p39718465
/
zabbix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e2557dd2e7'
${ noResults }
zabbix/ui/app/controllers/CControllerUserUpdateGenera...

196 lines
4.8 KiB
Raw Normal View History Unescape

zabbix6.0
1 year ago
<?php
/*
** Zabbix
** Copyright (C) 2001-2023 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
/**
* Class containing operations for updating a user.
*/
abstract class CControllerUserUpdateGeneral extends CController {
/**
* Allow empty password.
*
* @var bool
*/
protected $allow_empty_password;
/**
* @var array
*/
protected $timezones;
protected function init() {
parent::init();
$this->timezones = array_keys(CTimezoneHelper::getList());
$this->timezones[] = TIMEZONE_DEFAULT;
}
/**
* Get groups gui access.
*
* @param array $usrgrps
* @param string $usrgrps[]['gui_access']
*
* @return int
*/
private static function hasInternalAuth($usrgrps) {
$system_gui_access =
(CAuthenticationHelper::get(CAuthenticationHelper::AUTHENTICATION_TYPE) == ZBX_AUTH_INTERNAL)
? GROUP_GUI_ACCESS_INTERNAL
: GROUP_GUI_ACCESS_LDAP;
foreach($usrgrps as $usrgrp) {
$gui_access = ($usrgrp['gui_access'] == GROUP_GUI_ACCESS_SYSTEM)
? $system_gui_access
: $usrgrp['gui_access'];
if ($gui_access == GROUP_GUI_ACCESS_INTERNAL) {
return true;
}
}
return false;
}
/**
* Validate current password directly from input when updating user.
*
* @return bool
*/
protected function validateCurrentPassword(): bool {
$this->allow_empty_password = !self::hasInternalAuth($this->getUserGroups());
$current_password = $this->hasInput('current_password') ? $this->getInput('current_password') : null;
if ($current_password === '' && !$this->allow_empty_password) {
error(_s('Incorrect value for field "%1$s": %2$s.', _('Current password'), _('cannot be empty')));
return false;
}
return true;
}
/**
* Validate password directly from input when updating user.
*
* @return bool
*/
protected function validatePassword(): bool {
$this->allow_empty_password = !self::hasInternalAuth($this->getUserGroups());
$password1 = $this->hasInput('password1') ? $this->getInput('password1') : null;
$password2 = $this->hasInput('password2') ? $this->getInput('password2') : null;
if ($password1 !== null && $password2 !== null) {
if ($password1 !== $password2) {
error(_('Both passwords must be equal.'));
return false;
}
if ($password1 === '' && !$this->allow_empty_password) {
error(_s('Incorrect value for field "%1$s": %2$s.', _('Password'), _('cannot be empty')));
return false;
}
}
return true;
}
/**
* Validate user role from user input.
*
* @return bool
*/
protected function validateUserRole(): bool {
if ($this->hasInput('roleid')) {
$role = API::Role()->get(['output' => [], 'roleids' => [$this->getInput('roleid')]]);
if (!$role) {
error(_('No permissions to referred object or it does not exist!'));
return false;
}
}
else {
[$db_user] = API::User()->get([
'output' => [],
'selectRole' => ['roleid'],
'userids' => $this->getInput('userid')
]);
if ($db_user['role']) {
error(_s('Field "%1$s" is mandatory.', 'roleid'));
return false;
}
}
return true;
}
/**
* Get user medias data from form input.
*
* @return array of user medias sent by form.
*/
protected function getInputUserMedia(): array {
$medias = [];
$media_fields = array_fill_keys(['mediatypeid', 'sendto', 'active', 'severity', 'period'], '');
foreach ($this->getInput('medias', []) as $media) {
$medias[] = array_intersect_key($media, $media_fields);
}
return $medias;
}
/**
* Get user groups.
*
* @return array of usergroupids.
*/
protected function getUserGroups(): array {
$usrgrps = [];
if ($this instanceof CControllerUserProfileUpdate) {
$usrgrps = API::UserGroup()->get([
'output' => ['gui_access'],
'userids' => CWebUser::$data['userid'],
'filter' => [
'gui_access' => [GROUP_GUI_ACCESS_SYSTEM, GROUP_GUI_ACCESS_INTERNAL]
]
]);
}
elseif ($this->getInput('user_groups', [])) {
$usrgrps = API::UserGroup()->get([
'output' => ['gui_access'],
'usrgrpids' => $this->getInput('user_groups'),
'filter' => [
'gui_access' => [GROUP_GUI_ACCESS_SYSTEM, GROUP_GUI_ACCESS_INTERNAL]
]
]);
}
return $usrgrps;
}
}