ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'fix_2167' into storageareas

This commit is contained in:
Isaac Connor 2018-08-02 18:08:54 -04:00
parent a44df858be 3de6b764e2
commit e935570a40
7 changed files with 247 additions and 279 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
web/api/app/Controller/AppController.php
View File

@ -60,30 +60,48 @@ class AppController extends Controller {
// for role and deny API access in future
// Also checking to do this only if ZM_OPT_USE_AUTH is on
public function beforeFilter() {
$this->loadModel('Config');
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_API'));
$config = $this->Config->find('first', $options);
$zmOptApi = $config['Config']['Value'];
if ( $zmOptApi != '1' ) {
if ( ! ZM_OPT_USE_API ) {
throw new UnauthorizedException(__('API Disabled'));
return;
}
// We need to reject methods that are not authenticated
// besides login and logout
if (
strcasecmp($this->params->action, 'login')
&&
strcasecmp($this->params->action,"logout")
) {
if ( !$this->Session->read('user.Username') ) {
throw new UnauthorizedException(__('Not Authenticated'));
return;
} else if ( !$this->Session->read('user.Enabled') ) {
throw new UnauthorizedException(__('User is not enabled'));
return;
}
}
}
# For use throughout the app. If not logged in, this will be null.
global $user;
$user = $this->Session->read('user');
if ( ZM_OPT_USE_AUTH ) {
require_once '../../../includes/auth.php';
$mUser = $this->request->data('user');
$mPassword = $this->request->data('pass');
$mAuth = $this->request->data('auth');
if ( $mUser and $mPassword ) {
$user = userLogin($mUser, $mPassword);
if ( !$user ) {
throw new UnauthorizedException(__('User not found or incorrect password'));
return;
}
} else if ( $mAuth ) {
$user = getAuthUser($mAuth);
if ( !$user ) {
throw new UnauthorizedException(__('Invalid Auth Key'));
return;
}
}
// We need to reject methods that are not authenticated
// besides login and logout
if ( strcasecmp($this->params->action, 'logout') ) {
if ( !( $user and $user['Username'] ) ) {
throw new UnauthorizedException(__('Not Authenticated'));
return;
} else if ( !( $user and $user['Enabled'] ) ) {
throw new UnauthorizedException(__('User is not enabled'));
return;
}
} # end if ! login or logout
} # end if ZM_OPT_AUTH
} # end function beforeFilter()
}

40
web/api/app/Controller/EventsController.php
View File

@ -1,5 +1,6 @@
<?php
App::uses('AppController', 'Controller');
/**
* Events Controller
*
@ -16,8 +17,9 @@ class EventsController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
$canView = $this->Session->Read('eventPermission');
if ( $canView == 'None' ) {
global $user;
$canView = (!$user) || ($user['Events'] != 'None');
if ( !$canView ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
@ -32,15 +34,16 @@ class EventsController extends AppController {
public function index() {
$this->Event->recursive = -1;
$allowedMonitors = preg_split('@,@', $this->Session->Read('allowedMonitors'), NULL, PREG_SPLIT_NO_EMPTY);
global $user;
$allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'], NULL, PREG_SPLIT_NO_EMPTY) : null;
if ( !empty($allowedMonitors) ) {
if ( $allowedMonitors ) {
$mon_options = array('Event.MonitorId' => $allowedMonitors);
} else {
$mon_options = '';
}
if ( $this->request->params['named'] ) {
if ( $this->request->params['named'] ) {
//$this->FilterComponent = $this->Components->load('Filter');
//$conditions = $this->FilterComponent->buildFilter($this->request->params['named']);
$conditions = $this->request->params['named'];
@ -85,13 +88,13 @@ class EventsController extends AppController {
$events = $this->Paginator->paginate('Event');
// For each event, get the frameID which has the largest score
foreach ($events as $key => $value) {
foreach ( $events as $key => $value ) {
$maxScoreFrameId = $this->getMaxScoreAlarmFrameId($value['Event']['Id']);
$events[$key]['Event']['MaxScoreFrameId'] = $maxScoreFrameId;
}
$this->set(compact('events'));
}
} // end public function index()
/**
* view method
@ -108,9 +111,10 @@ class EventsController extends AppController {
throw new NotFoundException(__('Invalid event'));
}
$allowedMonitors = preg_split('@,@', $this->Session->Read('allowedMonitors'), NULL, PREG_SPLIT_NO_EMPTY);
global $user;
$allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'], NULL, PREG_SPLIT_NO_EMPTY) : null;
if ( !empty($allowedMonitors) ) {
if ( $allowedMonitors ) {
$mon_options = array('Event.MonitorId' => $allowedMonitors);
} else {
$mon_options = '';
@ -149,7 +153,9 @@ class EventsController extends AppController {
*/
public function add() {
if ( $this->Session->Read('eventPermission') != 'Edit' ) {
global $user;
$canEdit = (!$user) || ($user['Events'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
@ -173,7 +179,9 @@ class EventsController extends AppController {
*/
public function edit($id = null) {
if ( $this->Session->Read('eventPermission') != 'Edit' ) {
global $user;
$canEdit = (!$user) || ($user['Events'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
@ -204,7 +212,9 @@ class EventsController extends AppController {
* @return void
*/
public function delete($id = null) {
if ( $this->Session->Read('eventPermission') != 'Edit' ) {
global $user;
$canEdit = (!$user) || ($user['Events'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
@ -257,9 +267,9 @@ class EventsController extends AppController {
$moreconditions = '';
foreach ($this->request->params['named'] as $name => $param) {
$moreconditions = $moreconditions . ' AND '.$name.$param;
}
}
$query = $this->Event->query("select MonitorId, COUNT(*) AS Count from Events WHERE (StartTime >= (DATE_SUB(NOW(), interval $interval)) $moreconditions) GROUP BY MonitorId;");
$query = $this->Event->query("SELECT MonitorId, COUNT(*) AS Count FROM Events WHERE (StartTime >= (DATE_SUB(NOW(), interval $interval)) $moreconditions) GROUP BY MonitorId;");
foreach ($query as $result) {
$results[$result['Events']['MonitorId']] = $result[0]['Count'];
@ -336,7 +346,7 @@ class EventsController extends AppController {
$thumbData['Width'] = (int)$thumbWidth;
$thumbData['Height'] = (int)$thumbHeight;
return( $thumbData );
return $thumbData;
}
public function archive($id = null) {

102
web/api/app/Controller/HostController.php
View File

@ -8,9 +8,9 @@ class HostController extends AppController {
public function daemonCheck($daemon=false, $args=false) {
$string = Configure::read('ZM_PATH_BIN').'/zmdc.pl check';
if ( $daemon ) {
$string .= " $daemon";
if ( $args )
$string .= " $args";
$string .= " $daemon";
if ( $args )
$string .= " $args";
}
$result = exec($string);
$result = preg_match('/running/', $result);
@ -29,95 +29,9 @@ class HostController extends AppController {
'_serialize' => array('load')
));
}
function login() {
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_AUTH'));
$config = $this->Config->find('first', $options);
$zmOptAuth = $config['Config']['Value'];
if ( $zmOptAuth == '1' ) {
require_once "../../../includes/auth.php";
global $user;
$user = $this->Session->read('user');
$mUser = $this->request->data('user');
$mPassword = $this->request->data('pass');
$mAuth = $this->request->data('auth');
if ( $mUser and $mPassword) {
$user = userLogin($mUser, $mPassword);
if ( !$user ) {
throw new UnauthorizedException(__('User not found or incorrect password'));
return;
}
}
elseif ( $mAuth ) {
$user = getAuthUser($mAuth);
if ( ! $user ) {
throw new UnauthorizedException(__('User not found or incorrect password'));
return;
}
}
else {
throw new UnauthorizedException(__('missing credentials'));
}
if ( 0 and $user ) {
# We have to redo the session variables because cakephp's Session code will overwrite the normal php session
# Actually I'm not sure that is true. Getting indeterminate behaviour
Logger::Debug("user.Username: " . $this->Session->read('user.Username'));
if ( ! $this->Session->Write('user', $user) )
$this->log("Error writing session var user");
Logger::Debug("user.Username: " . $this->Session->read('user.Username'));
if ( ! $this->Session->Write('user.Username', $user['Username']) )
$this->log("Error writing session var user.Username");
if ( ! $this->Session->Write('password', $user['Password']) )
$this->log("Error writing session var user.Username");
if ( ! $this->Session->Write('user.Enabled', $user['Enabled']) )
$this->log("Error writing session var user.Enabled");
if ( ! $this->Session->Write('remoteAddr', $_SERVER['REMOTE_ADDR']) )
$this->log("Error writing session var remoteAddr");
}
// I don't think this is really needed - the Username part
// Enabled check is ok
if ( !$user['Username'] ) {
throw new UnauthorizedException(__('Not Authenticated'));
return;
} else if ( !$user['Enabled'] ) {
throw new UnauthorizedException(__('User is not enabled'));
return;
}
$this->Session->Write('allowedMonitors',$user['MonitorIds']);
$this->Session->Write('streamPermission',$user['Stream']);
$this->Session->Write('eventPermission',$user['Events']);
$this->Session->Write('controlPermission',$user['Control']);
$this->Session->Write('systemPermission',$user['System']);
$this->Session->Write('monitorPermission',$user['Monitors']);
} else {
// if auth is not on, you can do everything
//$userMonitors = $this->User->find('first', $options);
$this->Session->Write('allowedMonitors','');
$this->Session->Write('streamPermission','View');
$this->Session->Write('eventPermission','Edit');
$this->Session->Write('controlPermission','Edit');
$this->Session->Write('systemPermission','Edit');
$this->Session->Write('monitorPermission','Edit');
}
$cred = $this->_getCredentials();
$ver = $this->_getVersion();
$this->set(array(
@ -130,8 +44,7 @@ class HostController extends AppController {
'version',
'apiversion'
)));
}
} // end function login()
// clears out session
function logout() {
@ -143,7 +56,7 @@ class HostController extends AppController {
'_serialize' => array('result')
));
}
} // end function logout()
private function _getCredentials() {
$credentials = '';
@ -167,8 +80,7 @@ class HostController extends AppController {
}
}
return array($credentials, $appendPassword);
}
} // end function _getCredentials
function getCredentials() {
// ignore debug warnings from other functions
@ -180,8 +92,6 @@ class HostController extends AppController {
'_serialize' => array('credentials', 'append_password')
) );
}
// If $mid is set, only return disk usage for that monitor
// Else, return an array of total disk usage, and per-monitor

36
web/api/app/Controller/MonitorsController.php
View File

@ -21,8 +21,10 @@ class MonitorsController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
$canView = $this->Session->Read('monitorPermission');
if ($canView == 'None') {
global $user;
# We already tested for auth in appController, so we just need to test for specific permission
$canView = (!$user) || ($user['Monitors'] != 'None');
if ( !$canView ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
@ -44,8 +46,9 @@ class MonitorsController extends AppController {
$conditions = array();
}
$allowedMonitors=preg_split ('@,@', $this->Session->Read('allowedMonitors'),NULL, PREG_SPLIT_NO_EMPTY);
if (!empty($allowedMonitors)) {
global $user;
$allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'], NULL, PREG_SPLIT_NO_EMPTY) : null;
if ( $allowedMonitors ) {
$conditions['Monitor.Id' ] = $allowedMonitors;
}
$find_array = array('conditions'=>$conditions,'contain'=>array('Group'));
@ -88,8 +91,9 @@ class MonitorsController extends AppController {
if ( !$this->Monitor->exists($id) ) {
throw new NotFoundException(__('Invalid monitor'));
}
$allowedMonitors=preg_split('@,@', $this->Session->Read('allowedMonitors'), NULL, PREG_SPLIT_NO_EMPTY);
if ( !empty($allowedMonitors) ) {
global $user;
$allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'], NULL, PREG_SPLIT_NO_EMPTY) : null;
if ( $allowedMonitors ) {
$restricted = array('Monitor.' . $this->Monitor->primaryKey => $allowedMonitors);
} else {
$restricted = '';
@ -115,7 +119,9 @@ class MonitorsController extends AppController {
public function add() {
if ( $this->request->is('post') ) {
if ( $this->Session->Read('systemPermission') != 'Edit' ) {
global $user;
$canAdd = (!$user) || ($user['System'] == 'Edit' );
if ( !$canAdd ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
@ -148,7 +154,9 @@ class MonitorsController extends AppController {
if ( !$this->Monitor->exists($id) ) {
throw new NotFoundException(__('Invalid monitor'));
}
if ( $this->Session->Read('monitorPermission') != 'Edit' ) {
global $user;
$canEdit = (!$user) || ($user['Monitors'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
@ -215,7 +223,7 @@ class MonitorsController extends AppController {
}
public function sourceTypes() {
$sourceTypes = $this->Monitor->query("describe Monitors Type;");
$sourceTypes = $this->Monitor->query('describe Monitors Type;');
preg_match('/^enum\((.*)\)$/', $sourceTypes[0]['COLUMNS']['Type'], $matches);
foreach( explode(',', $matches[1]) as $value ) {
@ -264,7 +272,6 @@ class MonitorsController extends AppController {
$config = $this->Config->find('first', $options);
$zmOptAuth = $config['Config']['Value'];
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_RELAY'));
$config = $this->Config->find('first', $options);
$zmAuthRelay = $config['Config']['Value'];
@ -315,7 +322,7 @@ class MonitorsController extends AppController {
$monitor = Set::extract('/Monitor/.', $monitor);
// Pass -d for local, otherwise -m
if ($monitor[0]['Type'] == 'Local') {
if ( $monitor[0]['Type'] == 'Local' ) {
$args = '-d '. $monitor[0]['Device'];
} else {
$args = '-m '. $monitor[0]['Id'];
@ -324,7 +331,7 @@ class MonitorsController extends AppController {
// Build the command, and execute it
$zm_path_bin = Configure::read('ZM_PATH_BIN');
$command = escapeshellcmd("$zm_path_bin/zmdc.pl status $daemon $args");
$status = exec( $command );
$status = exec($command);
// If 'not' is present, the daemon is not running, so return false
// https://github.com/ZoneMinder/ZoneMinder/issues/799#issuecomment-108996075
@ -360,9 +367,9 @@ class MonitorsController extends AppController {
$zm_path_bin = Configure::read('ZM_PATH_BIN');
foreach ($daemons as $daemon) {
foreach ( $daemons as $daemon ) {
$args = '';
if ( $daemon == 'zmc' and $monitor['Type'] == 'Local') {
if ( $daemon == 'zmc' and $monitor['Type'] == 'Local' ) {
$args = '-d ' . $monitor['Device'];
} else {
$args = '-m ' . $id;
@ -372,5 +379,4 @@ class MonitorsController extends AppController {
$status = exec( $shellcmd );
}
}
} // end class MonitorsController

65
web/api/app/Controller/ServersController.php
View File

@ -8,7 +8,6 @@ App::uses('AppController', 'Controller');
*/
class ServersController extends AppController {
/**
* Components
*
@ -16,18 +15,15 @@ class ServersController extends AppController {
*/
public $components = array('Paginator', 'RequestHandler');
public function beforeFilter() {
parent::beforeFilter();
$canView = $this->Session->Read('streamPermission');
if ($canView =='None') {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
public function beforeFilter() {
parent::beforeFilter();
$canView = (!$user) || ($user['system'] != 'None');
if ( !$canView ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
}
}
/**
* index method
*
@ -36,7 +32,7 @@ public function beforeFilter() {
public function index() {
$this->Server->recursive = 0;
$options='';
$options = '';
$servers = $this->Server->find('all',$options);
$this->set(array(
'servers' => $servers,
@ -76,16 +72,17 @@ public function beforeFilter() {
* @return void
*/
public function add() {
if ($this->request->is('post')) {
if ( $this->request->is('post') ) {
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
global $user;
$canEdit = (!$user) || ($user['System'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
$this->Server->create();
if ($this->Server->save($this->request->data)) {
if ( $this->Server->save($this->request->data) ) {
# Might be nice to send it a start request
#$this->daemonControl($this->Server->id, 'start', $this->request->data);
return $this->flash(__('The server has been saved.'), array('action' => 'index'));
@ -103,15 +100,17 @@ public function beforeFilter() {
public function edit($id = null) {
$this->Server->id = $id;
if (!$this->Server->exists($id)) {
throw new NotFoundException(__('Invalid server'));
}
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
global $user;
$canEdit = (!$user) || ($user['System'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
if ($this->Server->save($this->request->data)) {
if ( !$this->Server->exists($id) ) {
throw new NotFoundException(__('Invalid server'));
}
if ( $this->Server->save($this->request->data) ) {
$message = 'Saved';
} else {
$message = 'Error';
@ -133,20 +132,22 @@ public function beforeFilter() {
* @return void
*/
public function delete($id = null) {
$this->Server->id = $id;
if (!$this->Server->exists()) {
throw new NotFoundException(__('Invalid server'));
}
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
global $user;
$canEdit = (!$user) || ($user['System'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
$this->Server->id = $id;
if ( !$this->Server->exists() ) {
throw new NotFoundException(__('Invalid server'));
}
$this->request->allowMethod('post', 'delete');
#$this->daemonControl($this->Server->id, 'stop');
if ($this->Server->delete()) {
if ( $this->Server->delete() ) {
return $this->flash(__('The server has been deleted.'), array('action' => 'index'));
} else {
return $this->flash(__('The server could not be deleted. Please, try again.'), array('action' => 'index'));

185
web/api/app/Controller/StatesController.php
View File

@ -12,30 +12,28 @@ class StatesController extends AppController {
public $components = array('RequestHandler');
public function beforeFilter() {
parent::beforeFilter();
$canView = $this->Session->Read('systemPermission');
if ($canView =='None')
{
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
parent::beforeFilter();
global $user;
$canView = (!$user) || ($user['System'] != 'None');
if ( !$canView ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
}
/**
* index method
*
* @return void
*/
public function index() {
$this->State->recursive = 0;
$states = $this->State->find('all');
$this->set(array(
'states' => $states,
'_serialize' => array('states')
));
}
public function index() {
$this->State->recursive = 0;
$states = $this->State->find('all');
$this->set(array(
'states' => $states,
'_serialize' => array('states')
));
}
/**
* view method
@ -44,35 +42,35 @@ public function beforeFilter() {
* @param string $id
* @return void
*/
public function view($id = null) {
if (!$this->State->exists($id)) {
throw new NotFoundException(__('Invalid state'));
}
$options = array('conditions' => array('State.' . $this->State->primaryKey => $id));
$this->set('state', $this->State->find('first', $options));
}
public function view($id = null) {
if ( !$this->State->exists($id) ) {
throw new NotFoundException(__('Invalid state'));
}
$options = array('conditions' => array('State.' . $this->State->primaryKey => $id));
$this->set('state', $this->State->find('first', $options));
}
/**
* add method
*
* @return void
*/
public function add() {
if ($this->request->is('post')) {
public function add() {
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
if ($this->request->is('post')) {
$this->State->create();
if ($this->State->save($this->request->data)) {
return $this->flash(__('The state has been saved.'), array('action' => 'index'));
}
}
}
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
$this->State->create();
if ($this->State->save($this->request->data)) {
return $this->flash(__('The state has been saved.'), array('action' => 'index'));
}
}
}
/**
* edit method
@ -81,26 +79,27 @@ public function beforeFilter() {
* @param string $id
* @return void
*/
public function edit($id = null) {
if (!$this->State->exists($id)) {
throw new NotFoundException(__('Invalid state'));
}
public function edit($id = null) {
if (!$this->State->exists($id)) {
throw new NotFoundException(__('Invalid state'));
}
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
global $user;
$canEdit = (!$user) || ($user['System'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
if ($this->request->is(array('post', 'put'))) {
if ($this->State->save($this->request->data)) {
return $this->flash(__('The state has been saved.'), array('action' => 'index'));
}
} else {
$options = array('conditions' => array('State.' . $this->State->primaryKey => $id));
$this->request->data = $this->State->find('first', $options);
}
}
if ( $this->request->is(array('post', 'put')) ) {
if ( $this->State->save($this->request->data) ) {
return $this->flash(__('The state has been saved.'), array('action' => 'index'));
}
} else {
$options = array('conditions' => array('State.' . $this->State->primaryKey => $id));
$this->request->data = $this->State->find('first', $options);
}
}
/**
* delete method
@ -109,48 +108,50 @@ public function beforeFilter() {
* @param string $id
* @return void
*/
public function delete($id = null) {
$this->State->id = $id;
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
public function delete($id = null) {
$this->State->id = $id;
global $user;
$canEdit = (!$user) || ($user['System'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
if (!$this->State->exists()) {
throw new NotFoundException(__('Invalid state'));
}
$this->request->allowMethod('post', 'delete');
if ($this->State->delete()) {
return $this->flash(__('The state has been deleted.'), array('action' => 'index'));
} else {
return $this->flash(__('The state could not be deleted. Please, try again.'), array('action' => 'index'));
}
}
if (!$this->State->exists()) {
throw new NotFoundException(__('Invalid state'));
}
$this->request->allowMethod('post', 'delete');
if ($this->State->delete()) {
return $this->flash(__('The state has been deleted.'), array('action' => 'index'));
} else {
return $this->flash(__('The state could not be deleted. Please, try again.'), array('action' => 'index'));
}
}
public function change() {
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
public function change() {
global $user;
$canEdit = (!$user) || ($user['System'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
$newState = $this->request->params['pass'][0];
$blah = $this->packageControl($newState);
$newState = $this->request->params['pass'][0];
$blah = $this->packageControl($newState);
$this->set(array(
'blah' => $blah,
'_serialize' => array('blah')
));
}
$this->set(array(
'blah' => $blah,
'_serialize' => array('blah')
));
}
public function packageControl( $command ) {
$zm_path_bin = Configure::read('ZM_PATH_BIN');
$string = $zm_path_bin.'/zmpkg.pl '.escapeshellarg( $command );
$status = exec( $string );
public function packageControl( $command ) {
$zm_path_bin = Configure::read('ZM_PATH_BIN');
$string = $zm_path_bin.'/zmpkg.pl '.escapeshellarg( $command );
$status = exec( $string );
return $status;
}
return $status;
}
}

34
web/api/app/Controller/ZonesController.php
View File

@ -16,8 +16,10 @@ class ZonesController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
$canView = $this->Session->Read('monitorPermission');
if ( $canView =='None' ) {
global $user;
$canView = (!$user) || $user['Monitors'] != 'None';
if ( !$canView ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
@ -38,12 +40,12 @@ class ZonesController extends AppController {
'_serialize' => array('zones')
));
}
public function index() {
$this->Zone->recursive = -1;
$allowedMonitors = preg_split('@,@', $this->Session->Read('allowedMonitors'), NULL, PREG_SPLIT_NO_EMPTY);
if ( !empty($allowedMonitors) ) {
global $user;
$allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'],NULL, PREG_SPLIT_NO_EMPTY) : null;
if ( $allowedMonitors ) {
$mon_options = array('Zones.MonitorId' => $allowedMonitors);
} else {
$mon_options = '';
@ -62,6 +64,14 @@ class ZonesController extends AppController {
*/
public function add() {
if ( $this->request->is('post') ) {
global $user;
$canEdit = (!$user) || $user['Monitors'] == 'Edit';
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
$this->Zone->create();
if ( $this->Zone->save($this->request->data) ) {
return $this->flash(__('The zone has been saved.'), array('action' => 'index'));
@ -85,6 +95,12 @@ class ZonesController extends AppController {
throw new NotFoundException(__('Invalid zone'));
}
if ( $this->request->is(array('post', 'put')) ) {
global $user;
$canEdit = (!$user) || $user['Monitors'] == 'Edit';
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
if ( $this->Zone->save($this->request->data) ) {
return $this->flash(__('The zone has been saved.'), array('action' => 'index'));
}
@ -109,6 +125,12 @@ class ZonesController extends AppController {
throw new NotFoundException(__('Invalid zone'));
}
$this->request->allowMethod('post', 'delete');
global $user;
$canEdit = (!$user) || $user['Monitors'] == 'Edit';
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
if ( $this->Zone->delete() ) {
return $this->flash(__('The zone has been deleted.'), array('action' => 'index'));
} else {
@ -144,4 +166,4 @@ class ZonesController extends AppController {
'_serialize' => array('status')
));
}
}
} // end class