[ZBX-6005] Monitoring->Events with Source = Discovery always check permissions for triggers (for non Super-Admin users) Created: 2012 Dec 16  Updated: 2017 May 30  Resolved: 2013 Jan 29

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: API (A), Frontend (F)
Affects Version/s: 2.0.5rc1, 2.1.0
Fix Version/s: 2.0.5rc1

Type: Incident report Priority: Critical
Reporter: Alexey Pustovalov Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: discovery, events
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:
  1. php -v
    PHP 5.3.13-pl0-gentoo (cli) (built: May 25 2012 15:20:59)
    Copyright (c) 1997-2012 The PHP Group
    Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies


 Description   

The problem in the CEvent class:
if ($options['object'] == EVENT_OBJECT_TRIGGER || $options['source'] == EVENT_SOURCE_TRIGGERS) {

if $options['object'] is not defined, it is always equal 0.

 Comments   
Comment by Alexey Pustovalov [ 2012 Dec 16 ] 
Index: api/classes/CEvent.php
===================================================================
--- api/classes/CEvent.php      (revision 32148)
+++ api/classes/CEvent.php      (working copy)
@@ -115,7 +115,8 @@
                                $options['object'] = EVENT_OBJECT_TRIGGER;
                        }

-                       if ($options['object'] == EVENT_OBJECT_TRIGGER || $options['source'] == EVENT_SOURCE_TRIGGERS) {
+                       if ((isset($options['object']) && $options['object'] == EVENT_OBJECT_TRIGGER) ||
+                                                   (isset($options['source']) && $options['source'] == EVENT_SOURCE_TRIGGERS)) {
                                if (!is_null($options['triggerids'])) {
                                        $triggers = API::Trigger()->get(array(
                                                'triggerids' => $options['triggerids'],
Comment by Pavels Jelisejevs (Inactive) [ 2013 Jan 21 ]

Fix for 2.0 is available at svn://svn.zabbix.com/branches/dev/ZBX-6005.

tomtom Review my changes in r33199, if OK merge

jelisejev We cannot use string type comparison here because these parameters can be passed as either integers or strings.

Comment by Pavels Jelisejevs (Inactive) [ 2013 Jan 23 ]

Fix for trunk is available at svn://svn.zabbix.com/branches/dev/ZBX-6005-trunk.

Comment by Toms (Inactive) [ 2013 Jan 29 ]

(1) For trunk. I suggest to make this code part the same it is in 2.0 and as it was before trunk r32527.

as well there is related issue ZBX-5719, which should be considered together with this.

jelisejev For the trunk this problem will be fixed in ZBXNEXT-1575. CLOSED.

Comment by Pavels Jelisejevs (Inactive) [ 2013 Jan 29 ]

Fixed in 2.0.5rc1 r33204.

Comment by Pavels Jelisejevs (Inactive) [ 2013 Jan 29 ]

CLOSED.

Generated at Sat Apr 20 13:04:46 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.