ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use for auth, and add Monitor Edit checks to Zone add/delete/edit

This commit is contained in:
Isaac Connor 2018-07-24 11:49:40 -04:00
parent caa8adae5e
commit 08d3f98e5e
1 changed files with 138 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

262
web/api/app/Controller/ZonesController.php
View File

@ -7,148 +7,162 @@ App::uses('AppController', 'Controller');
*/ */
class ZonesController extends AppController { class ZonesController extends AppController {
/** /**
* Components * Components
* *
* @var array * @var array
*/ */
public $components = array('RequestHandler'); public $components = array('RequestHandler');
public function beforeFilter() { public function beforeFilter() {
parent::beforeFilter(); parent::beforeFilter();
$canView = $this->Session->Read('monitorPermission');
if ($canView =='None')
{
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
} global $user;
$canView = (!$user) || $user['Monitors'] != 'None';
if ( !$canView ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
}
// Find all zones which belong to a MonitorId // Find all zones which belong to a MonitorId
public function forMonitor($id = null) { public function forMonitor($id = null) {
$this->loadModel('Monitor'); $this->loadModel('Monitor');
if (!$this->Monitor->exists($id)) { if ( !$this->Monitor->exists($id) ) {
throw new NotFoundException(__('Invalid monitor')); throw new NotFoundException(__('Invalid monitor'));
} }
$this->Zone->recursive = -1; $this->Zone->recursive = -1;
$zones = $this->Zone->find('all', array( $zones = $this->Zone->find('all', array(
'conditions' => array('MonitorId' => $id) 'conditions' => array('MonitorId' => $id)
)); ));
$this->set(array( $this->set(array(
'zones' => $zones, 'zones' => $zones,
'_serialize' => array('zones') '_serialize' => array('zones')
)); ));
} }
public function index() { public function index() {
$this->Zone->recursive = -1; $this->Zone->recursive = -1;
$allowedMonitors=preg_split ('@,@', $this->Session->Read('allowedMonitors'),NULL, PREG_SPLIT_NO_EMPTY); global $user;
if (!empty($allowedMonitors)) $allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'],NULL, PREG_SPLIT_NO_EMPTY) : null;
{ if ( $allowedMonitors ) {
$mon_options = array('Zones.MonitorId' => $allowedMonitors); $mon_options = array('Zones.MonitorId' => $allowedMonitors);
} } else {
else $mon_options = '';
{
$mon_options='';
} }
$zones = $this->Zone->find('all',$mon_options); $zones = $this->Zone->find('all',$mon_options);
$this->set(array( $this->set(array(
'zones' => $zones, 'zones' => $zones,
'_serialize' => array('zones') '_serialize' => array('zones')
)); ));
} }
/** /**
* add method * add method
* *
* @return void * @return void
*/ */
public function add() { public function add() {
if ($this->request->is('post')) { if ( $this->request->is('post') ) {
$this->Zone->create();
if ($this->Zone->save($this->request->data)) { global $user;
return $this->flash(__('The zone has been saved.'), array('action' => 'index')); $canEdit = (!$user) || $user['Monitors'] == 'Edit';
} if ( !$canEdit ) {
} throw new UnauthorizedException(__('Insufficient Privileges'));
$monitors = $this->Zone->Monitor->find('list'); return;
$this->set(compact('monitors')); }
$this->Zone->create();
if ( $this->Zone->save($this->request->data) ) {
return $this->flash(__('The zone has been saved.'), array('action' => 'index'));
}
}
$monitors = $this->Zone->Monitor->find('list');
$this->set(compact('monitors'));
}
/**
* edit method
*
* @throws NotFoundException
* @param string $id
* @return void
*/
public function edit($id = null) {
$this->Zone->id = $id;
if ( !$this->Zone->exists($id) ) {
throw new NotFoundException(__('Invalid zone'));
}
if ( $this->request->is(array('post', 'put')) ) {
global $user;
$canEdit = (!$user) || $user['Monitors'] == 'Edit';
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
if ( $this->Zone->save($this->request->data) ) {
return $this->flash(__('The zone has been saved.'), array('action' => 'index'));
}
} else {
$options = array('conditions' => array('Zone.' . $this->Zone->primaryKey => $id));
$this->request->data = $this->Zone->find('first', $options);
}
$monitors = $this->Zone->Monitor->find('list');
$this->set(compact('monitors'));
}
/**
* delete method
*
* @throws NotFoundException
* @param string $id
* @return void
*/
public function delete($id = null) {
$this->Zone->id = $id;
if ( !$this->Zone->exists() ) {
throw new NotFoundException(__('Invalid zone'));
}
$this->request->allowMethod('post', 'delete');
global $user;
$canEdit = (!$user) || $user['Monitors'] == 'Edit';
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
if ( $this->Zone->delete() ) {
return $this->flash(__('The zone has been deleted.'), array('action' => 'index'));
} else {
return $this->flash(__('The zone could not be deleted. Please, try again.'), array('action' => 'index'));
}
}
public function createZoneImage( $id = null ) {
$this->loadModel('Monitor');
$this->Monitor->id = $id;
if ( !$this->Monitor->exists() ) {
throw new NotFoundException(__('Invalid zone'));
} }
/** $this->loadModel('Config');
* edit method $zm_dir_images = $this->Config->find('list', array(
* 'conditions' => array('Name' => 'ZM_DIR_IMAGES'),
* @throws NotFoundException 'fields' => array('Name', 'Value')
* @param string $id ));
* @return void
*/
public function edit($id = null) {
$this->Zone->id = $id;
if (!$this->Zone->exists($id)) { $zm_dir_images = $zm_dir_images['ZM_DIR_IMAGES'];
throw new NotFoundException(__('Invalid zone')); $zm_path_web = Configure::read('ZM_PATH_WEB');
} $zm_path_bin = Configure::read('ZM_PATH_BIN');
if ($this->request->is(array('post', 'put'))) { $images_path = "$zm_path_web/$zm_dir_images";
if ($this->Zone->save($this->request->data)) {
return $this->flash(__('The zone has been saved.'), array('action' => 'index'));
}
} else {
$options = array('conditions' => array('Zone.' . $this->Zone->primaryKey => $id));
$this->request->data = $this->Zone->find('first', $options);
}
$monitors = $this->Zone->Monitor->find('list');
$this->set(compact('monitors'));
}
/** chdir($images_path);
* delete method
*
* @throws NotFoundException
* @param string $id
* @return void
*/
public function delete($id = null) {
$this->Zone->id = $id;
if (!$this->Zone->exists()) {
throw new NotFoundException(__('Invalid zone'));
}
$this->request->allowMethod('post', 'delete');
if ($this->Zone->delete()) {
return $this->flash(__('The zone has been deleted.'), array('action' => 'index'));
} else {
return $this->flash(__('The zone could not be deleted. Please, try again.'), array('action' => 'index'));
}
}
$command = escapeshellcmd("$zm_path_bin/zmu -z -m $id");
system( $command, $status );
$this->set(array(
public function createZoneImage( $id = null ) { 'status' => $status,
$this->loadModel('Monitor'); '_serialize' => array('status')
$this->Monitor->id = $id; ));
if (!$this->Monitor->exists()) { }
throw new NotFoundException(__('Invalid zone')); } // end class
}
$this->loadModel('Config');
$zm_dir_images = $this->Config->find('list', array(
'conditions' => array('Name' => 'ZM_DIR_IMAGES'),
'fields' => array('Name', 'Value')
));
$zm_dir_images = $zm_dir_images['ZM_DIR_IMAGES'];
$zm_path_web = Configure::read('ZM_PATH_WEB');
$zm_path_bin = Configure::read('ZM_PATH_BIN');
$images_path = "$zm_path_web/$zm_dir_images";
chdir($images_path);
$command = escapeshellcmd("$zm_path_bin/zmu -z -m $id");
system( $command, $status );
$this->set(array(
'status' => $status,
'_serialize' => array('status')
));
}
}