Fix notification creation (#10058)

* Fix notification creation also refactor so it is a bit more logical * Don't allow empty title and body * Updated to use error message in toastr
2024-10-07 16:52:45 +00:00 · 2019-04-03 20:52:08 -05:00
parent c305d2b520
commit 68916a1930
2 changed files with 58 additions and 35 deletions
--- a/html/includes/forms/notifications.inc.php
+++ b/html/includes/forms/notifications.inc.php
@@ -26,49 +26,74 @@ use LibreNMS\Authentication\LegacyAuth;

 header('Content-type: application/json');

-$status    = 'error';
-$message   = 'unknown error';
-if (isset($_REQUEST['notification_id']) && isset($_REQUEST['action'])) {
-    if ($_REQUEST['action'] == 'read' && dbInsert(['notifications_id'=>$_REQUEST['notification_id'],'user_id'=>LegacyAuth::id(),'key'=>'read','value'=>1], 'notifications_attribs')) {
-        $status  = 'ok';
-        $message = 'Set as Read';
-    } elseif (LegacyAuth::user()->hasGlobalAdmin()) {
-        if ($_REQUEST['action'] == 'stick' && dbInsert(['notifications_id'=>$_REQUEST['notification_id'],'user_id'=>LegacyAuth::id(),'key'=>'sticky','value'=>1], 'notifications_attribs')) {
-            $status  = 'ok';
-            $message = 'Set as Sticky';
-        } elseif ($_REQUEST['action'] == 'unstick' && dbDelete('notifications_attribs', "notifications_id = ? && user_id = ? AND `key`='sticky'", [$_REQUEST['notification_id'],LegacyAuth::id()])) {
-            $status  = 'ok';
-            $message = 'Removed Sticky';
-        } elseif ($_REQUEST['action'] == 'create' && (isset($_REQUEST['title']) && isset($_REQUEST['body']))) {
-            if (dbInsert(['title'=>$_REQUEST['title'],'body'=>$_REQUEST['body'],'checksum'=>hash('sha512', LegacyAuth::id().'.LOCAL.'.$_REQUEST['title']),'source'=>LegacyAuth::id()], 'notifications')) {
-                $status  = 'ok';
-                $message = 'Created';
+if (!isset($_REQUEST['action'])) {
+    die(json_encode([
+        'status' => 'error',
+        'message' => 'ERROR: Missing Params',
+    ]));
+}
+
+if (in_array($_REQUEST['action'], ['stick', 'unstick', 'create']) && !LegacyAuth::user()->hasGlobalAdmin()) {
+    die(json_encode([
+        'status' => 'error',
+        'message' => 'ERROR: Need to be GlobalAdmin or DemoUser',
+    ]));
+}
+
+
+if ($_REQUEST['action'] == 'read' && isset($_REQUEST['notification_id'])) {
+    if (dbInsert(['notifications_id'=>$_REQUEST['notification_id'],'user_id'=>LegacyAuth::id(),'key'=>'read','value'=>1], 'notifications_attribs')) {
+        die(json_encode([
+            'status' => 'ok',
+            'message' => 'Set as Read',
+        ]));
    }
-        }
-    } else {
-        $message = 'ERROR: Need to be GlobalAdmin or DemoUser';
-    }
-} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'read-all-notif') {
-    $unread = dbFetchColumn("SELECT `notifications_id` FROM `notifications` AS N WHERE NOT EXISTS ( SELECT 1 FROM `notifications_attribs` WHERE `notifications_id` = N.`notifications_id` AND `user_id`=? AND `key`='read' AND `value`=1)", array(LegacyAuth::id()));
+} elseif ($_REQUEST['action'] == 'read-all-notif') {
+    $unread = dbFetchColumn("SELECT `notifications_id` FROM `notifications` AS N WHERE NOT EXISTS ( SELECT 1 FROM `notifications_attribs` WHERE `notifications_id` = N.`notifications_id` AND `user_id`=? AND `key`='read' AND `value`=1)", [LegacyAuth::id()]);
    foreach ($unread as $notification_id) {
        dbInsert(
-            array(
+            [
                'notifications_id' => $notification_id,
                'user_id' => LegacyAuth::id(),
                'key' => 'read',
                'value' => 1
-            ),
+            ],
            'notifications_attribs'
        );
    }
-    $status = 'ok';
-    $message = 'All notifications set as read';
+    die(json_encode([
+        'status' => 'ok',
+        'message' => 'All notifications set as read',
+    ]));
+} elseif ($_REQUEST['action'] == 'stick' && isset($_REQUEST['notification_id'])) {
+    if (dbInsert(['notifications_id'=>$_REQUEST['notification_id'],'user_id'=>LegacyAuth::id(),'key'=>'sticky','value'=>1], 'notifications_attribs')) {
+        die(json_encode([
+            'status' => 'ok',
+            'message' => 'Set as Sticky',
+        ]));
+    }
+} elseif ($_REQUEST['action'] == 'unstick' && isset($_REQUEST['notification_id'])) {
+    if (dbDelete('notifications_attribs', "notifications_id = ? && user_id = ? AND `key`='sticky'", [$_REQUEST['notification_id'],LegacyAuth::id()])) {
+        die(json_encode([
+            'status' => 'ok',
+            'message' => 'Removed Sticky',
+        ]));
+    }
+} elseif ($_REQUEST['action'] == 'create' && (!empty($_REQUEST['title']) && !empty($_REQUEST['body']))) {
+    if (dbInsert(['title'=>$_REQUEST['title'],'body'=>$_REQUEST['body'],'checksum'=>hash('sha512', LegacyAuth::id().'.LOCAL.'.$_REQUEST['title']),'source'=>LegacyAuth::id()], 'notifications')) {
+        die(json_encode([
+            'status' => 'ok',
+            'message' => 'Created',
+        ]));
+    }
 } else {
-    $status  = 'error';
-    $message = 'ERROR: Missing Params';
+    die(json_encode([
+        'status' => 'error',
+        'message' => 'ERROR: Missing Params',
+    ]));
 }

 die(json_encode(array(
-    'status'       => $status,
-    'message'      => $message,
+    'status'       => 'error',
+    'message'      => 'unknown error',
 )));
--- a/html/pages/notifications.inc.php
+++ b/html/pages/notifications.inc.php
@@ -210,11 +210,9 @@ $(function() {
      dataType: "json",
      success: function (data) {
        if( data.status == "ok" ) {
-          $("#message").html('<div class="alert alert-info">' + data.message + '</div>');
          window.location.href="notifications";
-        }
-        else {
-          $("#message").html('<div class="alert alert-info">' + data.message + '</div>');
+        } else {
+          toastr.error(data.message);
        }
      }
    });