mirror of
https://github.com/stylersnico/librenms.git
synced 2026-07-12 16:06:25 +02:00
Merge pull request #1411 from laf/issue-1289
Fixes a number of user permission issues
This commit is contained in:
@@ -1,11 +1,18 @@
|
||||
<?php
|
||||
|
||||
$where = 1;
|
||||
$param = array();
|
||||
|
||||
if (is_admin() === FALSE && is_read() === FALSE) {
|
||||
$perms_sql .= " LEFT JOIN `devices_perms` AS `DP` ON `D`.`device_id` = `DP`.`device_id`";
|
||||
$where .= " AND `DP`.`user_id`=?";
|
||||
$param[] = array($_SESSION['user_id']);
|
||||
}
|
||||
|
||||
list($address,$prefix) = explode("/", $_POST['address']);
|
||||
if ($_POST['search_type'] == 'ipv4') {
|
||||
$sql = " FROM `ipv4_addresses` AS A, `ports` AS I, `devices` AS D, `ipv4_networks` AS N WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv4_network_id = A.ipv4_network_id ";
|
||||
$sql = " FROM `ipv4_addresses` AS A, `ports` AS I, `ipv4_networks` AS N, `devices` AS D";
|
||||
$sql .= $perms_sql;
|
||||
$sql .= " WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv4_network_id = A.ipv4_network_id $where ";
|
||||
if (!empty($address)) {
|
||||
$sql .= " AND ipv4_address LIKE '%".$address."%'";
|
||||
}
|
||||
@@ -14,7 +21,9 @@ if ($_POST['search_type'] == 'ipv4') {
|
||||
$param[] = array($prefix);
|
||||
}
|
||||
} elseif ($_POST['search_type'] == 'ipv6') {
|
||||
$sql = " FROM `ipv6_addresses` AS A, `ports` AS I, `devices` AS D, `ipv6_networks` AS N WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv6_network_id = A.ipv6_network_id ";
|
||||
$sql = " FROM `ipv6_addresses` AS A, `ports` AS I, `ipv6_networks` AS N, `devices` AS D";
|
||||
$sql .= $perms_sql;
|
||||
$sql .= " WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv6_network_id = A.ipv6_network_id $where ";
|
||||
if (!empty($address)) {
|
||||
$sql .= " AND (ipv6_address LIKE '%".$address."%' OR ipv6_compressed LIKE '%".$address."%')";
|
||||
}
|
||||
@@ -22,8 +31,9 @@ if ($_POST['search_type'] == 'ipv4') {
|
||||
$sql .= " AND ipv6_prefixlen = '$prefix'";
|
||||
}
|
||||
} elseif ($_POST['search_type'] == 'mac') {
|
||||
$sql = " FROM `ports` AS I, `devices` AS D WHERE I.device_id = D.device_id AND `ifPhysAddress` LIKE '%?%' ";
|
||||
$param[] = array("%".str_replace(array(':', ' ', '-', '.', '0x'),'',mres($_POST['address']))."%");
|
||||
$sql = " FROM `ports` AS I, `devices` AS D";
|
||||
$sql .= $perms_sql;
|
||||
$sql .= " WHERE I.device_id = D.device_id AND `ifPhysAddress` LIKE '%".str_replace(array(':', ' ', '-', '.', '0x'),'',mres($_POST['address']))."%' $where ";
|
||||
}
|
||||
if (is_numeric($_POST['device_id'])) {
|
||||
$sql .= " AND I.device_id = ?";
|
||||
|
||||
@@ -7,10 +7,18 @@ if (is_numeric($_POST['device_id']) && $_POST['device_id'] > 0) {
|
||||
}
|
||||
|
||||
if (isset($searchPhrase) && !empty($searchPhrase)) {
|
||||
$sql .= " AND (`timestamp` LIKE '%$searchPhrase%' OR `rule` LIKE '%$searchPhrase%' OR `name` LIKE '%$searchPhrase%' OR `hostname` LIKE '%$searchPhrase%')";
|
||||
$sql_search .= " AND (`timestamp` LIKE '%$searchPhrase%' OR `rule` LIKE '%$searchPhrase%' OR `name` LIKE '%$searchPhrase%' OR `hostname` LIKE '%$searchPhrase%')";
|
||||
}
|
||||
|
||||
$sql = " FROM `alerts` LEFT JOIN `devices` ON `alerts`.`device_id`=`devices`.`device_id` RIGHT JOIN alert_rules ON alerts.rule_id=alert_rules.id WHERE $where AND `state` IN (1,2,3,4) $sql";
|
||||
$sql = " FROM `alerts` LEFT JOIN `devices` ON `alerts`.`device_id`=`devices`.`device_id`";
|
||||
|
||||
if (is_admin() === FALSE && is_read() === FALSE) {
|
||||
$sql .= " LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`";
|
||||
$where .= " AND `DP`.`user_id`=?";
|
||||
$param[] = $_SESSION['user_id'];
|
||||
}
|
||||
|
||||
$sql .= " RIGHT JOIN alert_rules ON alerts.rule_id=alert_rules.id WHERE $where AND `state` IN (1,2,3,4) $sql_search";
|
||||
|
||||
$count_sql = "SELECT COUNT(`alerts`.`id`) $sql";
|
||||
$total = dbFetchCell($count_sql,$param);
|
||||
@@ -78,14 +86,12 @@ foreach (dbFetchRows($sql,$param) as $alert) {
|
||||
$severity .= " <strong>-</strong>";
|
||||
}
|
||||
|
||||
if ($_SESSION['userlevel'] >= '10') {
|
||||
$ack_ico = 'volume-up';
|
||||
$ack_col = 'success';
|
||||
if($alert['state'] == 2) {
|
||||
$ack_ico = 'volume-off';
|
||||
$ack_col = 'danger';
|
||||
}
|
||||
}
|
||||
$ack_ico = 'volume-up';
|
||||
$ack_col = 'success';
|
||||
if($alert['state'] == 2) {
|
||||
$ack_ico = 'volume-off';
|
||||
$ack_col = 'danger';
|
||||
}
|
||||
|
||||
$hostname = '
|
||||
<div class="incident">
|
||||
|
||||
@@ -2,14 +2,22 @@
|
||||
|
||||
$param = array();
|
||||
|
||||
$sql = " FROM `ipv4_mac` AS M, `ports` AS P, `devices` AS D WHERE M.port_id = P.port_id AND P.device_id = D.device_id ";
|
||||
$sql .= " FROM `ipv4_mac` AS M, `ports` AS P, `devices` AS D ";
|
||||
|
||||
if (is_admin() === FALSE && is_read() === FALSE) {
|
||||
$sql .= " LEFT JOIN `devices_perms` AS `DP` ON `D`.`device_id` = `DP`.`device_id`";
|
||||
$where .= " AND `DP`.`user_id`=?";
|
||||
$param[] = $_SESSION['user_id'];
|
||||
}
|
||||
|
||||
$sql .= " WHERE M.port_id = P.port_id AND P.device_id = D.device_id $where ";
|
||||
|
||||
if (isset($_POST['searchby']) && $_POST['searchby'] == "ip") {
|
||||
$sql .= " AND `ipv4_address` LIKE ?";
|
||||
$param = array("%".trim($_POST['address'])."%");
|
||||
$param[] = "%".trim($_POST['address'])."%";
|
||||
} elseif (isset($_POST['searchby']) && $_POST['searchby'] == "mac") {
|
||||
$sql .= " AND `mac_address` LIKE ?";
|
||||
$param = array("%".str_replace(array(':', ' ', '-', '.', '0x'),'',mres($_POST['address']))."%");
|
||||
$param[] = "%".str_replace(array(':', ' ', '-', '.', '0x'),'',mres($_POST['address']))."%";
|
||||
}
|
||||
|
||||
if (is_numeric($_POST['device_id'])) {
|
||||
@@ -70,7 +78,7 @@ foreach (dbFetchRows($sql, $param) as $entry) {
|
||||
$response[] = array('mac_address'=>formatMac($entry['mac_address']),
|
||||
'ipv4_address'=>$entry['ipv4_address'],
|
||||
'hostname'=>generate_device_link($entry),
|
||||
'interface'=>generate_port_link($entry, makeshortif(fixifname(ifLabel($entry)['label']))) . ' ' . $error_img,
|
||||
'interface'=>generate_port_link($entry, makeshortif(fixifname(ifLabel($entry['label'])))) . ' ' . $error_img,
|
||||
'remote_device'=>$arp_name,
|
||||
'remote_interface'=>$arp_if);
|
||||
}
|
||||
|
||||
@@ -30,7 +30,16 @@ var grid = $("#arp-search").bootgrid({
|
||||
<?php
|
||||
|
||||
// Select the devices only with ARP tables
|
||||
foreach (dbFetchRows("SELECT D.device_id AS device_id, `hostname` FROM `ipv4_mac` AS M, `ports` AS P, `devices` AS D WHERE M.port_id = P.port_id AND P.device_id = D.device_id GROUP BY `device_id` ORDER BY `hostname`") as $data) {
|
||||
$sql = "SELECT D.device_id AS device_id, `hostname` FROM `ipv4_mac` AS M, `ports` AS P, `devices` AS D";
|
||||
|
||||
if (is_admin() === FALSE && is_read() === FALSE) {
|
||||
$sql .= " LEFT JOIN `devices_perms` AS `DP` ON `D`.`device_id` = `DP`.`device_id`";
|
||||
$where .= " AND `DP`.`user_id`=?";
|
||||
$param[] = $_SESSION['user_id'];
|
||||
}
|
||||
|
||||
$sql .= " WHERE M.port_id = P.port_id AND P.device_id = D.device_id $where GROUP BY `device_id` ORDER BY `hostname`";
|
||||
foreach (dbFetchRows($sql,$param) as $data) {
|
||||
echo('"<option value=\"'.$data['device_id'].'\""+');
|
||||
if ($data['device_id'] == $_POST['device_id']) {
|
||||
echo('" selected "+');
|
||||
|
||||
@@ -26,7 +26,18 @@ var grid = $("#ipv4-search").bootgrid({
|
||||
"<select name=\"device_id\" id=\"device_id\" class=\"form-control input-sm\">"+
|
||||
"<option value=\"\">All Devices</option>"+
|
||||
<?php
|
||||
foreach (dbFetchRows("SELECT `device_id`,`hostname` FROM `devices` GROUP BY `hostname` ORDER BY `hostname`") as $data) {
|
||||
|
||||
$sql = "SELECT `devices`.`device_id`,`hostname` FROM `devices`";
|
||||
|
||||
if (is_admin() === FALSE && is_read() === FALSE) {
|
||||
$sql .= " LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`";
|
||||
$where .= " WHERE `DP`.`user_id`=?";
|
||||
$param[] = $_SESSION['user_id'];
|
||||
}
|
||||
|
||||
$sql .= " $where GROUP BY `hostname` ORDER BY `hostname`";
|
||||
|
||||
foreach (dbFetchRows($sql,$param) as $data) {
|
||||
echo('"<option value=\"'.$data['device_id'].'\""+');
|
||||
if ($data['device_id'] == $_POST['device_id']) {
|
||||
echo('" selected "+');
|
||||
|
||||
@@ -25,7 +25,18 @@ var grid = $("#ipv6-search").bootgrid({
|
||||
"<select name=\"device_id\" id=\"device_id\" class=\"form-control input-sm\">"+
|
||||
"<option value=\"\">All Devices</option>"+
|
||||
<?php
|
||||
foreach (dbFetchRows("SELECT `device_id`,`hostname` FROM `devices` GROUP BY `hostname` ORDER BY `hostname`") as $data) {
|
||||
|
||||
$sql = "SELECT `devices`.`device_id`,`hostname` FROM `devices`";
|
||||
|
||||
if (is_admin() === FALSE && is_read() === FALSE) {
|
||||
$sql .= " LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`";
|
||||
$where .= " WHERE `DP`.`user_id`=?";
|
||||
$param[] = $_SESSION['user_id'];
|
||||
}
|
||||
|
||||
$sql .= " $where GROUP BY `hostname` ORDER BY `hostname`";
|
||||
|
||||
foreach (dbFetchRows($sql,$param) as $data) {
|
||||
echo('"<option value=\"'.$data['device_id'].'\""+');
|
||||
if ($data['device_id'] == $_POST['device_id']) {
|
||||
echo('" selected"+');
|
||||
|
||||
@@ -26,7 +26,16 @@ var grid = $("#mac-search").bootgrid({
|
||||
"<select name=\"device_id\" id=\"device_id\" class=\"form-control input-sm\">"+
|
||||
"<option value=\"\">All Devices</option>"+
|
||||
<?php
|
||||
foreach (dbFetchRows("SELECT `device_id`,`hostname` FROM `devices` GROUP BY `hostname` ORDER BY `hostname`") as $data) {
|
||||
$sql = "SELECT `devices`.`device_id`,`hostname` FROM `devices`";
|
||||
|
||||
if (is_admin() === FALSE && is_read() === FALSE) {
|
||||
$sql .= " LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`";
|
||||
$where .= " WHERE `DP`.`user_id`=?";
|
||||
$param[] = $_SESSION['user_id'];
|
||||
}
|
||||
|
||||
$sql .= " $where GROUP BY `hostname` ORDER BY `hostname`";
|
||||
foreach (dbFetchRows($sql,$param) as $data) {
|
||||
echo('"<option value=\"'.$data['device_id'].'\""+');
|
||||
if ($data['device_id'] == $_POST['device_id']) {
|
||||
echo('" selected "+');
|
||||
|
||||
@@ -70,9 +70,18 @@ if(isset($_POST['results_amount']) && $_POST['results_amount'] > 0) {
|
||||
|
||||
$count_query = "SELECT COUNT(*) FROM ( ";
|
||||
$full_query = "";
|
||||
$query = 'SELECT packages.name FROM packages,devices WHERE packages.device_id = devices.device_id AND packages.name LIKE "%'.mres($_POST['package']).'%" GROUP BY packages.name';
|
||||
$where = '';
|
||||
$query = 'SELECT packages.name FROM packages,devices ';
|
||||
$param = array();
|
||||
|
||||
if (is_admin() === FALSE && is_read() === FALSE) {
|
||||
$query .= " LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`";
|
||||
$sql_where .= " AND `DP`.`user_id`=?";
|
||||
$param[] = $_SESSION['user_id'];
|
||||
}
|
||||
|
||||
$query .= " WHERE packages.device_id = devices.device_id AND packages.name LIKE '%".mres($_POST['package'])."%' $sql_where GROUP BY packages.name";
|
||||
|
||||
$where = '';
|
||||
$ver = "";
|
||||
$opt = "";
|
||||
|
||||
|
||||
Reference in New Issue
Block a user