Index: include/triggers.inc.php =================================================================== --- include/triggers.inc.php (revision 32231) +++ include/triggers.inc.php (working copy) @@ -18,48 +18,6 @@ ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. **/ -/** - * Returns an array of trigger IDs that are available to the current user. - * - * @param int $perm either PERM_READ_WRITE for writing, or PERM_READ_ONLY for reading - * @param array $hostids - * @param int $cache - * - * @return array|int - */ -function get_accessible_triggers($perm, $hostids = array(), $cache = 1) { - static $available_triggers; - - $userid = CWebUser::$data['userid']; - $nodeid = get_current_nodeid(); - $nodeid_str = is_array($nodeid) ? implode('', $nodeid) : strval($nodeid); - $hostid_str = implode('', $hostids); - $cache_hash = md5($userid.$perm.$nodeid_str.$hostid_str); - - if ($cache && isset($available_triggers[$cache_hash])) { - return $available_triggers[$cache_hash]; - } - - $options = array( - 'output' => API_OUTPUT_SHORTEN, - 'nodeids' => $nodeid - ); - if (!empty($hostids)) { - $options['hostids'] = $hostids; - } - if ($perm == PERM_READ_WRITE) { - $options['editable'] = true; - } - - $result = API::Trigger()->get($options); - $result = zbx_objectValues($result, 'triggerid'); - $result = zbx_toHash($result); - - $available_triggers[$cache_hash] = $result; - - return $result; -} - function getSeverityStyle($severity, $type = true) { $styles = array( TRIGGER_SEVERITY_DISASTER => 'disaster', Index: include/actions.inc.php =================================================================== --- include/actions.inc.php (revision 32231) +++ include/actions.inc.php (working copy) @@ -805,17 +805,6 @@ } function get_actions_hint_by_eventid($eventid, $status = null) { - $hostids = array(); - $sql = 'SELECT DISTINCT i.hostid'. - ' FROM events e,functions f,items i'. - ' WHERE e.eventid='.$eventid. - ' AND e.object='.EVENT_SOURCE_TRIGGERS. - ' AND f.triggerid=e.objectid '. - ' AND i.itemid=f.itemid'; - if ($host = DBfetch(DBselect($sql, 1))) { - $hostids[$host['hostid']] = $host['hostid']; - } - $available_triggers = get_accessible_triggers(PERM_READ_ONLY, $hostids); $tab_hint = new CTableInfo(_('No actions found.')); $tab_hint->setAttribute('style', 'width: 300px;'); @@ -834,7 +823,6 @@ (is_null($status)?'':' AND a.status='.$status). ' AND e.eventid=a.eventid'. ' AND a.alerttype IN ('.ALERT_TYPE_MESSAGE.','.ALERT_TYPE_COMMAND.')'. - ' AND '.dbConditionInt('e.objectid',$available_triggers). ' AND '.DBin_node('a.alertid'). ' ORDER BY a.alertid'; $result = DBselect($sql, 30); Index: include/classes/screens/CScreenActions.php =================================================================== --- include/classes/screens/CScreenActions.php (revision 32231) +++ include/classes/screens/CScreenActions.php (working copy) @@ -84,16 +84,34 @@ break; } - $available_triggers = get_accessible_triggers(PERM_READ_ONLY, array()); - $sql = 'SELECT a.alertid,a.clock,mt.description,a.sendto,a.subject,a.message,a.status,a.retries,a.error'. ' FROM events e,alerts a'. ' LEFT JOIN media_type mt ON mt.mediatypeid=a.mediatypeid '. ' WHERE e.eventid=a.eventid'. - ' AND alerttype IN ('.ALERT_TYPE_MESSAGE.') '. - ' AND '.dbConditionInt('e.objectid', $available_triggers). - ' AND '.DBin_node('a.alertid').' '. + ' AND alerttype IN ('.ALERT_TYPE_MESSAGE.')'; + + // editable + PERMISSION CHECK + if (CWebUser::getType() != USER_TYPE_SUPER_ADMIN) { + $userid = CWebUser::$data['userid']; + $userGroups = getUserGroupsByUserId($userid); + + $sql .= ' AND EXISTS ('. + 'SELECT NULL'. + ' FROM functions f,items i,hosts_groups hgg'. + ' JOIN rights r'. + ' ON r.id=hgg.groupid'. + ' AND '.dbConditionInt('r.groupid', $userGroups). + ' WHERE e.objectid=f.triggerid'. + ' AND f.itemid=i.itemid'. + ' AND i.hostid=hgg.hostid'. + ' GROUP BY f.triggerid'. + ' HAVING MIN(r.permission)>='.PERM_READ_ONLY. + ')'; + } + + $sql .= ' AND '.DBin_node('a.alertid').' '. ' ORDER BY '.$sortfield.' '.$sortorder; + $alerts = DBfetchArray(DBselect($sql, $this->screenitem['elements'])); order_result($alerts, $sortfield, $sortorder); Index: report5.php =================================================================== --- report5.php (revision 32231) +++ report5.php (working copy) @@ -79,14 +79,6 @@ break; } -$available_hosts = API::Host()->get(array( - 'output' => API_OUTPUT_SHORTEN, - 'preservekeys' => true -)); -$available_hosts = array_keys($available_hosts); -$available_triggers = get_accessible_triggers(PERM_READ_ONLY, array()); -$scripts_by_hosts = API::Script()->getScriptsByHosts($available_hosts); - $triggersEventCount = array(); // get 100 triggerids with max even count $sql = 'SELECT e.objectid,count(distinct e.eventid) AS cnt_event'. @@ -94,9 +86,28 @@ ' WHERE t.triggerid=e.objectid'. ' AND e.object='.EVENT_OBJECT_TRIGGER. ' AND e.clock>'.(time() - $time_dif). - ' AND e.value_changed='.TRIGGER_VALUE_CHANGED_YES. - ' AND '.dbConditionInt('t.triggerid', $available_triggers). - ' AND '.dbConditionInt('t.flags', array(ZBX_FLAG_DISCOVERY_NORMAL, ZBX_FLAG_DISCOVERY_CREATED)). + ' AND e.value_changed='.TRIGGER_VALUE_CHANGED_YES; + +// add permission filter +if (CWebUser::getType() != USER_TYPE_SUPER_ADMIN) { + $userid = CWebUser::$data['userid']; + $userGroups = getUserGroupsByUserId($userid); + + $sql .= ' AND EXISTS ('. + 'SELECT NULL'. + ' FROM functions f,items i,hosts_groups hgg'. + ' JOIN rights r'. + ' ON r.id=hgg.groupid'. + ' AND '.dbConditionInt('r.groupid', $userGroups). + ' WHERE t.triggerid=f.triggerid'. + ' AND f.itemid=i.itemid'. + ' AND i.hostid=hgg.hostid'. + ' GROUP BY f.triggerid'. + ' HAVING MIN(r.permission)>='.PERM_READ_ONLY.')'; +} + + +$sql .= ' AND '.dbConditionInt('t.flags', array(ZBX_FLAG_DISCOVERY_NORMAL, ZBX_FLAG_DISCOVERY_CREATED)). ' GROUP BY e.objectid'. ' ORDER BY cnt_event desc'; $result = DBselect($sql, 100); @@ -133,6 +144,7 @@ foreach ($triggers as $trigger) { $menus = ''; $host_nodeid = id2nodeid($trigger['hostid']); + $scripts_by_hosts = API::Script()->getScriptsByHosts(array($trigger['hostid'])); foreach ($scripts_by_hosts[$trigger['hostid']] as $script) { $script_nodeid = id2nodeid($script['scriptid']); if (bccomp($host_nodeid, $script_nodeid) == 0) { Index: srv_status.php =================================================================== --- srv_status.php (revision 32231) +++ srv_status.php (working copy) @@ -59,13 +59,16 @@ exit(); } -$available_triggers = get_accessible_triggers(PERM_READ_ONLY, array()); +if (isset($_REQUEST['serviceid'])) { + $service = API::Service()->get(array( + 'serviceids' => $_REQUEST['serviceid'], + 'output' => array('serviceid'), + )); -if (isset($_REQUEST['serviceid'])) { - if ($service = DBfetch(DBselect('SELECT DISTINCT s.serviceid,s.triggerid FROM services s WHERE s.serviceid='.$_REQUEST['serviceid']))) { - if ($service['triggerid'] && !isset($available_triggers[$service['triggerid']])) { - access_deny(); - } + $service = zbx_objectValues($service, 'serviceid'); + + if ($service) { + $service = $service[0]; } else { unset($service); @@ -75,7 +78,7 @@ if (isset($service) && isset($_REQUEST['showgraph'])) { $table = new CTable(null, 'chart'); - $table->addRow(new CImg('chart5.php?serviceid='.$service['serviceid'].url_param('path'))); + $table->addRow(new CImg('chart5.php?serviceid='.$service.url_param('path'))); $table->show(); } else { Index: api/classes/CService.php =================================================================== --- api/classes/CService.php (revision 32231) +++ api/classes/CService.php (working copy) @@ -928,16 +928,37 @@ * @return array in the form of array(serviceId1 => array(triggerId => trigger), ...) */ protected function fetchProblemTriggers(array $serviceIds) { + + + $sql = 'SELECT s.serviceid,t.*'. + ' FROM services s,triggers t'. + ' WHERE s.status>0'. + ' AND t.triggerid=s.triggerid'; + + // add permission filter + if (CWebUser::getType() != USER_TYPE_SUPER_ADMIN) { + $userid = self::$userData['userid']; + $userGroups = getUserGroupsByUserId($userid); + + $sql .= ' AND (EXISTS ('. + 'SELECT NULL'. + ' FROM functions f,items i,hosts_groups hgg'. + ' JOIN rights r'. + ' ON r.id=hgg.groupid'. + ' AND '.dbConditionInt('r.groupid', $userGroups). + ' WHERE '.$this->fieldId('triggerid').'=f.triggerid'. + ' AND f.itemid=i.itemid'. + ' AND i.hostid=hgg.hostid'. + ' GROUP BY f.triggerid'. + ' HAVING MIN(r.permission)>='.PERM_READ_ONLY. + ') OR '.$this->fieldId('triggerid').' IS NULL)'; + } + + $sql .= ' AND '.dbConditionInt('s.serviceid', $serviceIds). + ' ORDER BY s.status DESC,t.description'; + // get service reason - $triggers = DBfetchArray(DBSelect( - 'SELECT s.serviceid,t.*'. - ' FROM services s,triggers t'. - ' WHERE s.status>0'. - ' AND t.triggerid=s.triggerid'. - ' AND '.dbConditionInt('t.triggerid', get_accessible_triggers(PERM_READ_ONLY)). - ' AND '.dbConditionInt('s.serviceid', $serviceIds). - ' ORDER BY s.status DESC,t.description' - )); + $triggers = DBfetchArray(DBSelect($sql)); $rs = array(); foreach ($triggers as $trigger) { @@ -1046,7 +1067,21 @@ // add permission filter if (CWebUser::getType() != USER_TYPE_SUPER_ADMIN) { - $sqlParts['where'][] = '('.$this->fieldId('triggerid').' IS NULL OR '.dbConditionInt($this->fieldId('triggerid'), get_accessible_triggers(PERM_READ_ONLY)).')'; + $userid = self::$userData['userid']; + $userGroups = getUserGroupsByUserId($userid); + + $sqlParts['where'][] = '(EXISTS ('. + 'SELECT NULL'. + ' FROM functions f,items i,hosts_groups hgg'. + ' JOIN rights r'. + ' ON r.id=hgg.groupid'. + ' AND '.dbConditionInt('r.groupid', $userGroups). + ' WHERE '.$this->fieldId('triggerid').'=f.triggerid'. + ' AND f.itemid=i.itemid'. + ' AND i.hostid=hgg.hostid'. + ' GROUP BY f.triggerid'. + ' HAVING MIN(r.permission)>='.PERM_READ_ONLY. + ') OR '.$this->fieldId('triggerid').' IS NULL)'; } $sql = $this->createSelectQueryFromParts($sqlParts); @@ -1077,7 +1112,21 @@ // add permission filter if (CWebUser::getType() != USER_TYPE_SUPER_ADMIN) { - $sqlParts['where'][] = '('.$this->fieldId('triggerid').' IS NULL OR '.dbConditionInt($this->fieldId('triggerid'), get_accessible_triggers(PERM_READ_ONLY)).')'; + $userid = self::$userData['userid']; + $userGroups = getUserGroupsByUserId($userid); + + $sqlParts['where'][] = '(EXISTS ('. + 'SELECT NULL'. + ' FROM functions f,items i,hosts_groups hgg'. + ' JOIN rights r'. + ' ON r.id=hgg.groupid'. + ' AND '.dbConditionInt('r.groupid', $userGroups). + ' WHERE '.$this->fieldId('triggerid').'=f.triggerid'. + ' AND f.itemid=i.itemid'. + ' AND i.hostid=hgg.hostid'. + ' GROUP BY f.triggerid'. + ' HAVING MIN(r.permission)>='.PERM_READ_ONLY. + ') OR '.$this->fieldId('triggerid').' IS NULL)'; } $sql = $this->createSelectQueryFromParts($sqlParts); @@ -1476,14 +1525,32 @@ protected function applyQueryFilterOptions($tableName, $tableAlias, array $options, array $sqlParts) { if (CWebUser::getType() != USER_TYPE_SUPER_ADMIN) { - $accessibleTriggers = get_accessible_triggers(PERM_READ_ONLY); // if services with specific trigger IDs were requested, return only the ones accessible to the current user. if ($options['filter']['triggerid']) { - $options['filter']['triggerid'] = array_intersect($accessibleTriggers, $options['filter']['triggerid']); + $trg_count = API::Trigger()->get(array('triggerids' => $options['filter']['triggerid'], + 'countOutput' => true)); + + if (!$trg_count) { + unset($options['filter']['triggerid']); + } } // otherwise return services with either no triggers, or any trigger accessible to the current user else { - $sqlParts['where'][] = '('.$this->fieldId('triggerid').' IS NULL OR '.dbConditionInt($this->fieldId('triggerid'), $accessibleTriggers).')'; + $userid = self::$userData['userid']; + $userGroups = getUserGroupsByUserId($userid); + + $sqlParts['where'][] = '(EXISTS ('. + 'SELECT NULL'. + ' FROM functions f,items i,hosts_groups hgg'. + ' JOIN rights r'. + ' ON r.id=hgg.groupid'. + ' AND '.dbConditionInt('r.groupid', $userGroups). + ' WHERE '.$this->fieldId('triggerid').'=f.triggerid'. + ' AND f.itemid=i.itemid'. + ' AND i.hostid=hgg.hostid'. + ' GROUP BY f.triggerid'. + ' HAVING MIN(r.permission)>='.PERM_READ_ONLY. + ') OR '.$this->fieldId('triggerid').' IS NULL)'; } }