Zabbix Server OS: CentOS 5

this would result in cases where user sees a map with tons of "unavailable" icons and maybe on available only... probably not feasible without a more global permission system redesign

that is true, it is a possible outcome. However, because of the use of an "unavailable" icon the problem would be clear immediately where as of now it's anybody's guess why a map is not working. Not sure what solution would be the better.

Remotely connected to ZBXNEXT-1857

(1) Discussed - if no access to element we show only icon of this element, but no labels and other texts.
TBD - if we need to hide icon and all links to this icon.

Miks.Kronkalns Requirement included in spec. https://documentation.zabbix.lan/specifications/3.4/zbxnext-3732/changes-in-map-api and RESOLVED in svn://svn.zabbix.com/branches/dev/ZBXNEXT-1076

iivs Which revision?

@Miks RESOLVED in r69429, r69451, r69466

oleg.egorov More coding style issues:

• maps.inc.php:2054 - missed dot
• maps.inc.php:2070-2071 - missed space after foreach
• maps.inc.php:2080 - unnecessary ','

Miks.Kronkalns RESOLVED in r70531.

oleg.egorov CLOSED

(2) If user has no access to the submap this trigger should not be shown in triggers count. Test performance degradation.

Miks.Kronkalns CLOSED as duplicate of ZBXNEXT-3807 subtask (43).

(3) Icon shadowing should be improved, 50% from original.

Miks.Kronkalns Requirement included in spec. https://documentation.zabbix.lan/specifications/3.4/zbxnext-3732/changes-in-map-api and RESOLVED in svn://svn.zabbix.com/branches/dev/ZBXNEXT-1076

iivs Which revision? What is shadowing anyway?

Miks.Kronkalns Revisions in which this is done are r69453, r69463. Shadowing is not used and I have no idea what it is, but latest decision was to provide different effects to our design team to choose from. It is not still known what effects will be used for inaccessible elements. In any case, this subissue is not relevant to what is known so far.

oleg.egorov Before in 3.2 if request empty /php/imgstore.php was white screen, now is

Undefined offset: 4 [imgstore.php:41 → check_fields) → checl_fields() im include\validate.inc.php:262]
Undefined offset: 4 [imgstore.php:41 → check_fields) → unset_if_zero() im include\validate.inc.php:97]

Is not critical issue, but it is new undefined offset

Miks.Kronkalns RESOLVED in r70494.

oleg.egorov CLOSED

(4) [A] have_selements_available has been implemented and is now returned for user.

Miks.Kronkalns RESOLVED in r69776.

iivs CLOSED

(5) [A] selements property is now always visible for admins and superadmins even if it was not requested.

Miks.Kronkalns Resolved in r69776.

iivs CMap.php: L324 wrong indentation.

REOPENED

Miks.Kronkalns RESOLVED in r69981.

iivs CLOSED

(6) [AF] Maps with one element that has deny permissions should not be available at all.Having such maps upon opening in view or editor there are multiple errors on page.

Undefined offset: 12 [zabbix.php:21 ? require_once() ? ZBase->run() ? ZBase->processRequest() ? CView->getOutput() ? include() ? CScreenMap->get() ? CMapHelper::get() ? CMapHelper::resolveMapState() ? add_elementNames() in include\maps.inc.php:354]

Undefined offset: 10115 [zabbix.php:21 ? require_once() ? ZBase->run() ? ZBase->processRequest() ? CView->getOutput() ? include() ? CScreenMap->get() ? CMapHelper::get() ? CMapHelper::resolveMapState() ? add_elementNames() in include\maps.inc.php:339]

Undefined variable: trigger [zabbix.php:21 ? require_once() ? ZBase->run() ? ZBase->processRequest() ? CView->getOutput() ? include() ? CScreenMap->get() ? CMapHelper::get() ? CMapHelper::resolveMapState() ? getSelementsInfo() in include\maps.inc.php:1117]
Invalid argument supplied for foreach() [zabbix.php:21 ? require_once() ? ZBase->run() ? ZBase->processRequest() ? CView->getOutput() ? include() ? CScreenMap->get() ? CMapHelper::get() ? CMapHelper::resolveMapState() ? getSelementsInfo() in include\maps.inc.php:1117]
Undefined offset: 13621 [zabbix.php:21 ? require_once() ? ZBase->run() ? ZBase->processRequest() ? CView->getOutput() ? include() ? CScreenMap->get() ? CMapHelper::get() ? CMapHelper::resolveMapState() ? add_elementNames() in include\maps.inc.php:346]

reset() expects parameter 1 to be array, null given [sysmap.php:193 ? reset() in sysmap.php:193]
Undefined index: description [ in sysmap.php:195]

Same errors can be viewed when one of the elements have deny permissions.

This also heavily affects having submaps.

Miks.Kronkalns Can not reproduce. Most likely RESOLVED by r69962.

iivs Not a reasuring sentence. You should update to older revision and check for your self whether it is the correct one or not.

CLOSED

(7) [AF] Links to triggers that have Deny permissions are always available and also cause errors in map constructor.

Miks.Kronkalns RESOLVED in r69962.

iivs CLOSED

(8) [A] Regular user can no longer see a public map with no elements.

Miks.Kronkalns RESOLVED in r69784.

iivs selements_available is compared to 0, but there are three values in total: 0, -1 and 1. And that confuses me. It wouldn't matter if it's 1 or -1 it's still not 0.

REOPENED

Miks.Kronkalns 3 options was used to differ cases when user has element to at least one element in the map, when user has no access to elements in the map and when user has no access to elements in the map, but just because there are no elements present But now it's history and new after major changes, the old solution is gone.

RESOLVED in r69962.

iivs CLOSED

(9) [AF] Users with Read-write sharing or owners are able to access contructor, properties and even delete maps that have elements with deny permissions.

Miks.Kronkalns RESOLVED in r69977.

iivs A regular admin with read-write has links to constructor and properties that lead to no permissions page.

REOPENED

Miks.Kronkalns RESOLVED in r70009.

iivs CLOSED

(10) [AF] Regular admins with Read sharing or owners are able to access constructor, properties and even delete maps that have elements with deny permissions.

Miks.Kronkalns RESOLVED in r69977.

iivs CLOSED

(11) [F] Missing grayscaled icon in case user has deny permissions to host group element.

Miks.Kronkalns RESOLVED in r69962.

iivs CLOSED

(12) [A] Rename current property available to rights and use constancies like PERM_DENY and PERM_NONE to specify a state of rights. Document changes in spec.

Miks.Kronkalns RESOLVED in r69962.

Miks.Kronkalns REOPENED. Rename rights to permission.

Miks.Kronkalns RESOLVED in r69978.

iivs

• CMapHelper.php L130 wrong indentation.
• maps.inc.php:
  • L273 usually we call them $sysmapids;
  • L292 usually we call them $groupids;
  • L374 usage of isset();
  • L352-377 missing empty lines after break;.

REOPENED

Miks.Kronkalns RESOLVED in r70032.

oleg.egorov CLOSED

(13) No translation string changes.

iivs CLOSED

Merged in ZBXNEXT-2102-master in r70535.

(22) Updated general documentation:

• Map configuration
• What's new
• Upgrade notes

Please review. RESOLVED.

Miks.Kronkalns
This is not true for triggers: Map elements that the user does not have read permission to are displayed with a greyed out icon and all textual information on the element is hidden. Trigger label is visible even if user has no permission to trigger.

REOPENED

martins-v Added "However, trigger label is visible even if the user has no permission to the trigger."

RESOLVED

Miks.Kronkalns Thank you! CLOSED, but please consider to add same sentence also in "What's new" and "Upgrade notes" sections.

sasha This page must be also updated.

REOPENED

Miks.Kronkalns
In 'Changes from 3.2 to 3.4' included.
There should also document that API map.get have a new attribute 'permission' in the response arrays of elements and links.

martins-v Updated sections:

• API changes 3.2-3.4
• Map object (added 'permission' property to Map element and Map link property tables)

RESOLVED

Miks.Kronkalns CLOSED