You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
196 lines
4.8 KiB
196 lines
4.8 KiB
<?php
|
|
/*
|
|
** Zabbix
|
|
** Copyright (C) 2001-2023 Zabbix SIA
|
|
**
|
|
** This program is free software; you can redistribute it and/or modify
|
|
** it under the terms of the GNU General Public License as published by
|
|
** the Free Software Foundation; either version 2 of the License, or
|
|
** (at your option) any later version.
|
|
**
|
|
** This program is distributed in the hope that it will be useful,
|
|
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
** GNU General Public License for more details.
|
|
**
|
|
** You should have received a copy of the GNU General Public License
|
|
** along with this program; if not, write to the Free Software
|
|
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
**/
|
|
|
|
|
|
/**
|
|
* Class containing operations for updating a user.
|
|
*/
|
|
abstract class CControllerUserUpdateGeneral extends CController {
|
|
|
|
/**
|
|
* Allow empty password.
|
|
*
|
|
* @var bool
|
|
*/
|
|
protected $allow_empty_password;
|
|
|
|
|
|
/**
|
|
* @var array
|
|
*/
|
|
protected $timezones;
|
|
|
|
protected function init() {
|
|
parent::init();
|
|
|
|
$this->timezones = array_keys(CTimezoneHelper::getList());
|
|
$this->timezones[] = TIMEZONE_DEFAULT;
|
|
}
|
|
|
|
/**
|
|
* Get groups gui access.
|
|
*
|
|
* @param array $usrgrps
|
|
* @param string $usrgrps[]['gui_access']
|
|
*
|
|
* @return int
|
|
*/
|
|
private static function hasInternalAuth($usrgrps) {
|
|
$system_gui_access =
|
|
(CAuthenticationHelper::get(CAuthenticationHelper::AUTHENTICATION_TYPE) == ZBX_AUTH_INTERNAL)
|
|
? GROUP_GUI_ACCESS_INTERNAL
|
|
: GROUP_GUI_ACCESS_LDAP;
|
|
|
|
foreach($usrgrps as $usrgrp) {
|
|
$gui_access = ($usrgrp['gui_access'] == GROUP_GUI_ACCESS_SYSTEM)
|
|
? $system_gui_access
|
|
: $usrgrp['gui_access'];
|
|
|
|
if ($gui_access == GROUP_GUI_ACCESS_INTERNAL) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Validate current password directly from input when updating user.
|
|
*
|
|
* @return bool
|
|
*/
|
|
protected function validateCurrentPassword(): bool {
|
|
$this->allow_empty_password = !self::hasInternalAuth($this->getUserGroups());
|
|
|
|
$current_password = $this->hasInput('current_password') ? $this->getInput('current_password') : null;
|
|
|
|
if ($current_password === '' && !$this->allow_empty_password) {
|
|
error(_s('Incorrect value for field "%1$s": %2$s.', _('Current password'), _('cannot be empty')));
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Validate password directly from input when updating user.
|
|
*
|
|
* @return bool
|
|
*/
|
|
protected function validatePassword(): bool {
|
|
$this->allow_empty_password = !self::hasInternalAuth($this->getUserGroups());
|
|
|
|
$password1 = $this->hasInput('password1') ? $this->getInput('password1') : null;
|
|
$password2 = $this->hasInput('password2') ? $this->getInput('password2') : null;
|
|
|
|
if ($password1 !== null && $password2 !== null) {
|
|
if ($password1 !== $password2) {
|
|
error(_('Both passwords must be equal.'));
|
|
return false;
|
|
}
|
|
|
|
if ($password1 === '' && !$this->allow_empty_password) {
|
|
error(_s('Incorrect value for field "%1$s": %2$s.', _('Password'), _('cannot be empty')));
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Validate user role from user input.
|
|
*
|
|
* @return bool
|
|
*/
|
|
protected function validateUserRole(): bool {
|
|
if ($this->hasInput('roleid')) {
|
|
$role = API::Role()->get(['output' => [], 'roleids' => [$this->getInput('roleid')]]);
|
|
|
|
if (!$role) {
|
|
error(_('No permissions to referred object or it does not exist!'));
|
|
|
|
return false;
|
|
}
|
|
}
|
|
else {
|
|
[$db_user] = API::User()->get([
|
|
'output' => [],
|
|
'selectRole' => ['roleid'],
|
|
'userids' => $this->getInput('userid')
|
|
]);
|
|
|
|
if ($db_user['role']) {
|
|
error(_s('Field "%1$s" is mandatory.', 'roleid'));
|
|
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Get user medias data from form input.
|
|
*
|
|
* @return array of user medias sent by form.
|
|
*/
|
|
protected function getInputUserMedia(): array {
|
|
$medias = [];
|
|
$media_fields = array_fill_keys(['mediatypeid', 'sendto', 'active', 'severity', 'period'], '');
|
|
|
|
foreach ($this->getInput('medias', []) as $media) {
|
|
$medias[] = array_intersect_key($media, $media_fields);
|
|
}
|
|
|
|
return $medias;
|
|
}
|
|
|
|
/**
|
|
* Get user groups.
|
|
*
|
|
* @return array of usergroupids.
|
|
*/
|
|
protected function getUserGroups(): array {
|
|
$usrgrps = [];
|
|
|
|
if ($this instanceof CControllerUserProfileUpdate) {
|
|
$usrgrps = API::UserGroup()->get([
|
|
'output' => ['gui_access'],
|
|
'userids' => CWebUser::$data['userid'],
|
|
'filter' => [
|
|
'gui_access' => [GROUP_GUI_ACCESS_SYSTEM, GROUP_GUI_ACCESS_INTERNAL]
|
|
]
|
|
]);
|
|
}
|
|
elseif ($this->getInput('user_groups', [])) {
|
|
$usrgrps = API::UserGroup()->get([
|
|
'output' => ['gui_access'],
|
|
'usrgrpids' => $this->getInput('user_groups'),
|
|
'filter' => [
|
|
'gui_access' => [GROUP_GUI_ACCESS_SYSTEM, GROUP_GUI_ACCESS_INTERNAL]
|
|
]
|
|
]);
|
|
}
|
|
|
|
return $usrgrps;
|
|
}
|
|
}
|