diff --git a/html/includes/table/address-search.inc.php b/html/includes/table/address-search.inc.php index 3cb96a4b8..a50d06afc 100644 --- a/html/includes/table/address-search.inc.php +++ b/html/includes/table/address-search.inc.php @@ -1,11 +1,18 @@ 0) { } if (isset($searchPhrase) && !empty($searchPhrase)) { - $sql .= " AND (`timestamp` LIKE '%$searchPhrase%' OR `rule` LIKE '%$searchPhrase%' OR `name` LIKE '%$searchPhrase%' OR `hostname` LIKE '%$searchPhrase%')"; + $sql_search .= " AND (`timestamp` LIKE '%$searchPhrase%' OR `rule` LIKE '%$searchPhrase%' OR `name` LIKE '%$searchPhrase%' OR `hostname` LIKE '%$searchPhrase%')"; } -$sql = " FROM `alerts` LEFT JOIN `devices` ON `alerts`.`device_id`=`devices`.`device_id` RIGHT JOIN alert_rules ON alerts.rule_id=alert_rules.id WHERE $where AND `state` IN (1,2,3,4) $sql"; +$sql = " FROM `alerts` LEFT JOIN `devices` ON `alerts`.`device_id`=`devices`.`device_id`"; + +if (is_admin() === FALSE && is_read() === FALSE) { + $sql .= " LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`"; + $where .= " AND `DP`.`user_id`=?"; + $param[] = $_SESSION['user_id']; +} + +$sql .= " RIGHT JOIN alert_rules ON alerts.rule_id=alert_rules.id WHERE $where AND `state` IN (1,2,3,4) $sql_search"; $count_sql = "SELECT COUNT(`alerts`.`id`) $sql"; $total = dbFetchCell($count_sql,$param); @@ -78,14 +86,12 @@ foreach (dbFetchRows($sql,$param) as $alert) { $severity .= " -"; } - if ($_SESSION['userlevel'] >= '10') { - $ack_ico = 'volume-up'; - $ack_col = 'success'; - if($alert['state'] == 2) { - $ack_ico = 'volume-off'; - $ack_col = 'danger'; - } - } + $ack_ico = 'volume-up'; + $ack_col = 'success'; + if($alert['state'] == 2) { + $ack_ico = 'volume-off'; + $ack_col = 'danger'; + } $hostname = '
diff --git a/html/includes/table/arp-search.inc.php b/html/includes/table/arp-search.inc.php index d4a9eaaf8..dd5c6225e 100644 --- a/html/includes/table/arp-search.inc.php +++ b/html/includes/table/arp-search.inc.php @@ -2,14 +2,22 @@ $param = array(); -$sql = " FROM `ipv4_mac` AS M, `ports` AS P, `devices` AS D WHERE M.port_id = P.port_id AND P.device_id = D.device_id "; +$sql .= " FROM `ipv4_mac` AS M, `ports` AS P, `devices` AS D "; + +if (is_admin() === FALSE && is_read() === FALSE) { + $sql .= " LEFT JOIN `devices_perms` AS `DP` ON `D`.`device_id` = `DP`.`device_id`"; + $where .= " AND `DP`.`user_id`=?"; + $param[] = $_SESSION['user_id']; +} + +$sql .= " WHERE M.port_id = P.port_id AND P.device_id = D.device_id $where "; if (isset($_POST['searchby']) && $_POST['searchby'] == "ip") { $sql .= " AND `ipv4_address` LIKE ?"; - $param = array("%".trim($_POST['address'])."%"); + $param[] = "%".trim($_POST['address'])."%"; } elseif (isset($_POST['searchby']) && $_POST['searchby'] == "mac") { $sql .= " AND `mac_address` LIKE ?"; - $param = array("%".str_replace(array(':', ' ', '-', '.', '0x'),'',mres($_POST['address']))."%"); + $param[] = "%".str_replace(array(':', ' ', '-', '.', '0x'),'',mres($_POST['address']))."%"; } if (is_numeric($_POST['device_id'])) { @@ -70,7 +78,7 @@ foreach (dbFetchRows($sql, $param) as $entry) { $response[] = array('mac_address'=>formatMac($entry['mac_address']), 'ipv4_address'=>$entry['ipv4_address'], 'hostname'=>generate_device_link($entry), - 'interface'=>generate_port_link($entry, makeshortif(fixifname(ifLabel($entry)['label']))) . ' ' . $error_img, + 'interface'=>generate_port_link($entry, makeshortif(fixifname(ifLabel($entry['label'])))) . ' ' . $error_img, 'remote_device'=>$arp_name, 'remote_interface'=>$arp_if); } diff --git a/html/pages/search/arp.inc.php b/html/pages/search/arp.inc.php index 5e7df4266..a4dcbd113 100644 --- a/html/pages/search/arp.inc.php +++ b/html/pages/search/arp.inc.php @@ -30,7 +30,16 @@ var grid = $("#arp-search").bootgrid({ "+ ""+ "+ ""+ "+ ""+ 0) { $count_query = "SELECT COUNT(*) FROM ( "; $full_query = ""; -$query = 'SELECT packages.name FROM packages,devices WHERE packages.device_id = devices.device_id AND packages.name LIKE "%'.mres($_POST['package']).'%" GROUP BY packages.name'; -$where = ''; +$query = 'SELECT packages.name FROM packages,devices '; $param = array(); + +if (is_admin() === FALSE && is_read() === FALSE) { + $query .= " LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`"; + $sql_where .= " AND `DP`.`user_id`=?"; + $param[] = $_SESSION['user_id']; +} + +$query .= " WHERE packages.device_id = devices.device_id AND packages.name LIKE '%".mres($_POST['package'])."%' $sql_where GROUP BY packages.name"; + +$where = ''; $ver = ""; $opt = "";