From 3b61e82d391eb7d3cf0f1388468e774bfacf1183 Mon Sep 17 00:00:00 2001 From: laf Date: Fri, 29 May 2015 00:39:05 +0100 Subject: [PATCH] Fixes query to limit devices/ports users can see --- html/includes/front/top_device_bits.inc.php | 41 ++++++++++++++------- html/includes/front/top_ports.inc.php | 38 +++++++++++++------ 2 files changed, 55 insertions(+), 24 deletions(-) diff --git a/html/includes/front/top_device_bits.inc.php b/html/includes/front/top_device_bits.inc.php index 351f0ba437..a44d3a1e8c 100644 --- a/html/includes/front/top_device_bits.inc.php +++ b/html/includes/front/top_device_bits.inc.php @@ -15,22 +15,37 @@ $minutes = 15; $seconds = $minutes * 60; $top = $config['front_page_settings']['top']['devices']; -$query = " - SELECT *, sum(p.ifInOctets_rate + p.ifOutOctets_rate) as total - FROM ports as p, devices as d - WHERE d.device_id = p.device_id - AND unix_timestamp() - p.poll_time < $seconds - AND ( p.ifInOctets_rate > 0 - OR p.ifOutOctets_rate > 0 ) - GROUP BY d.device_id - ORDER BY total desc - LIMIT $top -"; - +if (is_admin() === TRUE || is_read() === TRUE) { + $query = " + SELECT *, sum(p.ifInOctets_rate + p.ifOutOctets_rate) as total + FROM ports as p, devices as d + WHERE d.device_id = p.device_id + AND unix_timestamp() - p.poll_time < $seconds + AND ( p.ifInOctets_rate > 0 + OR p.ifOutOctets_rate > 0 ) + GROUP BY d.device_id + ORDER BY total desc + LIMIT $top + "; +} else { + $query = " + SELECT *, sum(p.ifInOctets_rate + p.ifOutOctets_rate) as total + FROM ports as p, devices as d, `devices_perms` AS `P` + WHERE `P`.`user_id` = ? AND `P`.`device_id` = `d`.`device_id` AND + d.device_id = p.device_id + AND unix_timestamp() - p.poll_time < $seconds + AND ( p.ifInOctets_rate > 0 + OR p.ifOutOctets_rate > 0 ) + GROUP BY d.device_id + ORDER BY total desc + LIMIT $top + "; + $param[] = array($_SESSION['user_id']); +} echo("Top $top devices (last $minutes minutes)\n"); echo("\n"); -foreach (dbFetchRows($query) as $result) { +foreach (dbFetchRows($query,$param) as $result) { echo("". "". "
".generate_device_link($result, shorthost($result['hostname']))."".generate_device_link($result, diff --git a/html/includes/front/top_ports.inc.php b/html/includes/front/top_ports.inc.php index a207951630..9a09f3057e 100644 --- a/html/includes/front/top_ports.inc.php +++ b/html/includes/front/top_ports.inc.php @@ -15,20 +15,36 @@ $minutes = 15; $seconds = $minutes * 60; $top = $config['front_page_settings']['top']['ports']; -$query = " - SELECT *, p.ifInOctets_rate + p.ifOutOctets_rate as total - FROM ports as p, devices as d - WHERE d.device_id = p.device_id - AND unix_timestamp() - p.poll_time < $seconds - AND ( p.ifInOctets_rate > 0 - OR p.ifOutOctets_rate > 0 ) - ORDER BY total desc - LIMIT $top -"; +if (is_admin() === TRUE || is_read() === TRUE) { + $query = " + SELECT *, p.ifInOctets_rate + p.ifOutOctets_rate as total + FROM ports as p, devices as d + WHERE d.device_id = p.device_id + AND unix_timestamp() - p.poll_time < $seconds + AND ( p.ifInOctets_rate > 0 + OR p.ifOutOctets_rate > 0 ) + ORDER BY total desc + LIMIT $top + "; +} else { + $query = " + SELECT *, I.ifInOctets_rate + I.ifOutOctets_rate as total + FROM ports as I, devices as d, + `devices_perms` AS `P`, `ports_perms` AS `PP` + WHERE ((`P`.`user_id` = ? AND `P`.`device_id` = `d`.`device_id`) OR (`PP`.`user_id` = ? AND `PP`.`port_id` = `I`.`port_id` AND `I`.`device_id` = `d`.`device_id`)) AND + d.device_id = I.device_id + AND unix_timestamp() - I.poll_time < $seconds + AND ( I.ifInOctets_rate > 0 + OR I.ifOutOctets_rate > 0 ) + ORDER BY total desc + LIMIT $top + "; + $param[] = array($_SESSION['user_id'],$_SESSION['user_id']); +} echo("Top $top ports (last $minutes minutes)\n"); echo("\n"); -foreach (dbFetchRows($query) as $result) { +foreach (dbFetchRows($query,$param) as $result) { echo("". "". "".
".generate_device_link($result, shorthost($result['hostname']))."".generate_port_link($result)."