mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

webui: Disabled editing device notes for non-admin users (#5341)

Browse Source
This commit is contained in:
Neil Lathwood
2017-01-08 13:05:37 +00:00
committed by Søren Rosiak
parent 1e655c4e03
commit 36e1cc82f6
2 changed files with 29 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
html/includes/forms/update-notes.inc.php
View File

@@ -17,16 +17,20 @@ $message = 'unknown error';
$device_id = mres($_POST['device_id']); $device_id = mres($_POST['device_id']);
$notes = $_POST['notes']; $notes = $_POST['notes'];
if (isset($notes) && (dbUpdate(array('notes' => $notes), 'devices', 'device_id = ?', array($device_id)))) { if (is_admin() === false) {
$message = 'Only admin accounts can update notes';
} elseif (isset($notes) && (dbUpdate(array('notes' => $notes), 'devices', 'device_id = ?', array($device_id)))) {
$status = 'ok'; $status = 'ok';
$message = 'Updated'; $message = 'Updated';
} else { } else {
$status = 'error'; $status = 'error';
$message = 'ERROR: Could not update'; $message = 'ERROR: Could not update';
} }
die(json_encode(array( echo _json_encode(
'status' => $status, array(
'message' => $message, 'status' => $status,
'notes' => $notes, 'message' => $message,
'device_id' => $device_id 'notes' => $notes,
))); 'device_id' => $device_id,
)
);

22
html/pages/device/notes.inc.php
View File

@@ -13,6 +13,12 @@
$data = dbFetchRow("SELECT `notes` FROM `devices` WHERE device_id = ?", array( $data = dbFetchRow("SELECT `notes` FROM `devices` WHERE device_id = ?", array(
$device['device_id'] $device['device_id']
)); ));
$disabled = '';
if (is_admin() === false) {
$disabled = 'disabled';
}
?> ?>
<form class="form-horizontal" action="" method="post"> <form class="form-horizontal" action="" method="post">
@@ -20,14 +26,14 @@ $data = dbFetchRow("SELECT `notes` FROM `devices` WHERE device_id = ?", array(
<hr> <hr>
<div class="form-group"> <div class="form-group">
<div class="col-sm-12"> <div class="col-sm-12">
<textarea class="form-control" rows="6" name="notes" id="device-notes"><?php echo htmlentities($data['notes']); ?></textarea> <textarea class="form-control" rows="6" name="notes" id="device-notes" <?php echo $disabled; ?>><?php echo htmlentities($data['notes']); ?></textarea>
</div> </div>
</div> </div>
<div class="row"> <div class="row">
<div class="col-md-1 col-md-offset-5"> <div class="col-md-1 col-md-offset-5">
<?php <?php
echo ' echo '
<button type="submit" name="btn-update-notes" id="btn-update-notes" class="btn btn-default" data-device_id="' . $device['device_id'] . '"><i class="fa fa-check"></i> Save</button> <button type="submit" name="btn-update-notes" id="btn-update-notes" class="btn btn-default ' . $disabled . '" data-device_id="' . $device['device_id'] . '"><i class="fa fa-check"></i> Save</button>
'; ';
?> ?>
</div> </div>
@@ -43,9 +49,13 @@ $("[name='btn-update-notes']").on('click', function(event) {
type: 'POST', type: 'POST',
url: 'ajax_form.php', url: 'ajax_form.php',
data: { type: "update-notes", notes: notes, device_id: device_id}, data: { type: "update-notes", notes: notes, device_id: device_id},
dataType: "html", dataType: "json",
success: function(data){ success: function(data){
toastr.success('Saved'); if (data.status == "error") {
toastr.error(data.message);
} else {
toastr.success('Saved');
}
}, },
error:function(){ error:function(){
toastr.error('Error'); toastr.error('Error');
@@ -53,3 +63,7 @@ $("[name='btn-update-notes']").on('click', function(event) {
}); });
}); });
</script> </script>
<?php
unset($disabled);
?>