From 441c27a7d4a6bdf74e3a86d0e1bf5003c74468a6 Mon Sep 17 00:00:00 2001
From: f0o <f0o@devilcode.org>
Date: Sat, 4 Apr 2015 11:37:07 +0000
Subject: [PATCH] Assign invalid `device_id` if a rule is created with a
 mapping. Update rule to invalidate `device_id` if a map has been assigned
 afterwards. Update rule to restore `device_id` if no more maps are assigned
 to it. Remove all maps (if any) if a rule is deleted. Fixed SQL-schema

---
 html/forms/create-alert-item.inc.php |  7 ++++--
 html/forms/create-map-item.inc.php   | 11 +++++++--
 html/forms/delete-alert-map.inc.php  | 34 ++++++++++++++++++----------
 html/forms/delete-alert-rule.inc.php |  5 ++++
 sql-schema/045.sql                   |  6 +++--
 5 files changed, 45 insertions(+), 18 deletions(-)

diff --git a/html/forms/create-alert-item.inc.php b/html/forms/create-alert-item.inc.php
index 1190e6b5b7..e11c561242 100644
--- a/html/forms/create-alert-item.inc.php
+++ b/html/forms/create-alert-item.inc.php
@@ -28,7 +28,7 @@ $name = mres($_POST['name']);
 
 if(empty($rule)) {
     $update_message = "ERROR: No rule was generated";
-} elseif(validate_device_id($_POST['device_id']) || $_POST['device_id'] == '-1') {
+} elseif(validate_device_id($_POST['device_id']) || $_POST['device_id'] == '-1' || $_POST['device_id'][0] == ':') {
     $device_id = $_POST['device_id'];
     if(!is_numeric($count)) {
         $count='-1';
@@ -53,7 +53,10 @@ if(empty($rule)) {
             $update_message = "ERROR: Failed to edit Rule: <i>".$rule."</i>";
         }
     } else {
-        if( dbInsert(array('device_id'=>0,'rule'=>$rule,'severity'=>mres($_POST['severity']),'extra'=>$extra_json,'name'=>$name),'alert_rules') ) {
+        if( is_array($_POST['maps']) ) {
+            $device_id = ':'.$device_id;
+        }
+        if( dbInsert(array('device_id'=>$device_id,'rule'=>$rule,'severity'=>mres($_POST['severity']),'extra'=>$extra_json,'name'=>$name),'alert_rules') ) {
             $update_message = "Added Rule: <i>$name: $rule</i>";
             if( is_array($_POST['maps']) ) {
                 foreach( $_POST['maps'] as $target ) {
diff --git a/html/forms/create-map-item.inc.php b/html/forms/create-map-item.inc.php
index d05f0f0dd7..52670ac8a4 100644
--- a/html/forms/create-map-item.inc.php
+++ b/html/forms/create-map-item.inc.php
@@ -26,7 +26,7 @@ if( empty($rule) || empty($target) ) {
 } else {
 	$raw = $rule;
 	$rule = dbFetchCell('SELECT id FROM alert_rules WHERE name = ?',array($rule));
-	if( !is_numeric($target) && $target[0] != "g" ) {
+	if( !is_numeric($rule) ) {
 		array_unshift($ret, "ERROR: Could not find rule for '".$raw."'");
 	} else {
 		$raw = $target;
@@ -35,7 +35,7 @@ if( empty($rule) || empty($target) ) {
 		} else {
 			$target = dbFetchCell('SELECT device_id FROM devices WHERE hostname = ?',array($target));
 		}
-		if( !is_numeric($target) && $target[0] != "g" ) {
+		if( !is_numeric(str_replace('g','',$target)) ) {
 			array_unshift($ret, "ERROR: Could not find entry for '".$raw."'");
 		} else {
 			if(is_numeric($map_id) && $map_id > 0) {
@@ -51,6 +51,13 @@ if( empty($rule) || empty($target) ) {
 					array_unshift($ret,"ERROR: Failed to add Map: <i>".$rule." = ".$target."</i>");
 				}
 			}
+			if( ($tmp=dbFetchCell('SELECT device_id FROM alert_rules WHERE id = ?',array($rule))) && $tmp[0] != ":" ) {
+				if(dbUpdate(array('device_id' => ':'.$tmp), 'alert_rules', 'id=?',array($rule)) >= 0) {
+					$ret[] = "Edited Rule: <i>".$rule." device_id = ':".$tmp."'</i>";
+				} else {
+					array_unshift($ret,"ERROR: Failed to edit Rule: <i>".$rule.": device_id = ':".$tmp."'</i>");
+				}
+			}
 		}
 	}
 }
diff --git a/html/forms/delete-alert-map.inc.php b/html/forms/delete-alert-map.inc.php
index 4136fe983b..1275ea6a79 100644
--- a/html/forms/delete-alert-map.inc.php
+++ b/html/forms/delete-alert-map.inc.php
@@ -15,17 +15,27 @@
 if(is_admin() === false) {
     die('ERROR: You need to be admin');
 }
-
-if(!is_numeric($_POST['map_id'])) {
-    echo('ERROR: No map selected');
-    exit;
+$ret = array();
+$brk = false;
+if( !is_numeric($_POST['map_id']) ) {
+	array_unshift($ret,'ERROR: No map selected');
 } else {
-    if(dbDelete('alert_map', "`id` =  ?", array($_POST['map_id']))) {
-      echo('Map has been deleted.');
-      exit;
-    } else {
-      echo('ERROR: Map has not been deleted.');
-      exit;
-    }
+	if( dbFetchCell('SELECT COUNT(B.id) FROM alert_map,alert_map AS B WHERE alert_map.rule=B.rule && alert_map.id = ?',array($_POST['map_id'])) <= 1 ) {
+		$rule = dbFetchRow('SELECT alert_rules.id,alert_rules.device_id FROM alert_map,alert_rules WHERE alert_map.rule=alert_rules.id && alert_map.id = ?',array($_POST['map_id']));
+		$rule['device_id'] = str_replace(":",'',$rule['device_id']);
+		if( dbUpdate(array('device_id'=>$rule['device_id']),'alert_rules','id = ?',array($rule['id'])) >= 0 ) {
+			$ret[] = "Restored Rule: <i>".$rule['id'].": device_id = '".$rule['device_id']."'</i>";
+		} else {
+			array_unshift($ret, 'ERROR: Rule '.$rule['id'].' has not been restored.');
+			$brk = true;
+		}
+	}
+	if( $brk === false && dbDelete('alert_map', "`id` =  ?", array($_POST['map_id'])) ) {
+		$ret[] = 'Map has been deleted.';
+	} else {
+		array_unshift($ret, 'ERROR: Map has not been deleted.');
+	}
+}
+foreach( $ret as $msg ) {
+	echo $msg."<br/>";
 }
-
diff --git a/html/forms/delete-alert-rule.inc.php b/html/forms/delete-alert-rule.inc.php
index a15b1edbe7..f77c5dc2b1 100644
--- a/html/forms/delete-alert-rule.inc.php
+++ b/html/forms/delete-alert-rule.inc.php
@@ -21,6 +21,11 @@ if(!is_numeric($_POST['alert_id'])) {
     exit;
 } else {
     if(dbDelete('alert_rules', "`id` =  ?", array($_POST['alert_id']))) {
+      if(dbDelete('alert_map', "rule = ?", array($_POST['alert_id'])) || dbFetchCell('COUNT(id) FROM alert_map WHERE rule = ?',array($_POST['alert_id'])) == 0) {
+        echo('Maps has been deleted.');
+      } else {
+        echo('WARNING: Maps could not be deleted.');
+      }
       echo('Alert rule has been deleted.');
       exit;
     } else {
diff --git a/sql-schema/045.sql b/sql-schema/045.sql
index 890747e43c..6678875b61 100644
--- a/sql-schema/045.sql
+++ b/sql-schema/045.sql
@@ -1,3 +1,5 @@
-CREATE TABLE IF NOT EXISTS `device_groups` (  `id` int(11) NOT NULL AUTO_INCREMENT,  `name` varchar(255) NOT NULL DEFAULT '',  `desc` varchar(255) NOT NULL DEFAULT '',  `pattern` varchar(255) NOT NULL DEFAULT '',  PRIMARY KEY (`id`),  UNIQUE KEY `name` (`name`)) ENGINE=InnoDB DEFAULT;
-CREATE TABLE IF NOT EXISTS `alert_map` (  `id` int(11) NOT NULL AUTO_INCREMENT,  `rule` int(11) NOT NULL DEFAULT '0',  `target` varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT '',  PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT;
+CREATE TABLE IF NOT EXISTS `device_groups` (  `id` int(11) NOT NULL AUTO_INCREMENT,  `name` varchar(255) NOT NULL DEFAULT '',  `desc` varchar(255) NOT NULL DEFAULT '',  `pattern` varchar(255) NOT NULL DEFAULT '',  PRIMARY KEY (`id`),  UNIQUE KEY `name` (`name`)) ENGINE=InnoDB;
+CREATE TABLE IF NOT EXISTS `alert_map` (  `id` int(11) NOT NULL AUTO_INCREMENT,  `rule` int(11) NOT NULL DEFAULT '0',  `target` varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT '',  PRIMARY KEY (`id`)) ENGINE=InnoDB;
 ALTER TABLE  `alert_rules` ADD UNIQUE (`name`);
+ALTER TABLE  `alert_rules` CHANGE  `device_id`  `device_id` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT  '';
+