Merge branch 'fix_2167' into storageareas

This commit is contained in:
Isaac Connor 2018-08-02 18:08:54 -04:00
commit e935570a40
7 changed files with 247 additions and 279 deletions

View File

@ -60,30 +60,48 @@ class AppController extends Controller {
// for role and deny API access in future // for role and deny API access in future
// Also checking to do this only if ZM_OPT_USE_AUTH is on // Also checking to do this only if ZM_OPT_USE_AUTH is on
public function beforeFilter() { public function beforeFilter() {
$this->loadModel('Config'); if ( ! ZM_OPT_USE_API ) {
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_API'));
$config = $this->Config->find('first', $options);
$zmOptApi = $config['Config']['Value'];
if ( $zmOptApi != '1' ) {
throw new UnauthorizedException(__('API Disabled')); throw new UnauthorizedException(__('API Disabled'));
return; return;
} }
// We need to reject methods that are not authenticated
// besides login and logout # For use throughout the app. If not logged in, this will be null.
if ( global $user;
strcasecmp($this->params->action, 'login') $user = $this->Session->read('user');
&&
strcasecmp($this->params->action,"logout") if ( ZM_OPT_USE_AUTH ) {
) { require_once '../../../includes/auth.php';
if ( !$this->Session->read('user.Username') ) {
throw new UnauthorizedException(__('Not Authenticated')); $mUser = $this->request->data('user');
return; $mPassword = $this->request->data('pass');
} else if ( !$this->Session->read('user.Enabled') ) { $mAuth = $this->request->data('auth');
throw new UnauthorizedException(__('User is not enabled'));
return; if ( $mUser and $mPassword ) {
} $user = userLogin($mUser, $mPassword);
} if ( !$user ) {
throw new UnauthorizedException(__('User not found or incorrect password'));
return;
}
} else if ( $mAuth ) {
$user = getAuthUser($mAuth);
if ( !$user ) {
throw new UnauthorizedException(__('Invalid Auth Key'));
return;
}
}
// We need to reject methods that are not authenticated
// besides login and logout
if ( strcasecmp($this->params->action, 'logout') ) {
if ( !( $user and $user['Username'] ) ) {
throw new UnauthorizedException(__('Not Authenticated'));
return;
} else if ( !( $user and $user['Enabled'] ) ) {
throw new UnauthorizedException(__('User is not enabled'));
return;
}
} # end if ! login or logout
} # end if ZM_OPT_AUTH
} # end function beforeFilter() } # end function beforeFilter()
} }

View File

@ -1,5 +1,6 @@
<?php <?php
App::uses('AppController', 'Controller'); App::uses('AppController', 'Controller');
/** /**
* Events Controller * Events Controller
* *
@ -16,8 +17,9 @@ class EventsController extends AppController {
public function beforeFilter() { public function beforeFilter() {
parent::beforeFilter(); parent::beforeFilter();
$canView = $this->Session->Read('eventPermission'); global $user;
if ( $canView == 'None' ) { $canView = (!$user) || ($user['Events'] != 'None');
if ( !$canView ) {
throw new UnauthorizedException(__('Insufficient Privileges')); throw new UnauthorizedException(__('Insufficient Privileges'));
return; return;
} }
@ -32,15 +34,16 @@ class EventsController extends AppController {
public function index() { public function index() {
$this->Event->recursive = -1; $this->Event->recursive = -1;
$allowedMonitors = preg_split('@,@', $this->Session->Read('allowedMonitors'), NULL, PREG_SPLIT_NO_EMPTY); global $user;
$allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'], NULL, PREG_SPLIT_NO_EMPTY) : null;
if ( !empty($allowedMonitors) ) { if ( $allowedMonitors ) {
$mon_options = array('Event.MonitorId' => $allowedMonitors); $mon_options = array('Event.MonitorId' => $allowedMonitors);
} else { } else {
$mon_options = ''; $mon_options = '';
} }
if ( $this->request->params['named'] ) { if ( $this->request->params['named'] ) {
//$this->FilterComponent = $this->Components->load('Filter'); //$this->FilterComponent = $this->Components->load('Filter');
//$conditions = $this->FilterComponent->buildFilter($this->request->params['named']); //$conditions = $this->FilterComponent->buildFilter($this->request->params['named']);
$conditions = $this->request->params['named']; $conditions = $this->request->params['named'];
@ -85,13 +88,13 @@ class EventsController extends AppController {
$events = $this->Paginator->paginate('Event'); $events = $this->Paginator->paginate('Event');
// For each event, get the frameID which has the largest score // For each event, get the frameID which has the largest score
foreach ($events as $key => $value) { foreach ( $events as $key => $value ) {
$maxScoreFrameId = $this->getMaxScoreAlarmFrameId($value['Event']['Id']); $maxScoreFrameId = $this->getMaxScoreAlarmFrameId($value['Event']['Id']);
$events[$key]['Event']['MaxScoreFrameId'] = $maxScoreFrameId; $events[$key]['Event']['MaxScoreFrameId'] = $maxScoreFrameId;
} }
$this->set(compact('events')); $this->set(compact('events'));
} } // end public function index()
/** /**
* view method * view method
@ -108,9 +111,10 @@ class EventsController extends AppController {
throw new NotFoundException(__('Invalid event')); throw new NotFoundException(__('Invalid event'));
} }
$allowedMonitors = preg_split('@,@', $this->Session->Read('allowedMonitors'), NULL, PREG_SPLIT_NO_EMPTY); global $user;
$allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'], NULL, PREG_SPLIT_NO_EMPTY) : null;
if ( !empty($allowedMonitors) ) { if ( $allowedMonitors ) {
$mon_options = array('Event.MonitorId' => $allowedMonitors); $mon_options = array('Event.MonitorId' => $allowedMonitors);
} else { } else {
$mon_options = ''; $mon_options = '';
@ -149,7 +153,9 @@ class EventsController extends AppController {
*/ */
public function add() { public function add() {
if ( $this->Session->Read('eventPermission') != 'Edit' ) { global $user;
$canEdit = (!$user) || ($user['Events'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges')); throw new UnauthorizedException(__('Insufficient privileges'));
return; return;
} }
@ -173,7 +179,9 @@ class EventsController extends AppController {
*/ */
public function edit($id = null) { public function edit($id = null) {
if ( $this->Session->Read('eventPermission') != 'Edit' ) { global $user;
$canEdit = (!$user) || ($user['Events'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges')); throw new UnauthorizedException(__('Insufficient privileges'));
return; return;
} }
@ -204,7 +212,9 @@ class EventsController extends AppController {
* @return void * @return void
*/ */
public function delete($id = null) { public function delete($id = null) {
if ( $this->Session->Read('eventPermission') != 'Edit' ) { global $user;
$canEdit = (!$user) || ($user['Events'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges')); throw new UnauthorizedException(__('Insufficient privileges'));
return; return;
} }
@ -257,9 +267,9 @@ class EventsController extends AppController {
$moreconditions = ''; $moreconditions = '';
foreach ($this->request->params['named'] as $name => $param) { foreach ($this->request->params['named'] as $name => $param) {
$moreconditions = $moreconditions . ' AND '.$name.$param; $moreconditions = $moreconditions . ' AND '.$name.$param;
} }
$query = $this->Event->query("select MonitorId, COUNT(*) AS Count from Events WHERE (StartTime >= (DATE_SUB(NOW(), interval $interval)) $moreconditions) GROUP BY MonitorId;"); $query = $this->Event->query("SELECT MonitorId, COUNT(*) AS Count FROM Events WHERE (StartTime >= (DATE_SUB(NOW(), interval $interval)) $moreconditions) GROUP BY MonitorId;");
foreach ($query as $result) { foreach ($query as $result) {
$results[$result['Events']['MonitorId']] = $result[0]['Count']; $results[$result['Events']['MonitorId']] = $result[0]['Count'];
@ -336,7 +346,7 @@ class EventsController extends AppController {
$thumbData['Width'] = (int)$thumbWidth; $thumbData['Width'] = (int)$thumbWidth;
$thumbData['Height'] = (int)$thumbHeight; $thumbData['Height'] = (int)$thumbHeight;
return( $thumbData ); return $thumbData;
} }
public function archive($id = null) { public function archive($id = null) {

View File

@ -8,9 +8,9 @@ class HostController extends AppController {
public function daemonCheck($daemon=false, $args=false) { public function daemonCheck($daemon=false, $args=false) {
$string = Configure::read('ZM_PATH_BIN').'/zmdc.pl check'; $string = Configure::read('ZM_PATH_BIN').'/zmdc.pl check';
if ( $daemon ) { if ( $daemon ) {
$string .= " $daemon"; $string .= " $daemon";
if ( $args ) if ( $args )
$string .= " $args"; $string .= " $args";
} }
$result = exec($string); $result = exec($string);
$result = preg_match('/running/', $result); $result = preg_match('/running/', $result);
@ -29,95 +29,9 @@ class HostController extends AppController {
'_serialize' => array('load') '_serialize' => array('load')
)); ));
} }
function login() { function login() {
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_AUTH'));
$config = $this->Config->find('first', $options);
$zmOptAuth = $config['Config']['Value'];
if ( $zmOptAuth == '1' ) {
require_once "../../../includes/auth.php";
global $user;
$user = $this->Session->read('user');
$mUser = $this->request->data('user');
$mPassword = $this->request->data('pass');
$mAuth = $this->request->data('auth');
if ( $mUser and $mPassword) {
$user = userLogin($mUser, $mPassword);
if ( !$user ) {
throw new UnauthorizedException(__('User not found or incorrect password'));
return;
}
}
elseif ( $mAuth ) {
$user = getAuthUser($mAuth);
if ( ! $user ) {
throw new UnauthorizedException(__('User not found or incorrect password'));
return;
}
}
else {
throw new UnauthorizedException(__('missing credentials'));
}
if ( 0 and $user ) {
# We have to redo the session variables because cakephp's Session code will overwrite the normal php session
# Actually I'm not sure that is true. Getting indeterminate behaviour
Logger::Debug("user.Username: " . $this->Session->read('user.Username'));
if ( ! $this->Session->Write('user', $user) )
$this->log("Error writing session var user");
Logger::Debug("user.Username: " . $this->Session->read('user.Username'));
if ( ! $this->Session->Write('user.Username', $user['Username']) )
$this->log("Error writing session var user.Username");
if ( ! $this->Session->Write('password', $user['Password']) )
$this->log("Error writing session var user.Username");
if ( ! $this->Session->Write('user.Enabled', $user['Enabled']) )
$this->log("Error writing session var user.Enabled");
if ( ! $this->Session->Write('remoteAddr', $_SERVER['REMOTE_ADDR']) )
$this->log("Error writing session var remoteAddr");
}
// I don't think this is really needed - the Username part
// Enabled check is ok
if ( !$user['Username'] ) {
throw new UnauthorizedException(__('Not Authenticated'));
return;
} else if ( !$user['Enabled'] ) {
throw new UnauthorizedException(__('User is not enabled'));
return;
}
$this->Session->Write('allowedMonitors',$user['MonitorIds']);
$this->Session->Write('streamPermission',$user['Stream']);
$this->Session->Write('eventPermission',$user['Events']);
$this->Session->Write('controlPermission',$user['Control']);
$this->Session->Write('systemPermission',$user['System']);
$this->Session->Write('monitorPermission',$user['Monitors']);
} else {
// if auth is not on, you can do everything
//$userMonitors = $this->User->find('first', $options);
$this->Session->Write('allowedMonitors','');
$this->Session->Write('streamPermission','View');
$this->Session->Write('eventPermission','Edit');
$this->Session->Write('controlPermission','Edit');
$this->Session->Write('systemPermission','Edit');
$this->Session->Write('monitorPermission','Edit');
}
$cred = $this->_getCredentials(); $cred = $this->_getCredentials();
$ver = $this->_getVersion(); $ver = $this->_getVersion();
$this->set(array( $this->set(array(
@ -130,8 +44,7 @@ class HostController extends AppController {
'version', 'version',
'apiversion' 'apiversion'
))); )));
} // end function login()
}
// clears out session // clears out session
function logout() { function logout() {
@ -143,7 +56,7 @@ class HostController extends AppController {
'_serialize' => array('result') '_serialize' => array('result')
)); ));
} } // end function logout()
private function _getCredentials() { private function _getCredentials() {
$credentials = ''; $credentials = '';
@ -167,8 +80,7 @@ class HostController extends AppController {
} }
} }
return array($credentials, $appendPassword); return array($credentials, $appendPassword);
} // end function _getCredentials
}
function getCredentials() { function getCredentials() {
// ignore debug warnings from other functions // ignore debug warnings from other functions
@ -180,8 +92,6 @@ class HostController extends AppController {
'_serialize' => array('credentials', 'append_password') '_serialize' => array('credentials', 'append_password')
) ); ) );
} }
// If $mid is set, only return disk usage for that monitor // If $mid is set, only return disk usage for that monitor
// Else, return an array of total disk usage, and per-monitor // Else, return an array of total disk usage, and per-monitor

View File

@ -21,8 +21,10 @@ class MonitorsController extends AppController {
public function beforeFilter() { public function beforeFilter() {
parent::beforeFilter(); parent::beforeFilter();
$canView = $this->Session->Read('monitorPermission'); global $user;
if ($canView == 'None') { # We already tested for auth in appController, so we just need to test for specific permission
$canView = (!$user) || ($user['Monitors'] != 'None');
if ( !$canView ) {
throw new UnauthorizedException(__('Insufficient Privileges')); throw new UnauthorizedException(__('Insufficient Privileges'));
return; return;
} }
@ -44,8 +46,9 @@ class MonitorsController extends AppController {
$conditions = array(); $conditions = array();
} }
$allowedMonitors=preg_split ('@,@', $this->Session->Read('allowedMonitors'),NULL, PREG_SPLIT_NO_EMPTY); global $user;
if (!empty($allowedMonitors)) { $allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'], NULL, PREG_SPLIT_NO_EMPTY) : null;
if ( $allowedMonitors ) {
$conditions['Monitor.Id' ] = $allowedMonitors; $conditions['Monitor.Id' ] = $allowedMonitors;
} }
$find_array = array('conditions'=>$conditions,'contain'=>array('Group')); $find_array = array('conditions'=>$conditions,'contain'=>array('Group'));
@ -88,8 +91,9 @@ class MonitorsController extends AppController {
if ( !$this->Monitor->exists($id) ) { if ( !$this->Monitor->exists($id) ) {
throw new NotFoundException(__('Invalid monitor')); throw new NotFoundException(__('Invalid monitor'));
} }
$allowedMonitors=preg_split('@,@', $this->Session->Read('allowedMonitors'), NULL, PREG_SPLIT_NO_EMPTY); global $user;
if ( !empty($allowedMonitors) ) { $allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'], NULL, PREG_SPLIT_NO_EMPTY) : null;
if ( $allowedMonitors ) {
$restricted = array('Monitor.' . $this->Monitor->primaryKey => $allowedMonitors); $restricted = array('Monitor.' . $this->Monitor->primaryKey => $allowedMonitors);
} else { } else {
$restricted = ''; $restricted = '';
@ -115,7 +119,9 @@ class MonitorsController extends AppController {
public function add() { public function add() {
if ( $this->request->is('post') ) { if ( $this->request->is('post') ) {
if ( $this->Session->Read('systemPermission') != 'Edit' ) { global $user;
$canAdd = (!$user) || ($user['System'] == 'Edit' );
if ( !$canAdd ) {
throw new UnauthorizedException(__('Insufficient privileges')); throw new UnauthorizedException(__('Insufficient privileges'));
return; return;
} }
@ -148,7 +154,9 @@ class MonitorsController extends AppController {
if ( !$this->Monitor->exists($id) ) { if ( !$this->Monitor->exists($id) ) {
throw new NotFoundException(__('Invalid monitor')); throw new NotFoundException(__('Invalid monitor'));
} }
if ( $this->Session->Read('monitorPermission') != 'Edit' ) { global $user;
$canEdit = (!$user) || ($user['Monitors'] == 'Edit');
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges')); throw new UnauthorizedException(__('Insufficient privileges'));
return; return;
} }
@ -215,7 +223,7 @@ class MonitorsController extends AppController {
} }
public function sourceTypes() { public function sourceTypes() {
$sourceTypes = $this->Monitor->query("describe Monitors Type;"); $sourceTypes = $this->Monitor->query('describe Monitors Type;');
preg_match('/^enum\((.*)\)$/', $sourceTypes[0]['COLUMNS']['Type'], $matches); preg_match('/^enum\((.*)\)$/', $sourceTypes[0]['COLUMNS']['Type'], $matches);
foreach( explode(',', $matches[1]) as $value ) { foreach( explode(',', $matches[1]) as $value ) {
@ -264,7 +272,6 @@ class MonitorsController extends AppController {
$config = $this->Config->find('first', $options); $config = $this->Config->find('first', $options);
$zmOptAuth = $config['Config']['Value']; $zmOptAuth = $config['Config']['Value'];
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_RELAY')); $options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_RELAY'));
$config = $this->Config->find('first', $options); $config = $this->Config->find('first', $options);
$zmAuthRelay = $config['Config']['Value']; $zmAuthRelay = $config['Config']['Value'];
@ -315,7 +322,7 @@ class MonitorsController extends AppController {
$monitor = Set::extract('/Monitor/.', $monitor); $monitor = Set::extract('/Monitor/.', $monitor);
// Pass -d for local, otherwise -m // Pass -d for local, otherwise -m
if ($monitor[0]['Type'] == 'Local') { if ( $monitor[0]['Type'] == 'Local' ) {
$args = '-d '. $monitor[0]['Device']; $args = '-d '. $monitor[0]['Device'];
} else { } else {
$args = '-m '. $monitor[0]['Id']; $args = '-m '. $monitor[0]['Id'];
@ -324,7 +331,7 @@ class MonitorsController extends AppController {
// Build the command, and execute it // Build the command, and execute it
$zm_path_bin = Configure::read('ZM_PATH_BIN'); $zm_path_bin = Configure::read('ZM_PATH_BIN');
$command = escapeshellcmd("$zm_path_bin/zmdc.pl status $daemon $args"); $command = escapeshellcmd("$zm_path_bin/zmdc.pl status $daemon $args");
$status = exec( $command ); $status = exec($command);
// If 'not' is present, the daemon is not running, so return false // If 'not' is present, the daemon is not running, so return false
// https://github.com/ZoneMinder/ZoneMinder/issues/799#issuecomment-108996075 // https://github.com/ZoneMinder/ZoneMinder/issues/799#issuecomment-108996075
@ -360,9 +367,9 @@ class MonitorsController extends AppController {
$zm_path_bin = Configure::read('ZM_PATH_BIN'); $zm_path_bin = Configure::read('ZM_PATH_BIN');
foreach ($daemons as $daemon) { foreach ( $daemons as $daemon ) {
$args = ''; $args = '';
if ( $daemon == 'zmc' and $monitor['Type'] == 'Local') { if ( $daemon == 'zmc' and $monitor['Type'] == 'Local' ) {
$args = '-d ' . $monitor['Device']; $args = '-d ' . $monitor['Device'];
} else { } else {
$args = '-m ' . $id; $args = '-m ' . $id;
@ -372,5 +379,4 @@ class MonitorsController extends AppController {
$status = exec( $shellcmd ); $status = exec( $shellcmd );
} }
} }
} // end class MonitorsController } // end class MonitorsController

View File

@ -8,7 +8,6 @@ App::uses('AppController', 'Controller');
*/ */
class ServersController extends AppController { class ServersController extends AppController {
/** /**
* Components * Components
* *
@ -16,18 +15,15 @@ class ServersController extends AppController {
*/ */
public $components = array('Paginator', 'RequestHandler'); public $components = array('Paginator', 'RequestHandler');
public function beforeFilter() {
public function beforeFilter() { parent::beforeFilter();
parent::beforeFilter(); $canView = (!$user) || ($user['system'] != 'None');
$canView = $this->Session->Read('streamPermission'); if ( !$canView ) {
if ($canView =='None') { throw new UnauthorizedException(__('Insufficient Privileges'));
throw new UnauthorizedException(__('Insufficient Privileges')); return;
return; }
} }
}
/** /**
* index method * index method
* *
@ -36,7 +32,7 @@ public function beforeFilter() {
public function index() { public function index() {
$this->Server->recursive = 0; $this->Server->recursive = 0;
$options=''; $options = '';
$servers = $this->Server->find('all',$options); $servers = $this->Server->find('all',$options);
$this->set(array( $this->set(array(
'servers' => $servers, 'servers' => $servers,
@ -76,16 +72,17 @@ public function beforeFilter() {
* @return void * @return void
*/ */
public function add() { public function add() {
if ($this->request->is('post')) { if ( $this->request->is('post') ) {
if ($this->Session->Read('systemPermission') != 'Edit') global $user;
{ $canEdit = (!$user) || ($user['System'] == 'Edit');
throw new UnauthorizedException(__('Insufficient privileges')); if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient privileges'));
return; return;
} }
$this->Server->create(); $this->Server->create();
if ($this->Server->save($this->request->data)) { if ( $this->Server->save($this->request->data) ) {
# Might be nice to send it a start request # Might be nice to send it a start request
#$this->daemonControl($this->Server->id, 'start', $this->request->data); #$this->daemonControl($this->Server->id, 'start', $this->request->data);
return $this->flash(__('The server has been saved.'), array('action' => 'index')); return $this->flash(__('The server has been saved.'), array('action' => 'index'));
@ -103,15 +100,17 @@ public function beforeFilter() {
public function edit($id = null) { public function edit($id = null) {
$this->Server->id = $id; $this->Server->id = $id;
if (!$this->Server->exists($id)) { global $user;
throw new NotFoundException(__('Invalid server')); $canEdit = (!$user) || ($user['System'] == 'Edit');
} if ( !$canEdit ) {
if ($this->Session->Read('systemPermission') != 'Edit') throw new UnauthorizedException(__('Insufficient privileges'));
{
throw new UnauthorizedException(__('Insufficient privileges'));
return; return;
} }
if ($this->Server->save($this->request->data)) {
if ( !$this->Server->exists($id) ) {
throw new NotFoundException(__('Invalid server'));
}
if ( $this->Server->save($this->request->data) ) {
$message = 'Saved'; $message = 'Saved';
} else { } else {
$message = 'Error'; $message = 'Error';
@ -133,20 +132,22 @@ public function beforeFilter() {
* @return void * @return void
*/ */
public function delete($id = null) { public function delete($id = null) {
$this->Server->id = $id; global $user;
if (!$this->Server->exists()) { $canEdit = (!$user) || ($user['System'] == 'Edit');
throw new NotFoundException(__('Invalid server')); if ( !$canEdit ) {
} throw new UnauthorizedException(__('Insufficient privileges'));
if ($this->Session->Read('systemPermission') != 'Edit')
{
throw new UnauthorizedException(__('Insufficient privileges'));
return; return;
} }
$this->Server->id = $id;
if ( !$this->Server->exists() ) {
throw new NotFoundException(__('Invalid server'));
}
$this->request->allowMethod('post', 'delete'); $this->request->allowMethod('post', 'delete');
#$this->daemonControl($this->Server->id, 'stop'); #$this->daemonControl($this->Server->id, 'stop');
if ($this->Server->delete()) { if ( $this->Server->delete() ) {
return $this->flash(__('The server has been deleted.'), array('action' => 'index')); return $this->flash(__('The server has been deleted.'), array('action' => 'index'));
} else { } else {
return $this->flash(__('The server could not be deleted. Please, try again.'), array('action' => 'index')); return $this->flash(__('The server could not be deleted. Please, try again.'), array('action' => 'index'));

View File

@ -12,30 +12,28 @@ class StatesController extends AppController {
public $components = array('RequestHandler'); public $components = array('RequestHandler');
public function beforeFilter() { public function beforeFilter() {
parent::beforeFilter(); parent::beforeFilter();
$canView = $this->Session->Read('systemPermission'); global $user;
if ($canView =='None') $canView = (!$user) || ($user['System'] != 'None');
{ if ( !$canView ) {
throw new UnauthorizedException(__('Insufficient Privileges')); throw new UnauthorizedException(__('Insufficient Privileges'));
return; return;
} }
} }
/** /**
* index method * index method
* *
* @return void * @return void
*/ */
public function index() { public function index() {
$this->State->recursive = 0; $this->State->recursive = 0;
$states = $this->State->find('all'); $states = $this->State->find('all');
$this->set(array( $this->set(array(
'states' => $states, 'states' => $states,
'_serialize' => array('states') '_serialize' => array('states')
)); ));
} }
/** /**
* view method * view method
@ -44,35 +42,35 @@ public function beforeFilter() {
* @param string $id * @param string $id
* @return void * @return void
*/ */
public function view($id = null) { public function view($id = null) {
if (!$this->State->exists($id)) { if ( !$this->State->exists($id) ) {
throw new NotFoundException(__('Invalid state')); throw new NotFoundException(__('Invalid state'));
} }
$options = array('conditions' => array('State.' . $this->State->primaryKey => $id)); $options = array('conditions' => array('State.' . $this->State->primaryKey => $id));
$this->set('state', $this->State->find('first', $options)); $this->set('state', $this->State->find('first', $options));
} }
/** /**
* add method * add method
* *
* @return void * @return void
*/ */
public function add() { public function add() {
if ($this->request->is('post')) {
if ($this->Session->Read('systemPermission') != 'Edit') if ($this->request->is('post')) {
{
throw new UnauthorizedException(__('Insufficient privileges'));
return;
}
$this->State->create(); if ($this->Session->Read('systemPermission') != 'Edit')
if ($this->State->save($this->request->data)) { {
return $this->flash(__('The state has been saved.'), array('action' => 'index')); throw new UnauthorizedException(__('Insufficient privileges'));
} return;
} }
}
$this->State->create();
if ($this->State->save($this->request->data)) {
return $this->flash(__('The state has been saved.'), array('action' => 'index'));
}
}
}
/** /**
* edit method * edit method
@ -81,26 +79,27 @@ public function beforeFilter() {
* @param string $id * @param string $id
* @return void * @return void
*/ */
public function edit($id = null) { public function edit($id = null) {
if (!$this->State->exists($id)) { if (!$this->State->exists($id)) {
throw new NotFoundException(__('Invalid state')); throw new NotFoundException(__('Invalid state'));
} }
if ($this->Session->Read('systemPermission') != 'Edit') global $user;
{ $canEdit = (!$user) || ($user['System'] == 'Edit');
throw new UnauthorizedException(__('Insufficient privileges')); if ( !$canEdit ) {
return; throw new UnauthorizedException(__('Insufficient privileges'));
} return;
}
if ($this->request->is(array('post', 'put'))) { if ( $this->request->is(array('post', 'put')) ) {
if ($this->State->save($this->request->data)) { if ( $this->State->save($this->request->data) ) {
return $this->flash(__('The state has been saved.'), array('action' => 'index')); return $this->flash(__('The state has been saved.'), array('action' => 'index'));
} }
} else { } else {
$options = array('conditions' => array('State.' . $this->State->primaryKey => $id)); $options = array('conditions' => array('State.' . $this->State->primaryKey => $id));
$this->request->data = $this->State->find('first', $options); $this->request->data = $this->State->find('first', $options);
} }
} }
/** /**
* delete method * delete method
@ -109,48 +108,50 @@ public function beforeFilter() {
* @param string $id * @param string $id
* @return void * @return void
*/ */
public function delete($id = null) { public function delete($id = null) {
$this->State->id = $id; $this->State->id = $id;
if ($this->Session->Read('systemPermission') != 'Edit') global $user;
{ $canEdit = (!$user) || ($user['System'] == 'Edit');
throw new UnauthorizedException(__('Insufficient privileges')); if ( !$canEdit ) {
return; throw new UnauthorizedException(__('Insufficient privileges'));
} return;
}
if (!$this->State->exists()) { if (!$this->State->exists()) {
throw new NotFoundException(__('Invalid state')); throw new NotFoundException(__('Invalid state'));
} }
$this->request->allowMethod('post', 'delete'); $this->request->allowMethod('post', 'delete');
if ($this->State->delete()) { if ($this->State->delete()) {
return $this->flash(__('The state has been deleted.'), array('action' => 'index')); return $this->flash(__('The state has been deleted.'), array('action' => 'index'));
} else { } else {
return $this->flash(__('The state could not be deleted. Please, try again.'), array('action' => 'index')); return $this->flash(__('The state could not be deleted. Please, try again.'), array('action' => 'index'));
} }
} }
public function change() { public function change() {
if ($this->Session->Read('systemPermission') != 'Edit') global $user;
{ $canEdit = (!$user) || ($user['System'] == 'Edit');
throw new UnauthorizedException(__('Insufficient privileges')); if ( !$canEdit ) {
return; throw new UnauthorizedException(__('Insufficient privileges'));
} return;
}
$newState = $this->request->params['pass'][0]; $newState = $this->request->params['pass'][0];
$blah = $this->packageControl($newState); $blah = $this->packageControl($newState);
$this->set(array( $this->set(array(
'blah' => $blah, 'blah' => $blah,
'_serialize' => array('blah') '_serialize' => array('blah')
)); ));
} }
public function packageControl( $command ) { public function packageControl( $command ) {
$zm_path_bin = Configure::read('ZM_PATH_BIN'); $zm_path_bin = Configure::read('ZM_PATH_BIN');
$string = $zm_path_bin.'/zmpkg.pl '.escapeshellarg( $command ); $string = $zm_path_bin.'/zmpkg.pl '.escapeshellarg( $command );
$status = exec( $string ); $status = exec( $string );
return $status; return $status;
} }
} }

View File

@ -16,8 +16,10 @@ class ZonesController extends AppController {
public function beforeFilter() { public function beforeFilter() {
parent::beforeFilter(); parent::beforeFilter();
$canView = $this->Session->Read('monitorPermission');
if ( $canView =='None' ) { global $user;
$canView = (!$user) || $user['Monitors'] != 'None';
if ( !$canView ) {
throw new UnauthorizedException(__('Insufficient Privileges')); throw new UnauthorizedException(__('Insufficient Privileges'));
return; return;
} }
@ -38,12 +40,12 @@ class ZonesController extends AppController {
'_serialize' => array('zones') '_serialize' => array('zones')
)); ));
} }
public function index() { public function index() {
$this->Zone->recursive = -1; $this->Zone->recursive = -1;
$allowedMonitors = preg_split('@,@', $this->Session->Read('allowedMonitors'), NULL, PREG_SPLIT_NO_EMPTY); global $user;
if ( !empty($allowedMonitors) ) { $allowedMonitors = $user ? preg_split('@,@', $user['MonitorIds'],NULL, PREG_SPLIT_NO_EMPTY) : null;
if ( $allowedMonitors ) {
$mon_options = array('Zones.MonitorId' => $allowedMonitors); $mon_options = array('Zones.MonitorId' => $allowedMonitors);
} else { } else {
$mon_options = ''; $mon_options = '';
@ -62,6 +64,14 @@ class ZonesController extends AppController {
*/ */
public function add() { public function add() {
if ( $this->request->is('post') ) { if ( $this->request->is('post') ) {
global $user;
$canEdit = (!$user) || $user['Monitors'] == 'Edit';
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
$this->Zone->create(); $this->Zone->create();
if ( $this->Zone->save($this->request->data) ) { if ( $this->Zone->save($this->request->data) ) {
return $this->flash(__('The zone has been saved.'), array('action' => 'index')); return $this->flash(__('The zone has been saved.'), array('action' => 'index'));
@ -85,6 +95,12 @@ class ZonesController extends AppController {
throw new NotFoundException(__('Invalid zone')); throw new NotFoundException(__('Invalid zone'));
} }
if ( $this->request->is(array('post', 'put')) ) { if ( $this->request->is(array('post', 'put')) ) {
global $user;
$canEdit = (!$user) || $user['Monitors'] == 'Edit';
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
if ( $this->Zone->save($this->request->data) ) { if ( $this->Zone->save($this->request->data) ) {
return $this->flash(__('The zone has been saved.'), array('action' => 'index')); return $this->flash(__('The zone has been saved.'), array('action' => 'index'));
} }
@ -109,6 +125,12 @@ class ZonesController extends AppController {
throw new NotFoundException(__('Invalid zone')); throw new NotFoundException(__('Invalid zone'));
} }
$this->request->allowMethod('post', 'delete'); $this->request->allowMethod('post', 'delete');
global $user;
$canEdit = (!$user) || $user['Monitors'] == 'Edit';
if ( !$canEdit ) {
throw new UnauthorizedException(__('Insufficient Privileges'));
return;
}
if ( $this->Zone->delete() ) { if ( $this->Zone->delete() ) {
return $this->flash(__('The zone has been deleted.'), array('action' => 'index')); return $this->flash(__('The zone has been deleted.'), array('action' => 'index'));
} else { } else {
@ -144,4 +166,4 @@ class ZonesController extends AppController {
'_serialize' => array('status') '_serialize' => array('status')
)); ));
} }
} } // end class