
                                if( !isset($node_data[$group_data['nodeid']]) || $user_type==USER_TYPE_ZABBIX_USER )
 
558
                                        $group_data['permission'] = PERM_DENY;
 
559
                                else
 
560
                                        $group_data['permission'] = $node_data[$group_data['nodeid']]['permission'];
 
561
                        }
 
562
                                        
 
563
                        if(eval('return ('.$group_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;'))
 
564
                                continue;
 
565
 
 
566
                        $result[$group_data["groupid"]] = eval('return '.$resdata.';');
 
567
                }
 
568
 
 
569
                if($perm_res == PERM_RES_STRING_LINE) 
 
570
                {
 
571
                        if(count($result) == 0) 
 
572
                                $result = '-1';
 
573
                        else
 
574
                                $result = implode(',',$result);
 
575
                }
 
576
 
 
577
                return $result;
 
578
        }
 
579
 
 
580
        function        get_accessible_nodes_by_rights(&$rights,$user_type,$perm,$perm_mode=null,$perm_res=null,$nodeid=null)
 
581
        {
 
582
                global $ZBX_LOCALNODEID;
 
583
 
 
584
                if(is_null($perm_mode)) $perm_mode=PERM_MODE_GE;
 
585
                if(is_null($perm_res))  $perm_res=PERM_RES_STRING_LINE;
 
586
 
 
587
                $result= array();
 
588
 
 
589
                if(is_null($user_type)) $user_type = USER_TYPE_ZABBIX_USER;
 
590
 
 
591
                switch($perm_res)
 
592
                {
 
593
                        case PERM_RES_DATA_ARRAY:       $resdata = '$node_data'; break;
 
594
                        default:                        $resdata = '$node_data["nodeid"]'; break;
 
595
                }
 
596
 
 
597
                if(is_null($nodeid))            $where_nodeid = '';
 
598
                else if(is_array($nodeid))      $where_nodeid = ' where n.nodeid in ('.implode(',', $nodeid).') ';
 
599
                else                            $where_nodeid = ' where  n.nodeid in ('.$nodeid.') ';
 
600
 
 
601
                $node_perm = array();
 
602
                foreach($rights as $right)
 
603
                {
 
604
                        if($right['type'] != RESOURCE_TYPE_NODE) continue;
 
605
                        $node_perm[$right['id']] = $right['permission'];
 
606
                }
 
607
 
 
608
                $db_nodes = DBselect('select n.*, '.PERM_DENY.' as permission from nodes n '.$where_nodeid.' order by n.name');
 
609
 
 
610
                while(($node_data = DBfetch($db_nodes)) || (!isset($do_break) && !ZBX_DISTRIBUTED))
 
611
                {
 
612
                        if(!ZBX_DISTRIBUTED)
 
613
                        {
 
614
                                if(!$node_data)
 
615
                                {
 
616
                                        $node_data = array(
 
617
                                                'nodeid'        => $ZBX_LOCALNODEID,
 
618
                                                'name'          => 'local',
 
619
                                                'permission'    => PERM_READ_WRITE
 
620
                                                );
 
621
 
 
622
                                        $do_break = true;
 
623
 
 
624
                                        if(is_array($nodeid) && !in_array($node_data['nodeid'],$nodeid))        continue;
 
625
                                        else if(isset($nodeid) and $node_data['nodeid'] != $nodeid)             continue;
 
626
                                }
 
627
                                else
 
628
                                {
 
629
                                        $node_perm[$node_data['nodeid']] = PERM_DENY;
 
630
                                }
 
631
                        }
 
632
 
 
633
                        if(isset($node_perm[$node_data['nodeid']]))
 
634
                                $node_data['permission'] = $node_perm[$node_data['nodeid']];
 
635
                        elseif($node_data['nodeid'] == $ZBX_LOCALNODEID || $user_type == USER_TYPE_SUPER_ADMIN)
 
636
                        /* for local node or superuser default permission is READ_WRITE */
 
637
                                        $node_data['permission'] = PERM_READ_WRITE;
 
638
 
 
639
 
 
640
                        /* special processing for PERM_READ_LIST*/
 
641
                        if(PERM_DENY == $node_data['permission'] && PERM_READ_LIST == $perm)
 
642
                        {
 
643
                                $groups = get_accessible_groups_by_rights($rights,$user_type,
 
644
                                        $perm, PERM_MODE_GE, PERM_RES_DATA_ARRAY, $node_data['nodeid']);
 
645
                                if(count($groups) == 0)  continue;
 
646
                        }
 
647
                        else
 
648
                        {
 
649
                                if(eval('return ('.$node_data["permission"].' '.perm_mode2comparator($perm_mode).' '.$perm.')? 0 : 1;'))
 
650
                                        continue;
 
651
                        }
 
652
 
 
653
                        $result[$node_data["nodeid"]] = eval('return '.$resdata.';');
 
654
                }
 
655
 
 
656
                if($perm_res == PERM_RES_STRING_LINE) 
 
657
                {
 
658
                        if(count($result) == 0) 
 
659
                                $result = '-1';
 
660
                        else
 
661
                                $result = implode(',',$result);
 
662
                }
 
663
 
 
664
                return $result;
 
665
        }
192
666
 
193
667
?>