diff options
| author | Vladimirs Maksimovs <vladimirs.maksimovs@zabbix.com> | 2020-10-06 11:44:25 +0300 |
|---|---|---|
| committer | Vladimirs Maksimovs <vladimirs.maksimovs@zabbix.com> | 2020-10-06 11:44:25 +0300 |
| commit | 4fbea8a644d14c731f2f9c7793f124dfb49575d6 (patch) | |
| tree | 2405561b092480b207395088e0d207b3d673fbd0 | |
| parent | 6284344e0519dea6af5837e0dcf4b395644e423a (diff) | |
..F....... [ZBXNEXT-6148] added access check by role rules to part of controllers
90 files changed, 175 insertions, 95 deletions
diff --git a/ui/app/controllers/CControllerAuditLogList.php b/ui/app/controllers/CControllerAuditLogList.php index 67436b84532..4ccdcd9a3ae 100644 --- a/ui/app/controllers/CControllerAuditLogList.php +++ b/ui/app/controllers/CControllerAuditLogList.php @@ -44,7 +44,7 @@ class CControllerAuditLogList extends CController { } protected function checkPermissions(): bool { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_REPORTS_AUDIT); } protected function doAction(): void { diff --git a/ui/app/controllers/CControllerAuthenticationEdit.php b/ui/app/controllers/CControllerAuthenticationEdit.php index 8d6a4f9fa0d..e1f7823b921 100644 --- a/ui/app/controllers/CControllerAuthenticationEdit.php +++ b/ui/app/controllers/CControllerAuthenticationEdit.php @@ -82,7 +82,7 @@ class CControllerAuthenticationEdit extends CController { * @return bool */ protected function checkPermissions() { - return $this->getUserType() == USER_TYPE_SUPER_ADMIN; + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_AUTHENTICATION); } protected function doAction() { diff --git a/ui/app/controllers/CControllerAuthenticationUpdate.php b/ui/app/controllers/CControllerAuthenticationUpdate.php index 42bd9b5e74f..f14a2335f36 100644 --- a/ui/app/controllers/CControllerAuthenticationUpdate.php +++ b/ui/app/controllers/CControllerAuthenticationUpdate.php @@ -226,7 +226,7 @@ class CControllerAuthenticationUpdate extends CController { * @return bool */ protected function checkPermissions() { - return $this->getUserType() == USER_TYPE_SUPER_ADMIN; + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_AUTHENTICATION); } protected function doAction() { diff --git a/ui/app/controllers/CControllerAutoregEdit.php b/ui/app/controllers/CControllerAutoregEdit.php index 550d062cf25..84da10162b9 100644 --- a/ui/app/controllers/CControllerAutoregEdit.php +++ b/ui/app/controllers/CControllerAutoregEdit.php @@ -43,7 +43,7 @@ class CControllerAutoregEdit extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerAutoregUpdate.php b/ui/app/controllers/CControllerAutoregUpdate.php index 26dcfd5360b..7714188fd40 100644 --- a/ui/app/controllers/CControllerAutoregUpdate.php +++ b/ui/app/controllers/CControllerAutoregUpdate.php @@ -51,7 +51,7 @@ class CControllerAutoregUpdate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerChartsView.php b/ui/app/controllers/CControllerChartsView.php index d27c3c01af0..f09cf736931 100644 --- a/ui/app/controllers/CControllerChartsView.php +++ b/ui/app/controllers/CControllerChartsView.php @@ -52,7 +52,7 @@ class CControllerChartsView extends CControllerCharts { } protected function checkPermissions() { - return ($this->getUserType() >= USER_TYPE_ZABBIX_USER); + return $this->checkAccess(CRoleHelper::UI_MONITORING_HOSTS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerDashboardList.php b/ui/app/controllers/CControllerDashboardList.php index 7782a4b0728..0914a8f7c0a 100644 --- a/ui/app/controllers/CControllerDashboardList.php +++ b/ui/app/controllers/CControllerDashboardList.php @@ -51,7 +51,7 @@ class CControllerDashboardList extends CControllerDashboardAbstract { } protected function checkPermissions() { - return ($this->getUserType() >= USER_TYPE_ZABBIX_USER); + return $this->checkAccess(CRoleHelper::UI_MONITORING_DASHBOARD); } protected function doAction() { diff --git a/ui/app/controllers/CControllerDashboardView.php b/ui/app/controllers/CControllerDashboardView.php index 963fa4df928..0702e04d8d1 100644 --- a/ui/app/controllers/CControllerDashboardView.php +++ b/ui/app/controllers/CControllerDashboardView.php @@ -52,7 +52,7 @@ class CControllerDashboardView extends CControllerDashboardAbstract { } protected function checkPermissions() { - if ($this->getUserType() < USER_TYPE_ZABBIX_USER) { + if (!$this->checkAccess(CRoleHelper::UI_MONITORING_DASHBOARD)) { return false; } diff --git a/ui/app/controllers/CControllerDiscoveryView.php b/ui/app/controllers/CControllerDiscoveryView.php index 69eaa4f335f..403392382ad 100644 --- a/ui/app/controllers/CControllerDiscoveryView.php +++ b/ui/app/controllers/CControllerDiscoveryView.php @@ -44,7 +44,7 @@ class CControllerDiscoveryView extends CController { } protected function checkPermissions() { - return ($this->getUserType() >= USER_TYPE_ZABBIX_ADMIN); + return $this->checkAccess(CRoleHelper::UI_MONITORING_DISCOVERY); } protected function doAction() { diff --git a/ui/app/controllers/CControllerExport.php b/ui/app/controllers/CControllerExport.php index f2305b74251..52f21d61e3d 100644 --- a/ui/app/controllers/CControllerExport.php +++ b/ui/app/controllers/CControllerExport.php @@ -46,16 +46,22 @@ class CControllerExport extends CController { protected function checkPermissions() { switch ($this->getInput('action')) { case 'export.mediatypes': + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_MEDIA_TYPES); + case 'export.valuemaps': - return (CWebUser::$data['type'] >= USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); case 'export.hosts': + return $this->checkAccess(CRoleHelper::UI_CONFIGURATION_HOSTS); + case 'export.templates': - return (CWebUser::$data['type'] >= USER_TYPE_ZABBIX_ADMIN); + return $this->checkAccess(CRoleHelper::UI_CONFIGURATION_TEMPLATES); case 'export.screens': + return $this->checkAccess(CRoleHelper::UI_MONITORING_SCREENS); + case 'export.sysmaps': - return (CWebUser::$data['type'] >= USER_TYPE_ZABBIX_USER); + return $this->checkAccess(CRoleHelper::UI_MONITORING_MAPS); default: return false; diff --git a/ui/app/controllers/CControllerGuiEdit.php b/ui/app/controllers/CControllerGuiEdit.php index f56c255c15e..27870f8b82c 100644 --- a/ui/app/controllers/CControllerGuiEdit.php +++ b/ui/app/controllers/CControllerGuiEdit.php @@ -51,7 +51,7 @@ class CControllerGuiEdit extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerGuiUpdate.php b/ui/app/controllers/CControllerGuiUpdate.php index 8b0b7f75e18..df0b6905d5b 100644 --- a/ui/app/controllers/CControllerGuiUpdate.php +++ b/ui/app/controllers/CControllerGuiUpdate.php @@ -62,7 +62,7 @@ class CControllerGuiUpdate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerHostView.php b/ui/app/controllers/CControllerHostView.php index 83a8ae673c3..97cb0ecd046 100644 --- a/ui/app/controllers/CControllerHostView.php +++ b/ui/app/controllers/CControllerHostView.php @@ -79,7 +79,7 @@ class CControllerHostView extends CControllerHost { } protected function checkPermissions(): bool { - return ($this->getUserType() >= USER_TYPE_ZABBIX_USER); + return $this->checkAccess(CRoleHelper::UI_MONITORING_HOSTS); } protected function doAction(): void { diff --git a/ui/app/controllers/CControllerHostViewRefresh.php b/ui/app/controllers/CControllerHostViewRefresh.php index ae7cfdae677..803f4f0b6fc 100644 --- a/ui/app/controllers/CControllerHostViewRefresh.php +++ b/ui/app/controllers/CControllerHostViewRefresh.php @@ -82,7 +82,7 @@ class CControllerHostViewRefresh extends CControllerHost { } protected function checkPermissions(): bool { - return ($this->getUserType() >= USER_TYPE_ZABBIX_USER); + return $this->checkAccess(CRoleHelper::UI_MONITORING_HOSTS); } protected function doAction(): void { diff --git a/ui/app/controllers/CControllerHousekeepingEdit.php b/ui/app/controllers/CControllerHousekeepingEdit.php index c5bad8b810d..10bea10acec 100644 --- a/ui/app/controllers/CControllerHousekeepingEdit.php +++ b/ui/app/controllers/CControllerHousekeepingEdit.php @@ -58,7 +58,7 @@ class CControllerHousekeepingEdit extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerHousekeepingUpdate.php b/ui/app/controllers/CControllerHousekeepingUpdate.php index f166a6ec073..93d6c60d273 100644 --- a/ui/app/controllers/CControllerHousekeepingUpdate.php +++ b/ui/app/controllers/CControllerHousekeepingUpdate.php @@ -77,7 +77,7 @@ class CControllerHousekeepingUpdate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerIconMapCreate.php b/ui/app/controllers/CControllerIconMapCreate.php index c1edba2e0b5..2dc15f4b365 100644 --- a/ui/app/controllers/CControllerIconMapCreate.php +++ b/ui/app/controllers/CControllerIconMapCreate.php @@ -36,7 +36,7 @@ class CControllerIconMapCreate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerIconMapDelete.php b/ui/app/controllers/CControllerIconMapDelete.php index e8f3c587b78..27ee3e86db3 100644 --- a/ui/app/controllers/CControllerIconMapDelete.php +++ b/ui/app/controllers/CControllerIconMapDelete.php @@ -40,7 +40,7 @@ class CControllerIconMapDelete extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerIconMapEdit.php b/ui/app/controllers/CControllerIconMapEdit.php index e12470079a0..fe553772ad4 100644 --- a/ui/app/controllers/CControllerIconMapEdit.php +++ b/ui/app/controllers/CControllerIconMapEdit.php @@ -41,7 +41,7 @@ class CControllerIconMapEdit extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerIconMapList.php b/ui/app/controllers/CControllerIconMapList.php index dacb268e504..997b3cfb0db 100644 --- a/ui/app/controllers/CControllerIconMapList.php +++ b/ui/app/controllers/CControllerIconMapList.php @@ -40,7 +40,7 @@ class CControllerIconMapList extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerIconMapUpdate.php b/ui/app/controllers/CControllerIconMapUpdate.php index 4226f5af238..ab6b7ab7c30 100644 --- a/ui/app/controllers/CControllerIconMapUpdate.php +++ b/ui/app/controllers/CControllerIconMapUpdate.php @@ -37,7 +37,7 @@ class CControllerIconMapUpdate extends CController { } protected function checkPermissions() { - if ($this->getUserType() == USER_TYPE_SUPER_ADMIN) { + if ($this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return (bool) API::IconMap()->get([ 'output' => [], 'iconmapids' => (array) $this->getInput('iconmapid') diff --git a/ui/app/controllers/CControllerImageCreate.php b/ui/app/controllers/CControllerImageCreate.php index a4126af5592..cd6fb54642f 100644 --- a/ui/app/controllers/CControllerImageCreate.php +++ b/ui/app/controllers/CControllerImageCreate.php @@ -52,7 +52,7 @@ class CControllerImageCreate extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerImageDelete.php b/ui/app/controllers/CControllerImageDelete.php index 0d7cc4a2428..767f5e7835d 100644 --- a/ui/app/controllers/CControllerImageDelete.php +++ b/ui/app/controllers/CControllerImageDelete.php @@ -41,7 +41,7 @@ class CControllerImageDelete extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerImageEdit.php b/ui/app/controllers/CControllerImageEdit.php index a3bc9810241..fc8b80790df 100644 --- a/ui/app/controllers/CControllerImageEdit.php +++ b/ui/app/controllers/CControllerImageEdit.php @@ -46,7 +46,7 @@ class CControllerImageEdit extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerImageList.php b/ui/app/controllers/CControllerImageList.php index 65fb87d0482..4b46d264a9a 100644 --- a/ui/app/controllers/CControllerImageList.php +++ b/ui/app/controllers/CControllerImageList.php @@ -40,7 +40,7 @@ class CControllerImageList extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerImageUpdate.php b/ui/app/controllers/CControllerImageUpdate.php index 5dd59dc3a64..98660b14657 100644 --- a/ui/app/controllers/CControllerImageUpdate.php +++ b/ui/app/controllers/CControllerImageUpdate.php @@ -54,7 +54,7 @@ class CControllerImageUpdate extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerLatestView.php b/ui/app/controllers/CControllerLatestView.php index fb4ca4a6e89..01d05c596b4 100644 --- a/ui/app/controllers/CControllerLatestView.php +++ b/ui/app/controllers/CControllerLatestView.php @@ -57,7 +57,7 @@ class CControllerLatestView extends CControllerLatest { } protected function checkPermissions() { - return ($this->getUserType() >= USER_TYPE_ZABBIX_USER); + return $this->checkAccess(CRoleHelper::UI_MONITORING_LATEST_DATA); } protected function doAction() { diff --git a/ui/app/controllers/CControllerLatestViewRefresh.php b/ui/app/controllers/CControllerLatestViewRefresh.php index db9ab615ad2..b2b4705dc0c 100644 --- a/ui/app/controllers/CControllerLatestViewRefresh.php +++ b/ui/app/controllers/CControllerLatestViewRefresh.php @@ -62,7 +62,7 @@ class CControllerLatestViewRefresh extends CControllerLatest { } protected function checkPermissions() { - return ($this->getUserType() >= USER_TYPE_ZABBIX_USER); + return $this->checkAccess(CRoleHelper::UI_MONITORING_LATEST_DATA); } protected function doAction() { diff --git a/ui/app/controllers/CControllerMacrosEdit.php b/ui/app/controllers/CControllerMacrosEdit.php index 24df4e49067..f8e182c0ef7 100644 --- a/ui/app/controllers/CControllerMacrosEdit.php +++ b/ui/app/controllers/CControllerMacrosEdit.php @@ -40,7 +40,7 @@ class CControllerMacrosEdit extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerMacrosUpdate.php b/ui/app/controllers/CControllerMacrosUpdate.php index 32b473a7107..12edb5d57a1 100644 --- a/ui/app/controllers/CControllerMacrosUpdate.php +++ b/ui/app/controllers/CControllerMacrosUpdate.php @@ -36,7 +36,7 @@ class CControllerMacrosUpdate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerMapView.php b/ui/app/controllers/CControllerMapView.php index c8e0ee5b9b4..dfbcc8e2c7c 100644 --- a/ui/app/controllers/CControllerMapView.php +++ b/ui/app/controllers/CControllerMapView.php @@ -44,7 +44,7 @@ class CControllerMapView extends CController { } protected function checkPermissions() { - if ($this->getUserType() < USER_TYPE_ZABBIX_USER) { + if (!$this->checkAccess(CRoleHelper::UI_MONITORING_MAPS)) { return false; } diff --git a/ui/app/controllers/CControllerMediatypeCreate.php b/ui/app/controllers/CControllerMediatypeCreate.php index f97527be55a..8dcf6aa7fb5 100644 --- a/ui/app/controllers/CControllerMediatypeCreate.php +++ b/ui/app/controllers/CControllerMediatypeCreate.php @@ -87,7 +87,7 @@ class CControllerMediatypeCreate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_MEDIA_TYPES); } protected function doAction() { diff --git a/ui/app/controllers/CControllerMediatypeDelete.php b/ui/app/controllers/CControllerMediatypeDelete.php index d6bf54e3a85..f2f114f894d 100644 --- a/ui/app/controllers/CControllerMediatypeDelete.php +++ b/ui/app/controllers/CControllerMediatypeDelete.php @@ -36,7 +36,7 @@ class CControllerMediatypeDelete extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_MEDIA_TYPES)) { return false; } diff --git a/ui/app/controllers/CControllerMediatypeDisable.php b/ui/app/controllers/CControllerMediatypeDisable.php index fe9410970e3..9c97a69144a 100644 --- a/ui/app/controllers/CControllerMediatypeDisable.php +++ b/ui/app/controllers/CControllerMediatypeDisable.php @@ -36,7 +36,7 @@ class CControllerMediatypeDisable extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_MEDIA_TYPES)) { return false; } diff --git a/ui/app/controllers/CControllerMediatypeEdit.php b/ui/app/controllers/CControllerMediatypeEdit.php index d0b71c46fb6..83b3e5bc66e 100644 --- a/ui/app/controllers/CControllerMediatypeEdit.php +++ b/ui/app/controllers/CControllerMediatypeEdit.php @@ -82,7 +82,7 @@ class CControllerMediatypeEdit extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_MEDIA_TYPES)) { return false; } diff --git a/ui/app/controllers/CControllerMediatypeEnable.php b/ui/app/controllers/CControllerMediatypeEnable.php index 2ee3849de89..4097f5366a0 100644 --- a/ui/app/controllers/CControllerMediatypeEnable.php +++ b/ui/app/controllers/CControllerMediatypeEnable.php @@ -36,7 +36,7 @@ class CControllerMediatypeEnable extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_MEDIA_TYPES)) { return false; } diff --git a/ui/app/controllers/CControllerMediatypeList.php b/ui/app/controllers/CControllerMediatypeList.php index e13e12eae8f..2bdf3da097f 100644 --- a/ui/app/controllers/CControllerMediatypeList.php +++ b/ui/app/controllers/CControllerMediatypeList.php @@ -46,7 +46,7 @@ class CControllerMediatypeList extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_MEDIA_TYPES); } protected function doAction() { diff --git a/ui/app/controllers/CControllerMediatypeUpdate.php b/ui/app/controllers/CControllerMediatypeUpdate.php index 373a1525ea7..ac3f6cb1a8d 100644 --- a/ui/app/controllers/CControllerMediatypeUpdate.php +++ b/ui/app/controllers/CControllerMediatypeUpdate.php @@ -88,7 +88,7 @@ class CControllerMediatypeUpdate extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_MEDIA_TYPES)) { return false; } diff --git a/ui/app/controllers/CControllerMiscConfigEdit.php b/ui/app/controllers/CControllerMiscConfigEdit.php index 13f8aad09b1..0535c8a9847 100644 --- a/ui/app/controllers/CControllerMiscConfigEdit.php +++ b/ui/app/controllers/CControllerMiscConfigEdit.php @@ -56,7 +56,7 @@ class CControllerMiscConfigEdit extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerMiscConfigUpdate.php b/ui/app/controllers/CControllerMiscConfigUpdate.php index 97162977535..138d3dc4e1b 100644 --- a/ui/app/controllers/CControllerMiscConfigUpdate.php +++ b/ui/app/controllers/CControllerMiscConfigUpdate.php @@ -70,7 +70,7 @@ class CControllerMiscConfigUpdate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerModuleEdit.php b/ui/app/controllers/CControllerModuleEdit.php index bd71844419a..d5918bfb550 100644 --- a/ui/app/controllers/CControllerModuleEdit.php +++ b/ui/app/controllers/CControllerModuleEdit.php @@ -54,7 +54,7 @@ class CControllerModuleEdit extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerModuleList.php b/ui/app/controllers/CControllerModuleList.php index be28ec6765c..12f67a62468 100644 --- a/ui/app/controllers/CControllerModuleList.php +++ b/ui/app/controllers/CControllerModuleList.php @@ -49,7 +49,7 @@ class CControllerModuleList extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerModuleScan.php b/ui/app/controllers/CControllerModuleScan.php index 2dc8c3374df..b4249e0f19a 100644 --- a/ui/app/controllers/CControllerModuleScan.php +++ b/ui/app/controllers/CControllerModuleScan.php @@ -33,7 +33,7 @@ class CControllerModuleScan extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerModuleUpdate.php b/ui/app/controllers/CControllerModuleUpdate.php index fbbfc9019d1..d6241499c1a 100644 --- a/ui/app/controllers/CControllerModuleUpdate.php +++ b/ui/app/controllers/CControllerModuleUpdate.php @@ -50,7 +50,7 @@ class CControllerModuleUpdate extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerProblemView.php b/ui/app/controllers/CControllerProblemView.php index 3036ea8dbd5..bbb23388098 100644 --- a/ui/app/controllers/CControllerProblemView.php +++ b/ui/app/controllers/CControllerProblemView.php @@ -93,7 +93,7 @@ class CControllerProblemView extends CController { } protected function checkPermissions() { - return ($this->getUserType() >= USER_TYPE_ZABBIX_USER); + return $this->checkAccess(CRoleHelper::UI_MONITORING_PROBLEMS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerProxyCreate.php b/ui/app/controllers/CControllerProxyCreate.php index d1d6277a2fd..0cb2e81d4cf 100644 --- a/ui/app/controllers/CControllerProxyCreate.php +++ b/ui/app/controllers/CControllerProxyCreate.php @@ -66,7 +66,7 @@ class CControllerProxyCreate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_PROXIES); } protected function doAction() { diff --git a/ui/app/controllers/CControllerProxyDelete.php b/ui/app/controllers/CControllerProxyDelete.php index 778d44e8bf1..e6f60f7a230 100644 --- a/ui/app/controllers/CControllerProxyDelete.php +++ b/ui/app/controllers/CControllerProxyDelete.php @@ -36,7 +36,7 @@ class CControllerProxyDelete extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_PROXIES)) { return false; } diff --git a/ui/app/controllers/CControllerProxyEdit.php b/ui/app/controllers/CControllerProxyEdit.php index 0997cb48d74..67c82b5a27d 100644 --- a/ui/app/controllers/CControllerProxyEdit.php +++ b/ui/app/controllers/CControllerProxyEdit.php @@ -62,7 +62,7 @@ class CControllerProxyEdit extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_PROXIES)) { return false; } diff --git a/ui/app/controllers/CControllerProxyHostDisable.php b/ui/app/controllers/CControllerProxyHostDisable.php index 902ffb78727..96bd12be126 100644 --- a/ui/app/controllers/CControllerProxyHostDisable.php +++ b/ui/app/controllers/CControllerProxyHostDisable.php @@ -36,7 +36,7 @@ class CControllerProxyHostDisable extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_PROXIES)) { return false; } diff --git a/ui/app/controllers/CControllerProxyHostEnable.php b/ui/app/controllers/CControllerProxyHostEnable.php index fd5abf781e2..7a4971d5fcc 100644 --- a/ui/app/controllers/CControllerProxyHostEnable.php +++ b/ui/app/controllers/CControllerProxyHostEnable.php @@ -36,7 +36,7 @@ class CControllerProxyHostEnable extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_PROXIES)) { return false; } diff --git a/ui/app/controllers/CControllerProxyList.php b/ui/app/controllers/CControllerProxyList.php index a1814fa39e5..8bb848a1159 100644 --- a/ui/app/controllers/CControllerProxyList.php +++ b/ui/app/controllers/CControllerProxyList.php @@ -46,7 +46,7 @@ class CControllerProxyList extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_PROXIES); } protected function doAction() { diff --git a/ui/app/controllers/CControllerProxyUpdate.php b/ui/app/controllers/CControllerProxyUpdate.php index 6bf16d0622b..f298dec67f1 100644 --- a/ui/app/controllers/CControllerProxyUpdate.php +++ b/ui/app/controllers/CControllerProxyUpdate.php @@ -68,7 +68,7 @@ class CControllerProxyUpdate extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_PROXIES)) { return false; } diff --git a/ui/app/controllers/CControllerRegExCreate.php b/ui/app/controllers/CControllerRegExCreate.php index 5873932181a..ef2e6700288 100644 --- a/ui/app/controllers/CControllerRegExCreate.php +++ b/ui/app/controllers/CControllerRegExCreate.php @@ -54,7 +54,7 @@ class CControllerRegExCreate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerRegExDelete.php b/ui/app/controllers/CControllerRegExDelete.php index 3afb6f762f0..e772d89a492 100644 --- a/ui/app/controllers/CControllerRegExDelete.php +++ b/ui/app/controllers/CControllerRegExDelete.php @@ -40,7 +40,7 @@ class CControllerRegExDelete extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerRegExEdit.php b/ui/app/controllers/CControllerRegExEdit.php index 5c197f3fdd7..f36dc21208c 100644 --- a/ui/app/controllers/CControllerRegExEdit.php +++ b/ui/app/controllers/CControllerRegExEdit.php @@ -45,7 +45,7 @@ class CControllerRegExEdit extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerRegExList.php b/ui/app/controllers/CControllerRegExList.php index e1a2df722c8..a12a68f2c18 100644 --- a/ui/app/controllers/CControllerRegExList.php +++ b/ui/app/controllers/CControllerRegExList.php @@ -36,7 +36,7 @@ class CControllerRegExList extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerRegExTest.php b/ui/app/controllers/CControllerRegExTest.php index 137c7371c95..1a8ce9aa76e 100644 --- a/ui/app/controllers/CControllerRegExTest.php +++ b/ui/app/controllers/CControllerRegExTest.php @@ -38,7 +38,7 @@ class CControllerRegExTest extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerRegExUpdate.php b/ui/app/controllers/CControllerRegExUpdate.php index d70ec60784e..4b7d5be99f7 100644 --- a/ui/app/controllers/CControllerRegExUpdate.php +++ b/ui/app/controllers/CControllerRegExUpdate.php @@ -56,7 +56,7 @@ class CControllerRegExUpdate extends CController { } protected function checkPermissions() { - if ($this->getUserType() == USER_TYPE_SUPER_ADMIN) { + if ($this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return (bool) DBfetch(DBselect( 'SELECT NULL FROM regexps WHERE '.dbConditionInt('regexpid', (array) $this->getInput('regexid')) )); diff --git a/ui/app/controllers/CControllerReportServices.php b/ui/app/controllers/CControllerReportServices.php index 4388855f8c6..01da9e16cc0 100644 --- a/ui/app/controllers/CControllerReportServices.php +++ b/ui/app/controllers/CControllerReportServices.php @@ -46,7 +46,7 @@ class CControllerReportServices extends CController { } protected function checkPermissions() { - if ($this->getUserType() < USER_TYPE_ZABBIX_USER) { + if (!$this->checkAccess(CRoleHelper::UI_MONITORING_SERVICES)) { return false; } diff --git a/ui/app/controllers/CControllerReportStatus.php b/ui/app/controllers/CControllerReportStatus.php index 92e9f0af6f9..7a575fde193 100644 --- a/ui/app/controllers/CControllerReportStatus.php +++ b/ui/app/controllers/CControllerReportStatus.php @@ -30,7 +30,7 @@ class CControllerReportStatus extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_REPORTS_SYSTEM_INFO); } protected function doAction() { diff --git a/ui/app/controllers/CControllerScriptCreate.php b/ui/app/controllers/CControllerScriptCreate.php index 569d8930a0d..77fdb6acb36 100644 --- a/ui/app/controllers/CControllerScriptCreate.php +++ b/ui/app/controllers/CControllerScriptCreate.php @@ -57,7 +57,7 @@ class CControllerScriptCreate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_SCRIPTS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerScriptDelete.php b/ui/app/controllers/CControllerScriptDelete.php index 1aba4911497..39d8b82d5ef 100644 --- a/ui/app/controllers/CControllerScriptDelete.php +++ b/ui/app/controllers/CControllerScriptDelete.php @@ -36,7 +36,7 @@ class CControllerScriptDelete extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_SCRIPTS)) { return false; } diff --git a/ui/app/controllers/CControllerScriptEdit.php b/ui/app/controllers/CControllerScriptEdit.php index 5f3ceebfd0a..d6eb5ef7218 100644 --- a/ui/app/controllers/CControllerScriptEdit.php +++ b/ui/app/controllers/CControllerScriptEdit.php @@ -52,7 +52,7 @@ class CControllerScriptEdit extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_SCRIPTS)) { return false; } diff --git a/ui/app/controllers/CControllerScriptList.php b/ui/app/controllers/CControllerScriptList.php index 47a8c7b9e33..2b68df773d9 100644 --- a/ui/app/controllers/CControllerScriptList.php +++ b/ui/app/controllers/CControllerScriptList.php @@ -45,7 +45,7 @@ class CControllerScriptList extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_SCRIPTS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerScriptUpdate.php b/ui/app/controllers/CControllerScriptUpdate.php index 7a77b470620..83a1f23f3c8 100644 --- a/ui/app/controllers/CControllerScriptUpdate.php +++ b/ui/app/controllers/CControllerScriptUpdate.php @@ -58,7 +58,7 @@ class CControllerScriptUpdate extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_SCRIPTS)) { return false; } diff --git a/ui/app/controllers/CControllerUserCreate.php b/ui/app/controllers/CControllerUserCreate.php index 4067acc45ba..06ea26bb3fe 100644 --- a/ui/app/controllers/CControllerUserCreate.php +++ b/ui/app/controllers/CControllerUserCreate.php @@ -77,7 +77,7 @@ class CControllerUserCreate extends CControllerUserUpdateGeneral { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USERS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUserDelete.php b/ui/app/controllers/CControllerUserDelete.php index d49629ed30b..9f27020206d 100644 --- a/ui/app/controllers/CControllerUserDelete.php +++ b/ui/app/controllers/CControllerUserDelete.php @@ -36,7 +36,7 @@ class CControllerUserDelete extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USERS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUserEdit.php b/ui/app/controllers/CControllerUserEdit.php index 84b907a0de1..811faf46e68 100644 --- a/ui/app/controllers/CControllerUserEdit.php +++ b/ui/app/controllers/CControllerUserEdit.php @@ -67,7 +67,7 @@ class CControllerUserEdit extends CControllerUserEditGeneral { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USERS)) { return false; } diff --git a/ui/app/controllers/CControllerUserList.php b/ui/app/controllers/CControllerUserList.php index a5205d212b2..3cfbf57c570 100644 --- a/ui/app/controllers/CControllerUserList.php +++ b/ui/app/controllers/CControllerUserList.php @@ -50,7 +50,7 @@ class CControllerUserList extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USERS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUserUnblock.php b/ui/app/controllers/CControllerUserUnblock.php index fca35fada51..0c875107680 100644 --- a/ui/app/controllers/CControllerUserUnblock.php +++ b/ui/app/controllers/CControllerUserUnblock.php @@ -36,7 +36,7 @@ class CControllerUserUnblock extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USERS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUserUpdate.php b/ui/app/controllers/CControllerUserUpdate.php index 11632fea4fb..996e1114443 100644 --- a/ui/app/controllers/CControllerUserUpdate.php +++ b/ui/app/controllers/CControllerUserUpdate.php @@ -81,7 +81,7 @@ class CControllerUserUpdate extends CControllerUserUpdateGeneral { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USERS)) { return false; } diff --git a/ui/app/controllers/CControllerUsergroupCreate.php b/ui/app/controllers/CControllerUsergroupCreate.php index e6a6aa90368..987081e6b3b 100644 --- a/ui/app/controllers/CControllerUsergroupCreate.php +++ b/ui/app/controllers/CControllerUsergroupCreate.php @@ -62,7 +62,7 @@ class CControllerUsergroupCreate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USER_GROUPS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUsergroupDelete.php b/ui/app/controllers/CControllerUsergroupDelete.php index 8a735728a79..26fbe46d143 100644 --- a/ui/app/controllers/CControllerUsergroupDelete.php +++ b/ui/app/controllers/CControllerUsergroupDelete.php @@ -36,7 +36,7 @@ class CControllerUsergroupDelete extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USER_GROUPS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUsergroupEdit.php b/ui/app/controllers/CControllerUsergroupEdit.php index 35cc9599b30..43104eb8fff 100644 --- a/ui/app/controllers/CControllerUsergroupEdit.php +++ b/ui/app/controllers/CControllerUsergroupEdit.php @@ -58,7 +58,7 @@ class CControllerUsergroupEdit extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USER_GROUPS)) { return false; } diff --git a/ui/app/controllers/CControllerUsergroupGrouprightAdd.php b/ui/app/controllers/CControllerUsergroupGrouprightAdd.php index d92c1dfd6c3..1f4ac492188 100644 --- a/ui/app/controllers/CControllerUsergroupGrouprightAdd.php +++ b/ui/app/controllers/CControllerUsergroupGrouprightAdd.php @@ -49,7 +49,7 @@ class CControllerUsergroupGrouprightAdd extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USER_GROUPS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUsergroupList.php b/ui/app/controllers/CControllerUsergroupList.php index 21b745fea08..86eb96a8659 100644 --- a/ui/app/controllers/CControllerUsergroupList.php +++ b/ui/app/controllers/CControllerUsergroupList.php @@ -47,7 +47,7 @@ class CControllerUsergroupList extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USER_GROUPS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUsergroupMassUpdate.php b/ui/app/controllers/CControllerUsergroupMassUpdate.php index baba30cb3d9..492d675c4ee 100644 --- a/ui/app/controllers/CControllerUsergroupMassUpdate.php +++ b/ui/app/controllers/CControllerUsergroupMassUpdate.php @@ -39,7 +39,7 @@ class CControllerUsergroupMassUpdate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USER_GROUPS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUsergroupTagfilterAdd.php b/ui/app/controllers/CControllerUsergroupTagfilterAdd.php index 684b5610679..ac27f68b399 100644 --- a/ui/app/controllers/CControllerUsergroupTagfilterAdd.php +++ b/ui/app/controllers/CControllerUsergroupTagfilterAdd.php @@ -60,7 +60,7 @@ class CControllerUsergroupTagfilterAdd extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USER_GROUPS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUsergroupUpdate.php b/ui/app/controllers/CControllerUsergroupUpdate.php index 882f2f9e855..4bfe58fde90 100644 --- a/ui/app/controllers/CControllerUsergroupUpdate.php +++ b/ui/app/controllers/CControllerUsergroupUpdate.php @@ -64,7 +64,7 @@ class CControllerUsergroupUpdate extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USER_GROUPS); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUserroleDelete.php b/ui/app/controllers/CControllerUserroleDelete.php index f1c330f19de..d0fb4884495 100644 --- a/ui/app/controllers/CControllerUserroleDelete.php +++ b/ui/app/controllers/CControllerUserroleDelete.php @@ -36,7 +36,7 @@ class CControllerUserroleDelete extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USER_ROLES); } protected function doAction() { diff --git a/ui/app/controllers/CControllerUserroleList.php b/ui/app/controllers/CControllerUserroleList.php index f23946085c2..c1ce5d486e9 100644 --- a/ui/app/controllers/CControllerUserroleList.php +++ b/ui/app/controllers/CControllerUserroleList.php @@ -46,7 +46,7 @@ class CControllerUserroleList extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_USER_ROLES); } protected function doAction() { diff --git a/ui/app/controllers/CControllerValuemapCreate.php b/ui/app/controllers/CControllerValuemapCreate.php index 5da16653341..78f28826c82 100644 --- a/ui/app/controllers/CControllerValuemapCreate.php +++ b/ui/app/controllers/CControllerValuemapCreate.php @@ -53,7 +53,7 @@ class CControllerValuemapCreate extends CController { } protected function checkPermissions() { - return $this->getUserType() == USER_TYPE_SUPER_ADMIN; + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerValuemapDelete.php b/ui/app/controllers/CControllerValuemapDelete.php index 8c4925c1ebc..c77efed03d8 100644 --- a/ui/app/controllers/CControllerValuemapDelete.php +++ b/ui/app/controllers/CControllerValuemapDelete.php @@ -40,7 +40,7 @@ class CControllerValuemapDelete extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerValuemapEdit.php b/ui/app/controllers/CControllerValuemapEdit.php index 3c8ab4d83e7..b88ef60d4db 100644 --- a/ui/app/controllers/CControllerValuemapEdit.php +++ b/ui/app/controllers/CControllerValuemapEdit.php @@ -44,7 +44,7 @@ class CControllerValuemapEdit extends CController { } protected function checkPermissions() { - if ($this->getUserType() != USER_TYPE_SUPER_ADMIN) { + if (!$this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL)) { return false; } diff --git a/ui/app/controllers/CControllerValuemapList.php b/ui/app/controllers/CControllerValuemapList.php index cb3a9cccdd8..e399d434b02 100644 --- a/ui/app/controllers/CControllerValuemapList.php +++ b/ui/app/controllers/CControllerValuemapList.php @@ -40,7 +40,7 @@ class CControllerValuemapList extends CController { } protected function checkPermissions() { - return ($this->getUserType() == USER_TYPE_SUPER_ADMIN); + return $this->checkAccess(CRoleHelper::UI_ADMINISTRATION_GENERAL); } protected function doAction() { diff --git a/ui/app/controllers/CControllerWebView.php b/ui/app/controllers/CControllerWebView.php index a25cf8c9047..422775b2196 100644 --- a/ui/app/controllers/CControllerWebView.php +++ b/ui/app/controllers/CControllerWebView.php @@ -46,7 +46,7 @@ class CControllerWebView extends CController { } protected function checkPermissions() { - return ($this->getUserType() >= USER_TYPE_ZABBIX_USER); + return $this->checkAccess(CRoleHelper::UI_MONITORING_HOSTS); } protected function doAction() { diff --git a/ui/include/classes/helpers/CRoleHelper.php b/ui/include/classes/helpers/CRoleHelper.php index cf6608f5892..be2e0ca930a 100644 --- a/ui/include/classes/helpers/CRoleHelper.php +++ b/ui/include/classes/helpers/CRoleHelper.php @@ -196,12 +196,12 @@ class CRoleHelper { 'roleids' => $roleid ]); - $role = reset($roles); - - if (!$role) { + if ($roles === false) { throw new Exception(_('Specified role was not found.')); } + $role = $roles[0]; + $rules = ['api_methods' => []]; $modules = []; diff --git a/ui/include/classes/mvc/CController.php b/ui/include/classes/mvc/CController.php index b05b1283d22..65fdb28728a 100644 --- a/ui/include/classes/mvc/CController.php +++ b/ui/include/classes/mvc/CController.php @@ -70,7 +70,7 @@ abstract class CController { */ protected function composeMenu() { $menu = APP::Component()->get('menu.main'); - $user_type = CWebUser::getType(); + $user_type = $this->getUserType(); if ($user_type === 0) { return; @@ -158,6 +158,17 @@ abstract class CController { } /** + * Checks access of current user to specific access rule. + * + * @param string $rule_name Rule name. + * + * @return bool Returns true if user has access to rule, false - otherwise. + */ + public function checkAccess(string $rule_name): bool { + return CWebUser::checkAccess($rule_name); + } + + /** * Return user SID, first 16 bytes of session ID. * * @return string diff --git a/ui/include/classes/mvc/CLegacyAction.php b/ui/include/classes/mvc/CLegacyAction.php index 93c0cbddb6b..89461877a61 100644 --- a/ui/include/classes/mvc/CLegacyAction.php +++ b/ui/include/classes/mvc/CLegacyAction.php @@ -50,6 +50,7 @@ class CLegacyAction extends CAction { public function checkPermissions(): bool { $user_type = $this->getUserType(); $denied = []; + $action = $this->getAction(); if ($user_type < USER_TYPE_ZABBIX_USER) { $denied = ['chart.php', 'chart2.php', 'chart3.php', 'chart5.php', 'chart6.php', 'chart7.php', 'history.php', @@ -72,6 +73,67 @@ class CLegacyAction extends CAction { $denied = array_merge($denied, ['auditacts.php', 'correlation.php', 'queue.php']); } - return !in_array($this->getAction(), $denied); + if (in_array($action, $denied)) { + return false; + } + + $rule_actions = []; + + if (in_array($user_type, [USER_TYPE_ZABBIX_USER, USER_TYPE_ZABBIX_ADMIN, USER_TYPE_SUPER_ADMIN])) { + if ($action === 'screenconf.php' || $action === 'screenedit.php') { + return getRequest('templateid', false) + ? $this->checkAccess(CRoleHelper::UI_CONFIGURATION_TEMPLATES) + : $this->checkAccess(CRoleHelper::UI_MONITORING_SCREENS); + } + + $rule_actions = [ + CRoleHelper::UI_MONITORING_PROBLEMS => ['tr_events.php'], + CRoleHelper::UI_MONITORING_HOSTS => ['chart2.php', 'chart3.php', 'chart6.php', 'chart7.php', + 'host_screen.php', 'httpdetails.php' + ], + CRoleHelper::UI_MONITORING_OVERVIEW => ['overview.php'], + CRoleHelper::UI_MONITORING_LATEST_DATA => ['chart.php', 'history.php'], + CRoleHelper::UI_MONITORING_SCREENS => ['screen.import.php', 'screens.php', 'slideconf.php', + 'slides.php' + ], + CRoleHelper::UI_MONITORING_MAPS => ['image.php', 'map.import.php', 'map.php', 'sysmap.php', + 'sysmaps.php' + ], + CRoleHelper::UI_MONITORING_SERVICES => ['chart5.php', 'srv_status.php'], + CRoleHelper::UI_INVENTORY_OVERVIEW => ['hostinventoriesoverview.php'], + CRoleHelper::UI_INVENTORY_HOSTS => ['hostinventories.php'], + CRoleHelper::UI_REPORTS_AVAILABILITY_REPORT => ['chart4.php', 'report2.php'], + CRoleHelper::UI_REPORTS_TOP_TRIGGERS => ['toptriggers.php'] + ]; + } + + if ($user_type == USER_TYPE_ZABBIX_ADMIN || $user_type == USER_TYPE_SUPER_ADMIN) { + $rule_actions += [ + CRoleHelper::UI_REPORTS_NOTIFICATIONS => ['report4.php'], + CRoleHelper::UI_CONFIGURATION_HOST_GROUPS => ['hostgroups.php'], + CRoleHelper::UI_CONFIGURATION_TEMPLATES => ['templates.php'], + CRoleHelper::UI_CONFIGURATION_HOSTS => ['hosts.php'], + CRoleHelper::UI_CONFIGURATION_MAINTENANCE => ['maintenance.php'], + CRoleHelper::UI_CONFIGURATION_ACTIONS => ['actionconf.php'], + CRoleHelper::UI_CONFIGURATION_DISCOVERY => ['discoveryconf.php'], + CRoleHelper::UI_CONFIGURATION_SERVICES => ['services.php'] + ]; + } + + if ($user_type == USER_TYPE_SUPER_ADMIN) { + $rule_actions += [ + CRoleHelper::UI_REPORTS_ACTION_LOG => ['auditacts.php'], + CRoleHelper::UI_CONFIGURATION_EVENT_CORRELATION => ['correlation.php'], + CRoleHelper::UI_ADMINISTRATION_QUEUE => ['queue.php'] + ]; + } + + foreach ($rule_actions as $rule_name => $actions) { + if (in_array($action, $actions)) { + return $this->checkAccess($rule_name); + } + } + + return true; } } diff --git a/ui/include/classes/user/CWebUser.php b/ui/include/classes/user/CWebUser.php index 9d4933e0383..4864fe601dd 100644 --- a/ui/include/classes/user/CWebUser.php +++ b/ui/include/classes/user/CWebUser.php @@ -133,7 +133,7 @@ class CWebUser { * @return bool Returns true if user has access to specified rule, false - otherwise. */ public static function checkAccess(string $rule_name): bool { - if (empty(self::$data)) { + if (empty(self::$data) || self::$data['roleid'] == 0) { return false; } @@ -152,7 +152,8 @@ class CWebUser { 'lang' => CSettingsHelper::getGlobal(CSettingsHelper::DEFAULT_LANG), 'type' => 0, 'gui_access' => GROUP_GUI_ACCESS_SYSTEM, - 'debug_mode' => false + 'debug_mode' => false, + 'roleid' => 0 ]; } |