Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/zabbix/zabbix.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/ui/include/classes/api/services/CUserGroup.php
diff options
context:
space:
mode:
Diffstat (limited to 'ui/include/classes/api/services/CUserGroup.php')
-rw-r--r--ui/include/classes/api/services/CUserGroup.php101
1 files changed, 61 insertions, 40 deletions
diff --git a/ui/include/classes/api/services/CUserGroup.php b/ui/include/classes/api/services/CUserGroup.php
index d9f9d6548e8..8595b066f1a 100644
--- a/ui/include/classes/api/services/CUserGroup.php
+++ b/ui/include/classes/api/services/CUserGroup.php
@@ -171,6 +171,12 @@ class CUserGroup extends CApiService {
* @return array
*/
public function create(array $usrgrps) {
+ if (self::$userData['type'] != USER_TYPE_SUPER_ADMIN) {
+ self::exception(ZBX_API_ERROR_PERMISSIONS,
+ _s('No permissions to call "%1$s.%2$s".', 'usergroup', __FUNCTION__)
+ );
+ }
+
$this->validateCreate($usrgrps);
$ins_usrgrps = [];
@@ -249,32 +255,15 @@ class CUserGroup extends CApiService {
* @return array
*/
public function update($usrgrps) {
- $this->validateUpdate($usrgrps, $db_usrgrps);
-
- $upd_usrgrps = [];
-
- foreach ($usrgrps as $usrgrp) {
- $db_usrgrp = $db_usrgrps[$usrgrp['usrgrpid']];
-
- $upd_usrgrp = DB::getUpdatedValues('usrgrp', $usrgrp, $db_usrgrp);
-
- if ($upd_usrgrp) {
- $upd_usrgrps[] = [
- 'values' => $upd_usrgrp,
- 'where' => ['usrgrpid' => $usrgrp['usrgrpid']]
- ];
- }
- }
-
- if ($upd_usrgrps) {
- DB::update('usrgrp', $upd_usrgrps);
+ if (self::$userData['type'] != USER_TYPE_SUPER_ADMIN) {
+ self::exception(ZBX_API_ERROR_PERMISSIONS,
+ _s('No permissions to call "%1$s.%2$s".', 'usergroup', __FUNCTION__)
+ );
}
- self::updateRights($usrgrps, __FUNCTION__, $db_usrgrps);
- self::updateTagFilters($usrgrps, __FUNCTION__, $db_usrgrps);
- self::updateUsersGroups($usrgrps, __FUNCTION__, $db_usrgrps);
+ $this->validateUpdate($usrgrps, $db_usrgrps);
- self::addAuditLog(CAudit::ACTION_UPDATE, CAudit::RESOURCE_USER_GROUP, $usrgrps, $db_usrgrps);
+ self::updateForce($usrgrps, $db_usrgrps);
return ['usrgrpids'=> array_column($usrgrps, 'usrgrpid')];
}
@@ -344,7 +333,7 @@ class CUserGroup extends CApiService {
}
unset($usrgrp);
- $this->addAffectedObjects($usrgrps, $db_usrgrps);
+ self::addAffectedObjects($usrgrps, $db_usrgrps);
if ($names) {
$this->checkDuplicates($names);
@@ -627,6 +616,39 @@ class CUserGroup extends CApiService {
}
/**
+ * @static
+ *
+ * @param array $usrgrps
+ * @param array $db_usrgrps
+ */
+ public static function updateForce($usrgrps, $db_usrgrps): void {
+ $upd_usrgrps = [];
+
+ foreach ($usrgrps as $usrgrp) {
+ $db_usrgrp = $db_usrgrps[$usrgrp['usrgrpid']];
+
+ $upd_usrgrp = DB::getUpdatedValues('usrgrp', $usrgrp, $db_usrgrp);
+
+ if ($upd_usrgrp) {
+ $upd_usrgrps[] = [
+ 'values' => $upd_usrgrp,
+ 'where' => ['usrgrpid' => $usrgrp['usrgrpid']]
+ ];
+ }
+ }
+
+ if ($upd_usrgrps) {
+ DB::update('usrgrp', $upd_usrgrps);
+ }
+
+ self::updateRights($usrgrps, 'update', $db_usrgrps);
+ self::updateTagFilters($usrgrps, 'update', $db_usrgrps);
+ self::updateUsersGroups($usrgrps, 'update', $db_usrgrps);
+
+ self::addAuditLog(CAudit::ACTION_UPDATE, CAudit::RESOURCE_USER_GROUP, $usrgrps, $db_usrgrps);
+ }
+
+ /**
* Update table "rights".
*
* @static
@@ -855,6 +877,12 @@ class CUserGroup extends CApiService {
* @return array
*/
public function delete(array $usrgrpids) {
+ if (self::$userData['type'] != USER_TYPE_SUPER_ADMIN) {
+ self::exception(ZBX_API_ERROR_PERMISSIONS,
+ _s('No permissions to call "%1$s.%2$s".', 'usergroup', __FUNCTION__)
+ );
+ }
+
$this->validateDelete($usrgrpids, $db_usrgrps);
DB::delete('rights', ['groupid' => $usrgrpids]);
@@ -1064,10 +1092,12 @@ class CUserGroup extends CApiService {
/**
* Add the existing rights, tag_filters and userids to $db_usrgrps whether these are affected by the update.
*
+ * @static
+ *
* @param array $usrgrps
* @param array $db_usrgrps
*/
- private function addAffectedObjects(array $usrgrps, array &$db_usrgrps): void {
+ private static function addAffectedObjects(array $usrgrps, array &$db_usrgrps): void {
$usrgrpids = ['rights' => [], 'tag_filters' => [], 'users' => []];
foreach ($usrgrps as $usrgrp) {
@@ -1095,11 +1125,8 @@ class CUserGroup extends CApiService {
$db_rights = DBselect(DB::makeSql('rights', $options));
while ($db_right = DBfetch($db_rights)) {
- $db_usrgrps[$db_right['groupid']]['rights'][$db_right['rightid']] = [
- 'rightid' => $db_right['rightid'],
- 'id' => $db_right['id'],
- 'permission' => $db_right['permission']
- ];
+ $db_usrgrps[$db_right['groupid']]['rights'][$db_right['rightid']] =
+ array_diff_key($db_right, array_flip(['groupid']));
}
}
@@ -1111,12 +1138,8 @@ class CUserGroup extends CApiService {
$db_tags = DBselect(DB::makeSql('tag_filter', $options));
while ($db_tag = DBfetch($db_tags)) {
- $db_usrgrps[$db_tag['usrgrpid']]['tag_filters'][$db_tag['tag_filterid']] = [
- 'tag_filterid' => $db_tag['tag_filterid'],
- 'groupid' => $db_tag['groupid'],
- 'tag' => $db_tag['tag'],
- 'value' => $db_tag['value']
- ];
+ $db_usrgrps[$db_tag['usrgrpid']]['tag_filters'][$db_tag['tag_filterid']] =
+ array_diff_key($db_tag, array_flip(['usrgrpid']));
}
}
@@ -1128,10 +1151,8 @@ class CUserGroup extends CApiService {
$db_users = DBselect(DB::makeSql('users_groups', $options));
while ($db_user = DBfetch($db_users)) {
- $db_usrgrps[$db_user['usrgrpid']]['users'][$db_user['id']] = [
- 'id' => $db_user['id'],
- 'userid' => $db_user['userid']
- ];
+ $db_usrgrps[$db_user['usrgrpid']]['users'][$db_user['id']] =
+ array_diff_key($db_user, array_flip(['usrgrpid']));
}
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-22 15:22:34 +0300