mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #855 from laf/user-perms

Browse Source 
Added function for read only admin and updating lots of areas with user perms issue.
This commit is contained in:
Daniel Preussker
2015-04-23 16:48:03 +00:00
parent 4ef0e6b4ca 5b3b6d7e60
commit 57efb19527
9 changed files with 113 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
html/ajax_search.php
View File

@@ -47,7 +47,11 @@ if (isset($_REQUEST['search']))
} elseif($_REQUEST['type'] == 'device') {
// Device search
$results = dbFetchRows("SELECT * FROM `devices` WHERE `hostname` LIKE '%" . $search . "%' OR `location` LIKE '%" . $search . "%' ORDER BY hostname LIMIT 8");
if (is_admin() === TRUE || is_read() === TRUE) {
$results = dbFetchRows("SELECT * FROM `devices` WHERE `hostname` LIKE '%" . $search . "%' OR `location` LIKE '%" . $search . "%' ORDER BY hostname LIMIT 8");
} else {
$results = dbFetchRows("SELECT * FROM `devices` AS `D`, `devices_perms` AS `P` WHERE `P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id` AND (`hostname` LIKE '%" . $search . "%' OR `location` LIKE '%" . $search . "%') ORDER BY hostname LIMIT 8", array($_SESSION['user_id']));
}
if (count($results))
{
$found = 1;
@@ -72,7 +76,11 @@ if (isset($_REQUEST['search']))
{
$highlight_colour = '#008000';
}
$num_ports = dbFetchCell("SELECT COUNT(*) FROM `ports` WHERE device_id = ?", array($result['device_id']));
if (is_admin() === TRUE || is_read() === TRUE) {
$num_ports = dbFetchCell("SELECT COUNT(*) FROM `ports` WHERE device_id = ?", array($result['device_id']));
} else {
$num_ports = dbFetchCell("SELECT COUNT(*) FROM `ports` AS `I`, `devices` AS `D`, `devices_perms` AS `P` WHERE `P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id` AND `I`.`device_id` = `D`.`device_id` AND device_id = ?", array($_SESSION['user_id'],$result['device_id']));
}
$device[]=array('name'=>$name,
'device_id'=>$result['device_id'],
'url'=> generate_device_url($result),
@@ -91,7 +99,11 @@ if (isset($_REQUEST['search']))
} elseif($_REQUEST['type'] == 'ports') {
// Search ports
$results = dbFetchRows("SELECT `ports`.*,`devices`.* FROM `ports` LEFT JOIN `devices` ON `ports`.`device_id` = `devices`.`device_id` WHERE `ifAlias` LIKE '%" . $search . "%' OR `ifDescr` LIKE '%" . $search . "%' ORDER BY ifDescr LIMIT 8");
if (is_admin() === TRUE || is_read() === TRUE) {
$results = dbFetchRows("SELECT `ports`.*,`devices`.* FROM `ports` LEFT JOIN `devices` ON `ports`.`device_id` = `devices`.`device_id` WHERE `ifAlias` LIKE '%" . $search . "%' OR `ifDescr` LIKE '%" . $search . "%' ORDER BY ifDescr LIMIT 8");
} else {
$results = dbFetchRows("SELECT DISTINCT(`I`.`port_id`), `I`.*, `D`.`hostname` FROM `ports` AS `I`, `devices` AS `D`, `devices_perms` AS `P`, `ports_perms` AS `PP` WHERE ((`P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id`) OR (`PP`.`user_id` = ? AND `PP`.`port_id` = `I`.`port_id` AND `I`.`device_id` = `D`.`device_id`)) AND `D`.`device_id` = `I`.`device_id` AND (`ifAlias` LIKE '%" . $search . "%' OR `ifDescr` LIKE '%" . $search . "%') ORDER BY ifDescr LIMIT 8", array($_SESSION['user_id'],$_SESSION['user_id']));
}
if (count($results))
{
@@ -144,7 +156,11 @@ if (isset($_REQUEST['search']))
} elseif($_REQUEST['type'] == 'bgp') {
// Search bgp peers
$results = dbFetchRows("SELECT `bgpPeers`.*,`devices`.* FROM `bgpPeers` LEFT JOIN `devices` ON `bgpPeers`.`device_id` = `devices`.`device_id` WHERE `astext` LIKE '%" . $search . "%' OR `bgpPeerIdentifier` LIKE '%" . $search . "%' OR `bgpPeerRemoteAs` LIKE '%" . $search . "%' ORDER BY `astext` LIMIT 8");
if (is_admin() === TRUE || is_read() === TRUE) {
$results = dbFetchRows("SELECT `bgpPeers`.*,`devices`.* FROM `bgpPeers` LEFT JOIN `devices` ON `bgpPeers`.`device_id` = `devices`.`device_id` WHERE `astext` LIKE '%" . $search . "%' OR `bgpPeerIdentifier` LIKE '%" . $search . "%' OR `bgpPeerRemoteAs` LIKE '%" . $search . "%' ORDER BY `astext` LIMIT 8");
} else {
$results = dbFetchRows("SELECT `bgpPeers`.*,`D`.* FROM `bgpPeers`, `devices` AS `D`, `devices_perms` AS `P` WHERE `P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id` AND `bgpPeers`.`device_id`=`D`.`device_id` AND (`astext` LIKE '%" . $search . "%' OR `bgpPeerIdentifier` LIKE '%" . $search . "%' OR `bgpPeerRemoteAs` LIKE '%" . $search . "%') ORDER BY `astext` LIMIT 8", array($_SESSION['user_id']));
}
if (count($results))
{
$found = 1;

9
html/includes/functions.inc.php
View File

@@ -730,6 +730,15 @@ function is_admin() {
return $allowed;
}
function is_read() {
if ($_SESSION['userlevel'] == '5') {
$allowed = true;
} else {
$allowed = false;
}
return $allowed;
}
function demo_account() {
print_error("You are logged in as a demo account, this page isn't accessible to you");
}

8
html/includes/print-menubar.php
View File

@@ -95,7 +95,13 @@ if ($_SESSION['userlevel'] >= '10') {
<ul class="dropdown-menu scrollable-menu">
<?php
foreach (dbFetchRows('SELECT `type`,COUNT(`type`) AS total_type FROM `devices` AS D WHERE 1 GROUP BY `type` ORDER BY `type`') as $devtype) {
if (is_admin() === TRUE || is_read() === TRUE) {
$sql = "SELECT `type`,COUNT(`type`) AS total_type FROM `devices` AS D WHERE 1 GROUP BY `type` ORDER BY `type`";
} else {
$sql = "SELECT `type`,COUNT(`type`) AS total_type FROM `devices` AS `D`, `devices_perms` AS `P` WHERE `P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id` GROUP BY `type` ORDER BY `type`";
$param[] = $_SESSION['user_id'];
}
foreach (dbFetchRows($sql,$param) as $devtype) {
if (empty($devtype['type'])) {
$devtype['type'] = 'generic';
}

2
html/includes/table/alertlog.inc.php
View File

@@ -11,7 +11,7 @@ if ($_SESSION['userlevel'] >= '5') {
$sql = " FROM `alert_log` AS E LEFT JOIN devices AS D ON E.device_id=D.device_id RIGHT JOIN alert_rules AS R ON E.rule_id=R.id WHERE $where";
} else {
$sql = " FROM `alert_log` AS E LEFT JOIN devices AS D ON E.device_id=D.device_id RIGHT JOIN alert_rules AS R ON E.rule_id=R.id RIGHT JOIN devices_perms AS P ON E.device_id = P.device_id WHERE $where AND P.user_id = ?";
$param[] = $_SESSION['user_id'];
$param[] = array($_SESSION['user_id']);
}
if (isset($searchPhrase) && !empty($searchPhrase)) {

7
html/pages/alert-log.inc.php
View File

@@ -45,12 +45,15 @@ var grid = $("#alertlog").bootgrid({
"<option value=\"\">All Devices</option>"+
<?php
foreach (get_all_devices() as $hostname) {
echo('"<option value=\"'.getidbyname($hostname).'\""+');
$device_id = getidbyname($hostname);
if (device_permitted($device_id)) {
echo('"<option value=\"'.$device_id.'\""+');
if (getidbyname($hostname) == $_POST['device_id']) {
echo('" selected "+');
}
echo('">'.$hostname.'</option>"+');
echo('">'.$hostname.'</option>"+');
}
}
?>
"</select>"+
"</div>"+

40
html/pages/devices.inc.php
View File

@@ -216,7 +216,13 @@ var grid = $("#devices").bootgrid({
"<option value=''>All OSes</option>"+
<?php
foreach (dbFetch('SELECT `os` FROM `devices` AS D WHERE 1 GROUP BY `os` ORDER BY `os`') as $data) {
if (is_admin() === TRUE || is_read() === TRUE) {
$sql = "SELECT `os` FROM `devices` AS D WHERE 1 GROUP BY `os` ORDER BY `os`";
} else {
$sql = "SELECT `os` FROM `devices` AS `D`, `devices_perms` AS `P` WHERE `P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id` GROUP BY `os` ORDER BY `os`";
$param[] = $_SESSION['user_id'];
}
foreach (dbFetch($sql,$param) as $data) {
if ($data['os']) {
$tmp_os = clean_bootgrid($data['os']);
echo('"<option value=\"'.$tmp_os.'\""+');
@@ -234,7 +240,13 @@ foreach (dbFetch('SELECT `os` FROM `devices` AS D WHERE 1 GROUP BY `os` ORDER BY
"<option value=''>All Versions</option>"+
<?php
foreach (dbFetch('SELECT `version` FROM `devices` AS D WHERE 1 GROUP BY `version` ORDER BY `version`') as $data) {
if (is_admin() === TRUE || is_read() === TRUE) {
$sql = "SELECT `version` FROM `devices` AS D WHERE 1 GROUP BY `version` ORDER BY `version`";
} else {
$sql = "SELECT `version` FROM `devices` AS `D`, `devices_perms` AS `P` WHERE `P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id` GROUP BY `version` ORDER BY `version`";
$param[] = $_SESSION['user_id'];
}
foreach (dbFetch($sql,$param) as $data) {
if ($data['version']) {
$tmp_version = clean_bootgrid($data['version']);
echo('"<option value=\"'.$tmp_version.'\""+');
@@ -252,7 +264,13 @@ foreach (dbFetch('SELECT `version` FROM `devices` AS D WHERE 1 GROUP BY `version
"<option value=\"\">All Platforms</option>"+
<?php
foreach (dbFetch('SELECT `hardware` FROM `devices` AS D WHERE 1 GROUP BY `hardware` ORDER BY `hardware`') as $data) {
if (is_admin() === TRUE || is_read() === TRUE) {
$sql = "SELECT `hardware` FROM `devices` AS D WHERE 1 GROUP BY `hardware` ORDER BY `hardware`";
} else {
$sql = "SELECT `hardware` FROM `devices` AS `D`, `devices_perms` AS `P` WHERE `P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id` GROUP BY `hardware` ORDER BY `hardware`";
$param[] = $_SESSION['user_id'];
}
foreach (dbFetch($sql,$param) as $data) {
if ($data['hardware']) {
$tmp_hardware = clean_bootgrid($data['hardware']);
echo('"<option value=\"'.$tmp_hardware.'\""+');
@@ -271,7 +289,13 @@ foreach (dbFetch('SELECT `hardware` FROM `devices` AS D WHERE 1 GROUP BY `hardwa
"<option value=\"\">All Featuresets</option>"+
<?php
foreach (dbFetch('SELECT `features` FROM `devices` AS D WHERE 1 GROUP BY `features` ORDER BY `features`') as $data)
if (is_admin() === TRUE || is_read() === TRUE) {
$sql = "SELECT `features` FROM `devices` AS D WHERE 1 GROUP BY `features` ORDER BY `features`";
} else {
$sql = "SELECT `features` FROM `devices` AS `D`, `devices_perms` AS `P` WHERE `P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id` GROUP BY `features` ORDER BY `features`";
$param[] = $_SESSION['user_id'];
}
foreach (dbFetch($sql,$param) as $data)
{
if ($data['features'])
{
@@ -312,7 +336,13 @@ foreach (getlocations() as $location) {
"<option value=\"\">All Device Types</option>"+
<?php
foreach (dbFetch('SELECT `type` FROM `devices` AS D WHERE 1 GROUP BY `type` ORDER BY `type`') as $data) {
if (is_admin() === TRUE || is_read() === TRUE) {
$sql = "SELECT `type` FROM `devices` AS D WHERE 1 GROUP BY `type` ORDER BY `type`";
} else {
$sql = "SELECT `type` FROM `devices` AS `D`, `devices_perms` AS `P` WHERE `P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id` GROUP BY `type` ORDER BY `type`";
$param[] = $_SESSION['user_id'];
}
foreach (dbFetch($sql,$param) as $data) {
if ($data['type']) {
echo('"<option value=\"'.$data['type'].'\""+');
if ($data['type'] == $vars['type']) {

11
html/pages/eventlog.inc.php
View File

@@ -26,11 +26,12 @@ print_optionbar_start();
<?php
foreach (get_all_devices() as $hostname)
{
echo("<option value='".getidbyname($hostname)."'");
if (getidbyname($hostname) == $_POST['device']) { echo("selected"); }
echo(">".$hostname."</option>");
$device_id = getidbyname($hostname);
if (device_permitted($device_id)) {
echo("<option value='".$device_id."'");
if ($device_id == $_POST['device']) { echo("selected"); }
echo(">".$hostname."</option>");
}
}
?>
</select>

10
html/pages/inventory.inc.php
View File

@@ -56,11 +56,13 @@ foreach (dbFetchRows("SELECT `entPhysicalModelName` FROM `entPhysical` GROUP BY
<?php
foreach (dbFetchRows("SELECT * FROM `devices` ORDER BY `hostname`") as $data) {
echo('"<option value=\"'.$data['device_id'].'\""+');
if ($data['device_id'] == $_POST['device']) {
echo('" selected"+');
if (device_permitted($data['device_id'])) {
echo('"<option value=\"'.$data['device_id'].'\""+');
if ($data['device_id'] == $_POST['device']) {
echo('" selected"+');
}
echo('">'.$data['hostname'].'</option>"+');
}
echo('">'.$data['hostname'].'</option>"+');
}
?>
"</select>"+

29
html/pages/ports.inc.php
View File

@@ -140,7 +140,14 @@ foreach ($results as $data)
<select name="ifSpeed" id="ifSpeed" class="form-control input-sm">
<option value="">All Speeds</option>
<?php
foreach (dbFetchRows("SELECT `ifSpeed` FROM `ports` GROUP BY `ifSpeed` ORDER BY `ifSpeed`") as $data)
if (is_admin() === TRUE || is_read() === TRUE) {
$sql = "SELECT `ifSpeed` FROM `ports` GROUP BY `ifSpeed` ORDER BY `ifSpeed`";
} else {
$sql = "SELECT `ifSpeed` FROM `ports` AS `I`, `devices` AS `D`, `devices_perms` AS `P`, `ports_perms` AS `PP` WHERE ((`P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id`) OR (`PP`.`user_id` = ? AND `PP`.`port_id` = `I`.`port_id` AND `I`.`device_id` = `D`.`device_id`)) AND `D`.`device_id` = `I`.`device_id` GROUP BY `ifSpeed` ORDER BY `ifSpeed`";
$param[] = array($_SESSION['user_id'],$_SESSION['user_id']);
}
foreach (dbFetchRows($sql,$param) as $data)
{
if ($data['ifSpeed'])
{
@@ -156,7 +163,14 @@ foreach (dbFetchRows("SELECT `ifSpeed` FROM `ports` GROUP BY `ifSpeed` ORDER BY
<select name="ifType" id="ifType" class="form-control input-sm">
<option value="">All Media</option>
<?php
foreach (dbFetchRows("SELECT `ifType` FROM `ports` GROUP BY `ifType` ORDER BY `ifType`") as $data)
if (is_admin() === TRUE || is_read() === TRUE) {
$sql = "SELECT `ifType` FROM `ports` GROUP BY `ifType` ORDER BY `ifType`";
} else {
$sql = "SELECT `ifType` FROM `ports` AS `I`, `devices` AS `D`, `devices_perms` AS `P`, `ports_perms` AS `PP` WHERE ((`P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id`) OR (`PP`.`user_id` = ? AND `PP`.`port_id` = `I`.`port_id` AND `I`.`device_id` = `D`.`device_id`)) AND `D`.`device_id` = `I`.`device_id` GROUP BY `ifType` ORDER BY `ifType`";
$param[] = array($_SESSION['user_id'],$_SESSION['user_id']);
}
foreach (dbFetchRows($sql,$param) as $data)
{
if ($data['ifType'])
{
@@ -170,9 +184,14 @@ foreach (dbFetchRows("SELECT `ifType` FROM `ports` GROUP BY `ifType` ORDER BY `i
<select name="port_descr_type" id="port_descr_type" class="form-control input-sm">
<option value="">All Port Types</option>
<?php
$ports = dbFetchRows("SELECT `port_descr_type` FROM `ports` GROUP BY `port_descr_type` ORDER BY `port_descr_type`");
$total = count($ports);
echo("Total: $total");
if (is_admin() === TRUE || is_read() === TRUE) {
$sql = "SELECT `port_descr_type` FROM `ports` GROUP BY `port_descr_type` ORDER BY `port_descr_type`";
} else {
$sql = "SELECT `port_descr_type` FROM `ports` AS `I`, `devices` AS `D`, `devices_perms` AS `P`, `ports_perms` AS `PP` WHERE ((`P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id`) OR (`PP`.`user_id` = ? AND `PP`.`port_id` = `I`.`port_id` AND `I`.`device_id` = `D`.`device_id`)) AND `D`.`device_id` = `I`.`device_id` GROUP BY `port_descr_type` ORDER BY `port_descr_type`";
$param[] = array($_SESSION['user_id'],$_SESSION['user_id']);
}
$ports = dbFetchRows($sql,$param);
foreach ($ports as $data)
{
if ($data['port_descr_type'])