You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
187 lines
6.5 KiB
187 lines
6.5 KiB
<?php
|
|
/*
|
|
** Zabbix
|
|
** Copyright (C) 2001-2023 Zabbix SIA
|
|
**
|
|
** This program is free software; you can redistribute it and/or modify
|
|
** it under the terms of the GNU General Public License as published by
|
|
** the Free Software Foundation; either version 2 of the License, or
|
|
** (at your option) any later version.
|
|
**
|
|
** This program is distributed in the hope that it will be useful,
|
|
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
** GNU General Public License for more details.
|
|
**
|
|
** You should have received a copy of the GNU General Public License
|
|
** along with this program; if not, write to the Free Software
|
|
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
**/
|
|
|
|
|
|
class CControllerUserList extends CController {
|
|
|
|
public const FILTERS_SOURCE_ALL = 0;
|
|
public const FILTERS_SOURCE_INTERNAL = 1;
|
|
public const FILTERS_SOURCE_LDAP= 2;
|
|
public const FILTERS_SOURCE_SAML = 3;
|
|
|
|
protected function init() {
|
|
$this->disableCsrfValidation();
|
|
}
|
|
|
|
protected function checkInput() {
|
|
$fields = [
|
|
'sort' => 'in username,name,surname,role_name,ts_provisioned',
|
|
'sortorder' => 'in '.ZBX_SORT_DOWN.','.ZBX_SORT_UP,
|
|
'uncheck' => 'in 1',
|
|
'filter_set' => 'in 1',
|
|
'filter_rst' => 'in 1',
|
|
'filter_username' => 'string',
|
|
'filter_name' => 'string',
|
|
'filter_surname' => 'string',
|
|
'filter_roles' => 'array_id',
|
|
'filter_usrgrpids'=> 'array_id',
|
|
'page' => 'ge 1'
|
|
];
|
|
|
|
$ret = $this->validateInput($fields);
|
|
|
|
if (!$ret) {
|
|
$this->setResponse(new CControllerResponseFatal());
|
|
}
|
|
|
|
return $ret;
|
|
}
|
|
|
|
protected function checkPermissions() {
|
|
return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USERS);
|
|
}
|
|
|
|
protected function doAction() {
|
|
$sortfield = $this->getInput('sort', CProfile::get('web.user.sort', 'username'));
|
|
$sortorder = $this->getInput('sortorder', CProfile::get('web.user.sortorder', ZBX_SORT_UP));
|
|
CProfile::update('web.user.sort', $sortfield, PROFILE_TYPE_STR);
|
|
CProfile::update('web.user.sortorder', $sortorder, PROFILE_TYPE_STR);
|
|
|
|
if ($this->hasInput('filter_set')) {
|
|
CProfile::update('web.user.filter_username', $this->getInput('filter_username', ''), PROFILE_TYPE_STR);
|
|
CProfile::update('web.user.filter_name', $this->getInput('filter_name', ''), PROFILE_TYPE_STR);
|
|
CProfile::update('web.user.filter_surname', $this->getInput('filter_surname', ''), PROFILE_TYPE_STR);
|
|
CProfile::updateArray('web.user.filter_roles', $this->getInput('filter_roles', []), PROFILE_TYPE_ID);
|
|
CProfile::updateArray('web.user.filter_usrgrpids', $this->getInput('filter_usrgrpids', []),
|
|
PROFILE_TYPE_ID
|
|
);
|
|
}
|
|
elseif ($this->hasInput('filter_rst')) {
|
|
CProfile::delete('web.user.filter_username');
|
|
CProfile::delete('web.user.filter_name');
|
|
CProfile::delete('web.user.filter_surname');
|
|
CProfile::deleteIdx('web.user.filter_roles');
|
|
CProfile::deleteIdx('web.user.filter_usrgrpids');
|
|
}
|
|
|
|
$filter = [
|
|
'username' => CProfile::get('web.user.filter_username', ''),
|
|
'name' => CProfile::get('web.user.filter_name', ''),
|
|
'surname' => CProfile::get('web.user.filter_surname', ''),
|
|
'roles' => CProfile::getArray('web.user.filter_roles', []),
|
|
'usrgrpids' => CProfile::getArray('web.user.filter_usrgrpids', [])
|
|
];
|
|
|
|
$data = [
|
|
'uncheck' => $this->hasInput('uncheck'),
|
|
'sort' => $sortfield,
|
|
'sortorder' => $sortorder,
|
|
'filter' => $filter,
|
|
'profileIdx' => 'web.user.filter',
|
|
'active_tab' => CProfile::get('web.user.filter.active', 1),
|
|
'sessions' => [],
|
|
'allowed_ui_user_groups' => $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USER_GROUPS)
|
|
];
|
|
|
|
$data['filter']['roles'] = $filter['roles']
|
|
? CArrayHelper::renameObjectsKeys(API::Role()->get([
|
|
'output' => ['roleid', 'name'],
|
|
'roleids' => $filter['roles']
|
|
]), ['roleid' => 'id'])
|
|
: [];
|
|
|
|
$data['filter']['usrgrpids'] = $filter['usrgrpids']
|
|
? CArrayHelper::renameObjectsKeys(API::UserGroup()->get([
|
|
'output' => ['usrgrpid', 'name'],
|
|
'usrgrpids' => $filter['usrgrpids']
|
|
]), ['usrgrpid' => 'id'])
|
|
: [];
|
|
|
|
$limit = CSettingsHelper::get(CSettingsHelper::SEARCH_LIMIT) + 1;
|
|
$data['users'] = API::User()->get([
|
|
'output' => ['userid', 'username', 'name', 'surname', 'autologout', 'attempt_failed', 'roleid',
|
|
'userdirectoryid', 'ts_provisioned'
|
|
],
|
|
'selectUsrgrps' => ['name', 'gui_access', 'users_status'],
|
|
'selectRole' => ['name'],
|
|
'search' => [
|
|
'username' => ($filter['username'] === '') ? null : $filter['username'],
|
|
'name' => ($filter['name'] === '') ? null : $filter['name'],
|
|
'surname' => ($filter['surname'] === '') ? null : $filter['surname']
|
|
],
|
|
'filter' => ['roleid' => ($filter['roles'] == []) ? null : $filter['roles']],
|
|
'usrgrpids' => ($filter['usrgrpids'] == []) ? null : $filter['usrgrpids'],
|
|
'getAccess' => true,
|
|
'limit' => $limit
|
|
]);
|
|
|
|
$userdirectoryids = array_column($data['users'], 'userdirectoryid', 'userdirectoryid');
|
|
$data['idp_names'] = [];
|
|
|
|
if ($userdirectoryids) {
|
|
$data['idp_names'] = API::UserDirectory()->get([
|
|
'output' => ['name', 'idp_type'],
|
|
'userdirectoryids' => array_keys($userdirectoryids),
|
|
'preservekeys' => true
|
|
]);
|
|
}
|
|
|
|
foreach ($data['users'] as &$user) {
|
|
$user['role_name'] = $user['role'] ? $user['role']['name'] : '';
|
|
}
|
|
unset($user);
|
|
|
|
// data sort and pager
|
|
CArrayHelper::sort($data['users'], [['field' => $sortfield, 'order' => $sortorder]]);
|
|
|
|
$page_num = getRequest('page', 1);
|
|
CPagerHelper::savePage('user.list', $page_num);
|
|
$data['paging'] = CPagerHelper::paginate($page_num, $data['users'], $sortorder,
|
|
(new CUrl('zabbix.php'))->setArgument('action', $this->getAction())
|
|
);
|
|
|
|
// set default lastaccess time to 0
|
|
foreach ($data['users'] as $user) {
|
|
$data['sessions'][$user['userid']] = ['lastaccess' => 0];
|
|
}
|
|
|
|
$db_sessions = DBselect(
|
|
'SELECT s.userid,MAX(s.lastaccess) AS lastaccess,s.status'.
|
|
' FROM sessions s'.
|
|
' WHERE '.dbConditionInt('s.userid', array_column($data['users'], 'userid')).
|
|
' GROUP BY s.userid,s.status'
|
|
);
|
|
while ($db_session = DBfetch($db_sessions)) {
|
|
if ($data['sessions'][$db_session['userid']]['lastaccess'] < $db_session['lastaccess']) {
|
|
$data['sessions'][$db_session['userid']] = $db_session;
|
|
}
|
|
}
|
|
|
|
$data['config'] = [
|
|
'login_attempts' => CSettingsHelper::get(CSettingsHelper::LOGIN_ATTEMPTS),
|
|
'max_in_table' => CSettingsHelper::get(CSettingsHelper::MAX_IN_TABLE)
|
|
];
|
|
|
|
$response = new CControllerResponseData($data);
|
|
$response->setTitle(_('Configuration of users'));
|
|
$this->setResponse($response);
|
|
}
|
|
}
|