-
Incident report
-
Resolution: Cannot Reproduce
-
Major
-
None
-
1.9.0 (alpha)
-
None
-
RedHat 5. Apache2, PHP 5.3.1 MySQL 5.1
When doing certain operations with the API, they fail with a permissions issue. The api user is a Zabbix Super Admin and if I login to the GUI with this user, the account can complete the operations tried with the API. And example of code in question can be found in class.cevent.php but all permissions issues can be fixed in other API classes by doing the same "hack" so I assume if I could figure out what self::get was doing and fixed that all issues would be fixed:
Current:
if(!empty($events)){
$allowed_events = self::get(array('eventids' => $eventids, 'preservekeys' => 1));
foreach($events as $num => $event){
if(!isset($allowed_events[$event['eventid']]))
}
}
if(!empty($triggers)){
$allowed_triggers = CTrigger::get(array('triggerids' => $triggerids, 'preservekeys' => 1));
foreach($triggers as $num => $trigger){
if(!isset($allowed_triggers[$trigger['triggerid']]))
}
$events = array_merge($events, self::get(array('triggerids' => $triggerids, 'nopermissions' => 1, 'preservekeys' => 1)));
$eventids = zbx_objectValues($events, 'eventid');
}
"Hacked" code:
if(!empty($events)){
$allowed_events = self::get(array('eventids' => $eventids, 'preservekeys' => 1));
//foreach($events as $num => $event){
// if(!isset($allowed_events[$event['eventid']]))
//}
}
if(!empty($triggers)){
$allowed_triggers = CTrigger::get(array('triggerids' => $triggerids, 'preservekeys' => 1));
//foreach($triggers as $num => $trigger){
// if(!isset($allowed_triggers[$trigger['triggerid']]))
//}
$events = array_merge($events, self::get(array('triggerids' => $triggerids, 'nopermissions' => 1, 'preservekeys' => 1)));
$eventids = zbx_objectValues($events, 'eventid');
}