You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
308 lines
9.4 KiB
308 lines
9.4 KiB
1 year ago
|
<?php
|
||
|
/*
|
||
|
** Zabbix
|
||
|
** Copyright (C) 2001-2023 Zabbix SIA
|
||
|
**
|
||
|
** This program is free software; you can redistribute it and/or modify
|
||
|
** it under the terms of the GNU General Public License as published by
|
||
|
** the Free Software Foundation; either version 2 of the License, or
|
||
|
** (at your option) any later version.
|
||
|
**
|
||
|
** This program is distributed in the hope that it will be useful,
|
||
|
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
** GNU General Public License for more details.
|
||
|
**
|
||
|
** You should have received a copy of the GNU General Public License
|
||
|
** along with this program; if not, write to the Free Software
|
||
|
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||
|
**/
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Class containing operations with user edit form.
|
||
|
*/
|
||
|
class CControllerUserEdit extends CControllerUserEditGeneral {
|
||
|
|
||
|
protected function checkInput() {
|
||
|
$locales = array_keys(getLocales());
|
||
|
$locales[] = LANG_DEFAULT;
|
||
|
$themes = array_keys(APP::getThemes());
|
||
|
$themes[] = THEME_DEFAULT;
|
||
|
|
||
|
$fields = [
|
||
|
'userid' => 'db users.userid',
|
||
|
'username' => 'db users.username',
|
||
|
'name' => 'db users.name',
|
||
|
'surname' => 'db users.surname',
|
||
|
'user_groups' => 'array_id',
|
||
|
'change_password' => 'in 1',
|
||
|
'current_password' => 'string',
|
||
|
'password1' => 'string',
|
||
|
'password2' => 'string',
|
||
|
'lang' => 'db users.lang|in '.implode(',', $locales),
|
||
|
'timezone' => 'db users.timezone|in '.implode(',', array_keys($this->timezones)),
|
||
|
'theme' => 'db users.theme|in '.implode(',', $themes),
|
||
|
'autologin' => 'db users.autologin|in 0,1',
|
||
|
'autologout' => 'db users.autologout',
|
||
|
'refresh' => 'db users.refresh',
|
||
|
'rows_per_page' => 'db users.rows_per_page',
|
||
|
'url' => 'db users.url',
|
||
|
'medias' => 'array',
|
||
|
'new_media' => 'array',
|
||
|
'enable_media' => 'int32',
|
||
|
'disable_media' => 'int32',
|
||
|
'roleid' => 'id',
|
||
|
'form_refresh' => 'int32'
|
||
|
];
|
||
|
|
||
|
$ret = $this->validateInput($fields);
|
||
|
|
||
|
if (!$ret) {
|
||
|
$this->setResponse(new CControllerResponseFatal());
|
||
|
}
|
||
|
|
||
|
return $ret;
|
||
|
}
|
||
|
|
||
|
protected function checkPermissions(): bool {
|
||
|
if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USERS)) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
if ($this->getInput('userid', 0) != 0) {
|
||
|
$users = API::User()->get([
|
||
|
'output' => ['username', 'name', 'surname', 'lang', 'theme', 'autologin', 'autologout', 'refresh',
|
||
|
'rows_per_page', 'url', 'roleid', 'timezone', 'userdirectoryid'
|
||
|
],
|
||
|
'selectMedias' => ['mediatypeid', 'period', 'sendto', 'severity', 'active'],
|
||
|
'selectRole' => ['roleid'],
|
||
|
'selectUsrgrps' => ['usrgrpid'],
|
||
|
'userids' => $this->getInput('userid'),
|
||
|
'editable' => true
|
||
|
]);
|
||
|
|
||
|
if (!$users) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
$this->user = $users[0];
|
||
|
}
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
protected function doAction(): void {
|
||
|
$db_defaults = DB::getDefaults('users');
|
||
|
|
||
|
$data = [
|
||
|
'userid' => 0,
|
||
|
'username' => '',
|
||
|
'name' => '',
|
||
|
'surname' => '',
|
||
|
'current_password' => '',
|
||
|
'password1' => '',
|
||
|
'password2' => '',
|
||
|
'lang' => $db_defaults['lang'],
|
||
|
'timezone' => $db_defaults['timezone'],
|
||
|
'timezones' => $this->timezones,
|
||
|
'theme' => $db_defaults['theme'],
|
||
|
'autologin' => $db_defaults['autologin'],
|
||
|
'autologout' => '0',
|
||
|
'refresh' => $db_defaults['refresh'],
|
||
|
'rows_per_page' => $db_defaults['rows_per_page'],
|
||
|
'url' => '',
|
||
|
'medias' => [],
|
||
|
'new_media' => [],
|
||
|
'roleid' => '',
|
||
|
'role' => [],
|
||
|
'modules_rules' => [],
|
||
|
'user_type' => '',
|
||
|
'form_refresh' => 0,
|
||
|
'action' => $this->getAction(),
|
||
|
'db_user' => ['username' => ''],
|
||
|
'userdirectoryid' => 0
|
||
|
];
|
||
|
$user_groups = [];
|
||
|
|
||
|
if ($this->getInput('userid', 0) != 0) {
|
||
|
$data['userid'] = $this->getInput('userid');
|
||
|
$data['username'] = $this->user['username'];
|
||
|
$data['name'] = $this->user['name'];
|
||
|
$data['surname'] = $this->user['surname'];
|
||
|
$user_groups = array_column($this->user['usrgrps'], 'usrgrpid');
|
||
|
$data['change_password'] = $this->hasInput('change_password') || $this->hasInput('password1');
|
||
|
$data['current_password'] = '';
|
||
|
$data['password1'] = '';
|
||
|
$data['password2'] = '';
|
||
|
$data['lang'] = $this->user['lang'];
|
||
|
$data['timezone'] = $this->user['timezone'];
|
||
|
$data['theme'] = $this->user['theme'];
|
||
|
$data['autologin'] = $this->user['autologin'];
|
||
|
$data['autologout'] = $this->user['autologout'];
|
||
|
$data['refresh'] = $this->user['refresh'];
|
||
|
$data['rows_per_page'] = $this->user['rows_per_page'];
|
||
|
$data['url'] = $this->user['url'];
|
||
|
$data['medias'] = $this->user['medias'];
|
||
|
$data['db_user']['username'] = $this->user['username'];
|
||
|
$data['userdirectoryid'] = $this->user['userdirectoryid'];
|
||
|
$data['roleid_required'] = (bool) $this->user['role'];
|
||
|
|
||
|
if (!$this->getInput('form_refresh', 0)) {
|
||
|
$data['roleid'] = $this->user['roleid'];
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
$data['change_password'] = true;
|
||
|
$data['roleid_required'] = true;
|
||
|
$data['roleid'] = $this->getInput('roleid', '');
|
||
|
}
|
||
|
|
||
|
// Overwrite with input variables.
|
||
|
$this->getInputs($data, ['username', 'name', 'surname', 'change_password', 'password1', 'password2', 'lang',
|
||
|
'timezone', 'theme', 'autologin', 'autologout', 'refresh', 'rows_per_page', 'url', 'form_refresh', 'roleid'
|
||
|
]);
|
||
|
if ($data['form_refresh'] != 0) {
|
||
|
$user_groups = $this->getInput('user_groups', []);
|
||
|
$data['medias'] = $this->getInput('medias', []);
|
||
|
}
|
||
|
|
||
|
$data['password_requirements'] = $this->getPasswordRequirements();
|
||
|
$data = $this->setUserMedias($data);
|
||
|
|
||
|
$data['groups'] = $user_groups
|
||
|
? API::UserGroup()->get([
|
||
|
'output' => ['usrgrpid', 'name', 'userdirectoryid'],
|
||
|
'usrgrpids' => $user_groups
|
||
|
])
|
||
|
: [];
|
||
|
CArrayHelper::sort($data['groups'], ['name']);
|
||
|
$data['groups'] = CArrayHelper::renameObjectsKeys($data['groups'], ['usrgrpid' => 'id']);
|
||
|
|
||
|
$data['internal_auth'] = true;
|
||
|
|
||
|
foreach ($data['groups'] as $group) {
|
||
|
if ($group['userdirectoryid'] != 0) {
|
||
|
$data['internal_auth'] = false;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ($data['roleid']) {
|
||
|
$roles = API::Role()->get([
|
||
|
'output' => ['name', 'type'],
|
||
|
'selectRules' => ['services.read.mode', 'services.read.list', 'services.read.tag',
|
||
|
'services.write.mode', 'services.write.list', 'services.write.tag', 'modules'
|
||
|
],
|
||
|
'roleids' => $data['roleid']
|
||
|
]);
|
||
|
|
||
|
if ($roles) {
|
||
|
$role = $roles[0];
|
||
|
|
||
|
$data['role'] = [['id' => $data['roleid'], 'name' => $role['name']]];
|
||
|
$data['user_type'] = $role['type'];
|
||
|
|
||
|
if ($role['rules']['services.read.mode'] == ZBX_ROLE_RULE_SERVICES_ACCESS_ALL) {
|
||
|
$data['service_read_access'] = CRoleHelper::SERVICES_ACCESS_ALL;
|
||
|
}
|
||
|
elseif ($role['rules']['services.read.list'] || $role['rules']['services.read.tag']['tag'] !== '') {
|
||
|
$data['service_read_access'] = CRoleHelper::SERVICES_ACCESS_LIST;
|
||
|
}
|
||
|
else {
|
||
|
$data['service_read_access'] = CRoleHelper::SERVICES_ACCESS_NONE;
|
||
|
}
|
||
|
|
||
|
$data['service_read_list'] = API::Service()->get([
|
||
|
'output' => ['serviceid', 'name'],
|
||
|
'serviceids' => array_column($role['rules']['services.read.list'], 'serviceid')
|
||
|
]);
|
||
|
$data['service_read_tag'] = $role['rules']['services.read.tag'];
|
||
|
|
||
|
if ($role['rules']['services.write.mode'] == ZBX_ROLE_RULE_SERVICES_ACCESS_ALL) {
|
||
|
$data['service_write_access'] = CRoleHelper::SERVICES_ACCESS_ALL;
|
||
|
}
|
||
|
elseif ($role['rules']['services.write.list'] || $role['rules']['services.write.tag']['tag'] !== '') {
|
||
|
$data['service_write_access'] = CRoleHelper::SERVICES_ACCESS_LIST;
|
||
|
}
|
||
|
else {
|
||
|
$data['service_write_access'] = CRoleHelper::SERVICES_ACCESS_NONE;
|
||
|
}
|
||
|
|
||
|
$data['service_write_list'] = API::Service()->get([
|
||
|
'output' => ['serviceid', 'name'],
|
||
|
'serviceids' => array_column($role['rules']['services.write.list'], 'serviceid')
|
||
|
]);
|
||
|
$data['service_write_tag'] = $role['rules']['services.write.tag'];
|
||
|
|
||
|
foreach ($role['rules']['modules'] as $rule) {
|
||
|
$data['modules_rules'][$rule['moduleid']] = $rule['status'];
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ($data['user_type'] == USER_TYPE_SUPER_ADMIN) {
|
||
|
$data['groups_rights'] = [
|
||
|
'0' => [
|
||
|
'permission' => PERM_READ_WRITE,
|
||
|
'name' => '',
|
||
|
'grouped' => '1'
|
||
|
]
|
||
|
];
|
||
|
$data['templategroups_rights'] = [
|
||
|
'0' => [
|
||
|
'permission' => PERM_READ_WRITE,
|
||
|
'name' => '',
|
||
|
'grouped' => '1'
|
||
|
]
|
||
|
];
|
||
|
}
|
||
|
else {
|
||
|
$data['groups_rights'] = collapseGroupRights(getHostGroupsRights($user_groups));
|
||
|
$data['templategroups_rights'] = collapseGroupRights(getTemplateGroupsRights($user_groups));
|
||
|
}
|
||
|
|
||
|
$data['modules'] = [];
|
||
|
|
||
|
$db_modules = API::Module()->get([
|
||
|
'output' => ['moduleid', 'relative_path', 'status']
|
||
|
]);
|
||
|
|
||
|
$data['readonly'] = false;
|
||
|
if ($data['userdirectoryid'] != 0) {
|
||
|
$data['readonly'] = true;
|
||
|
}
|
||
|
|
||
|
if ($db_modules) {
|
||
|
$module_manager = new CModuleManager(APP::getRootDir());
|
||
|
|
||
|
foreach ($db_modules as $db_module) {
|
||
|
$manifest = $module_manager->addModule($db_module['relative_path']);
|
||
|
|
||
|
if ($manifest !== null) {
|
||
|
$data['modules'][$db_module['moduleid']] = $manifest['name'];
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
natcasesort($data['modules']);
|
||
|
|
||
|
$disabled_modules = array_filter($db_modules,
|
||
|
static function(array $db_module): bool {
|
||
|
return $db_module['status'] == MODULE_STATUS_DISABLED;
|
||
|
}
|
||
|
);
|
||
|
|
||
|
$data['disabled_moduleids'] = array_column($disabled_modules, 'moduleid', 'moduleid');
|
||
|
|
||
|
$data['mediatypes'] = API::MediaType()->get([
|
||
|
'output' => ['status'],
|
||
|
'preservekeys' => true
|
||
|
]);
|
||
|
|
||
|
$response = new CControllerResponseData($data);
|
||
|
$response->setTitle(_('Configuration of users'));
|
||
|
$this->setResponse($response);
|
||
|
}
|
||
|
}
|