_('Read-write'), PERM_READ => _('Read only'), PERM_DENY => _('Deny') ]; return $permissions[$permission]; } /** * Get authentication label. * * @param int $type * * @return string */ function authentication2str($type) { $authentications = [ ZBX_AUTH_INTERNAL => _('Zabbix internal authentication'), ZBX_AUTH_LDAP => _('LDAP authentication') ]; return $authentications[$type]; } /*********************************************** CHECK USER ACCESS TO SYSTEM STATUS ************************************************/ /* Function: check_perm2system() * * Description: * Checking user permissions to access system (affects server side: no notification will be sent) * * Comments: * return true if permission is positive */ function check_perm2system($userid) { $sql = 'SELECT g.usrgrpid'. ' FROM usrgrp g,users_groups ug'. ' WHERE ug.userid='.zbx_dbstr($userid). ' AND g.usrgrpid=ug.usrgrpid'. ' AND g.users_status='.GROUP_STATUS_DISABLED; if ($res = DBfetch(DBselect($sql, 1))) { return false; } return true; } /** * Checking user permissions to login in frontend. * * @param string $userId * * @return bool */ function check_perm2login($userId) { return (getUserGuiAccess($userId) != GROUP_GUI_ACCESS_DISABLED); } /** * Get user gui access. * * @param string $userid * * @return int */ function getUserGuiAccess(string $userid): int { if (isset(CWebUser::$data['gui_access'])) { return CWebUser::$data['gui_access']; } $gui_access = DBfetch(DBselect( 'SELECT MAX(g.gui_access) AS gui_access'. ' FROM usrgrp g,users_groups ug'. ' WHERE g.usrgrpid=ug.usrgrpid'. ' AND ug.userid='.zbx_dbstr($userid) )); return $gui_access ? $gui_access['gui_access'] : GROUP_GUI_ACCESS_SYSTEM; } /** * Get user authentication type. * * @param int $gui_access Frontend access. GROUP_GUI_ACCESS_* * * @return int */ function getUserAuthenticationType($gui_access) { switch ($gui_access) { case GROUP_GUI_ACCESS_SYSTEM: return CAuthenticationHelper::get(CAuthenticationHelper::AUTHENTICATION_TYPE); case GROUP_GUI_ACCESS_INTERNAL: return ZBX_AUTH_INTERNAL; case GROUP_GUI_ACCESS_LDAP: return ZBX_AUTH_LDAP; default: return CAuthenticationHelper::get(CAuthenticationHelper::AUTHENTICATION_TYPE); } } /*********************************************** GET ACCESSIBLE RESOURCES BY RIGHTS ************************************************/ /* NOTE: right structure is $rights[i]['type'] = type of resource $rights[i]['permission']= permission for resource $rights[i]['id'] = resource id */ function get_accessible_hosts_by_rights(&$rights, $user_type, $perm) { $result = []; $res_perm = []; foreach ($rights as $id => $right) { $res_perm[$right['id']] = $right['permission']; } $host_perm = []; $where = []; array_push($where, 'h.status in ('.HOST_STATUS_MONITORED.','.HOST_STATUS_NOT_MONITORED.','.HOST_STATUS_TEMPLATE.')'); array_push($where, dbConditionInt('h.flags', [ZBX_FLAG_DISCOVERY_NORMAL, ZBX_FLAG_DISCOVERY_CREATED])); $where = count($where) ? $where = ' WHERE '.implode(' AND ', $where) : ''; $perm_by_host = []; $dbHosts = DBselect( 'SELECT hg.groupid AS groupid,h.hostid,h.host,h.name AS host_name,h.status'. ' FROM hosts h'. ' LEFT JOIN hosts_groups hg ON hg.hostid=h.hostid'. $where ); while ($dbHost = DBfetch($dbHosts)) { if (isset($dbHost['groupid']) && isset($res_perm[$dbHost['groupid']])) { if (!isset($perm_by_host[$dbHost['hostid']])) { $perm_by_host[$dbHost['hostid']] = []; } $perm_by_host[$dbHost['hostid']][] = $res_perm[$dbHost['groupid']]; $host_perm[$dbHost['hostid']][$dbHost['groupid']] = $res_perm[$dbHost['groupid']]; } $host_perm[$dbHost['hostid']]['data'] = $dbHost; } foreach ($host_perm as $hostid => $dbHost) { $dbHost = $dbHost['data']; // select min rights from groups if (USER_TYPE_SUPER_ADMIN == $user_type) { $dbHost['permission'] = PERM_READ_WRITE; } else { if (isset($perm_by_host[$hostid])) { $dbHost['permission'] = (min($perm_by_host[$hostid]) == PERM_DENY) ? PERM_DENY : max($perm_by_host[$hostid]); } else { $dbHost['permission'] = PERM_DENY; } } if ($dbHost['permission'] < $perm) { continue; } $result[$dbHost['hostid']] = $dbHost; } CArrayHelper::sort($result, [ ['field' => 'host_name', 'order' => ZBX_SORT_UP] ]); return $result; } function get_accessible_groups_by_rights(&$rights, $user_type, $perm) { $result = []; $group_perm = []; foreach ($rights as $right) { $group_perm[$right['id']] = $right['permission']; } $dbHostGroups = DBselect('SELECT g.*,'.PERM_DENY.' AS permission FROM hstgrp g'); while ($dbHostGroup = DBfetch($dbHostGroups)) { if ($user_type == USER_TYPE_SUPER_ADMIN) { $dbHostGroup['permission'] = PERM_READ_WRITE; } elseif (isset($group_perm[$dbHostGroup['groupid']])) { $dbHostGroup['permission'] = $group_perm[$dbHostGroup['groupid']]; } else { $dbHostGroup['permission'] = PERM_DENY; } if ($dbHostGroup['permission'] < $perm) { continue; } $result[$dbHostGroup['groupid']] = $dbHostGroup; } CArrayHelper::sort($result, [ ['field' => 'name', 'order' => ZBX_SORT_UP] ]); return $result; } /** * Returns array of user groups by $userId * * @param int $userId * * @return array */ function getUserGroupsByUserId($userId) { static $userGroups; if (!isset($userGroups[$userId])) { $userGroups[$userId] = []; $result = DBselect('SELECT usrgrpid FROM users_groups WHERE userid='.zbx_dbstr($userId)); while ($row = DBfetch($result)) { $userGroups[$userId][] = $row['usrgrpid']; } } return $userGroups[$userId]; }