1<?php
2/*
3** Zabbix
4** Copyright (C) 2001-2021 Zabbix SIA
5**
6** This program is free software; you can redistribute it and/or modify
7** it under the terms of the GNU General Public License as published by
8** the Free Software Foundation; either version 2 of the License, or
9** (at your option) any later version.
10**
11** This program is distributed in the hope that it will be useful,
12** but WITHOUT ANY WARRANTY; without even the implied warranty of
13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14** GNU General Public License for more details.
15**
16** You should have received a copy of the GNU General Public License
17** along with this program; if not, write to the Free Software
18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19**/
20
21
22require_once dirname(__FILE__).'/include/config.inc.php';
23require_once dirname(__FILE__).'/include/screens.inc.php';
24
25$page['title'] = _('Configuration of slide shows');
26$page['file'] = 'slideconf.php';
27$page['type'] = detect_page_type(PAGE_TYPE_HTML);
28$page['scripts'] = ['multiselect.js'];
29
30require_once dirname(__FILE__).'/include/page_header.php';
31
32//	VAR		TYPE	OPTIONAL FLAGS	VALIDATION	EXCEPTION
33$fields = [
34	'shows' =>			[T_ZBX_INT, O_OPT,	P_SYS,		DB_ID,	null],
35	'slideshowid' =>	[T_ZBX_INT, O_NO,	P_SYS,		DB_ID,	'isset({form}) && {form} == "update"'],
36	'name' => [T_ZBX_STR, O_OPT, null, NOT_EMPTY, 'isset({add}) || isset({update})', _('Name')],
37	'delay' => [T_ZBX_INT, O_OPT, null, BETWEEN(1, SEC_PER_DAY), 'isset({add}) || isset({update})',_('Default delay (in seconds)')],
38	'slides' =>			[null,		 O_OPT, null,		null,	null],
39	'userid' =>			[T_ZBX_INT, O_OPT, P_SYS,	DB_ID,			null],
40	'private' =>		[T_ZBX_INT, O_OPT, null,	BETWEEN(0, 1),	null],
41	'users' =>			[T_ZBX_INT, O_OPT, null,	null,			null],
42	'userGroups' =>		[T_ZBX_INT, O_OPT, null,	null,			null],
43	// actions
44	'action' =>			[T_ZBX_STR, O_OPT, P_SYS|P_ACT, IN('"slideshow.massdelete"'),	null],
45	'add' =>			[T_ZBX_STR, O_OPT, P_SYS|P_ACT, null,	null],
46	'update' =>			[T_ZBX_STR, O_OPT, P_SYS|P_ACT, null,	null],
47	'delete' =>			[T_ZBX_STR, O_OPT, P_SYS|P_ACT, null,	null],
48	'cancel' =>			[T_ZBX_STR, O_OPT, P_SYS,		null,	null],
49	'form' =>			[T_ZBX_STR, O_OPT, P_SYS,		null,	null],
50	'form_refresh' =>	[T_ZBX_INT, O_OPT, null,		null,	null],
51	// filter
52	'filter_set' =>		[T_ZBX_STR, O_OPT, P_SYS,	null,			null],
53	'filter_rst' =>		[T_ZBX_STR, O_OPT, P_SYS,	null,			null],
54	'filter_name' =>	[T_ZBX_STR, O_OPT, null,	null,			null],
55	// sort and sortorder
56	'sort' =>			[T_ZBX_STR, O_OPT, P_SYS, IN('"cnt","delay","name"'),					null],
57	'sortorder' =>		[T_ZBX_STR, O_OPT, P_SYS, IN('"'.ZBX_SORT_DOWN.'","'.ZBX_SORT_UP.'"'),	null]
58];
59check_fields($fields);
60
61if (!empty($_REQUEST['slides'])) {
62	natksort($_REQUEST['slides']);
63}
64
65/*
66 * Permissions
67 */
68if (hasRequest('slideshowid')) {
69	if (!slideshow_accessible($_REQUEST['slideshowid'], PERM_READ)) {
70		access_deny();
71	}
72
73	$db_slideshow = get_slideshow_by_slideshowid(getRequest('slideshowid'), PERM_READ_WRITE);
74
75	if (!$db_slideshow) {
76		access_deny();
77	}
78}
79else {
80	$db_slideshow = [];
81}
82if (hasRequest('action')) {
83	if (!hasRequest('shows') || !is_array(getRequest('shows'))) {
84		access_deny();
85	}
86	else {
87		$dbSlideshowCount = DBfetch(DBselect(
88			'SELECT COUNT(*) AS cnt FROM slideshows s WHERE '.dbConditionInt('s.slideshowid', getRequest('shows'))
89		));
90
91		if ($dbSlideshowCount['cnt'] != count(getRequest('shows'))) {
92			access_deny();
93		}
94	}
95}
96
97/*
98 * Actions
99 */
100if (hasRequest('add') || hasRequest('update')) {
101	DBstart();
102
103	if (hasRequest('update')) {
104		$data = [
105			'slideshowid' => getRequest('slideshowid'),
106			'name' => getRequest('name'),
107			'delay' => getRequest('delay'),
108			'slides' => getRequest('slides', []),
109			'userid' => getRequest('userid', ''),
110			'private' => getRequest('private'),
111			'users' => getRequest('users', []),
112			'userGroups' => getRequest('userGroups', [])
113		];
114
115		// Only administrators can set slide show owner.
116		if (CWebUser::getType() == USER_TYPE_ZABBIX_USER) {
117			unset($data['userid']);
118		}
119		// Slide show update with inaccessible user.
120		elseif (CWebUser::getType() == USER_TYPE_ZABBIX_ADMIN && $data['userid'] === '') {
121			$user_exist = API::User()->get([
122				'output' => ['userid'],
123				'userids' => [$data['userid']]
124			]);
125
126			if (!$user_exist) {
127				unset($data['userid']);
128			}
129		}
130
131		$result = update_slideshow($data);
132
133		$messageSuccess = _('Slide show updated');
134		$messageFailed = _('Cannot update slide show');
135		$auditAction = AUDIT_ACTION_UPDATE;
136	}
137	else {
138		$result = add_slideshow([
139			'name' => getRequest('name'),
140			'delay' => getRequest('delay'),
141			'slides' => getRequest('slides', []),
142			'userid' => getRequest('userid'),
143			'private' => getRequest('private'),
144			'users' => getRequest('users', []),
145			'userGroups' => getRequest('userGroups', [])
146		]);
147
148		$messageSuccess = _('Slide show added');
149		$messageFailed = _('Cannot add slide show');
150		$auditAction = AUDIT_ACTION_ADD;
151	}
152
153	if ($result) {
154		add_audit($auditAction, AUDIT_RESOURCE_SLIDESHOW, ' Name "'.getRequest('name').'" ');
155		unset($_REQUEST['form'], $_REQUEST['slideshowid']);
156	}
157
158	$result = DBend($result);
159
160	if ($result) {
161		uncheckTableRows();
162	}
163	show_messages($result, $messageSuccess, $messageFailed);
164}
165elseif (isset($_REQUEST['delete']) && isset($_REQUEST['slideshowid'])) {
166	DBstart();
167
168	$result = delete_slideshow($_REQUEST['slideshowid']);
169
170	if ($result) {
171		add_audit(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_SLIDESHOW, ' Name "'.$db_slideshow['name'].'" ');
172	}
173	unset($_REQUEST['slideshowid'], $_REQUEST['form']);
174
175	$result = DBend($result);
176
177	if ($result) {
178		uncheckTableRows();
179	}
180	show_messages($result, _('Slide show deleted'), _('Cannot delete slide show'));
181}
182elseif (hasRequest('action') && getRequest('action') == 'slideshow.massdelete' && hasRequest('shows')) {
183	$result = true;
184
185	$shows = getRequest('shows');
186	DBstart();
187
188	foreach ($shows as $showid) {
189		$result &= delete_slideshow($showid);
190		if (!$result) {
191			break;
192		}
193	}
194
195	$result = DBend($result);
196
197	if ($result) {
198		unset($_REQUEST['form']);
199		uncheckTableRows();
200	}
201	show_messages($result, _('Slide show deleted'), _('Cannot delete slide show'));
202}
203
204/*
205 * Display
206 */
207if (hasRequest('form')) {
208	$current_userid = CWebUser::$data['userid'];
209	$userids[$current_userid] = true;
210	$user_groupids = [];
211
212	$data = [
213		'form' => getRequest('form'),
214		'form_refresh' => getRequest('form_refresh', 0)
215	];
216
217	if (!hasRequest('slideshowid') || hasRequest('form_refresh')) {
218		// Slide show owner.
219		$slideshow_owner = getRequest('userid', $current_userid);
220		$userids[$slideshow_owner] = true;
221
222		foreach (getRequest('users', []) as $user) {
223			$userids[$user['userid']] = true;
224		}
225
226		foreach (getRequest('userGroups', []) as $user_group) {
227			$user_groupids[$user_group['usrgrpid']] = true;
228		}
229	}
230	else {
231		// Slide show owner.
232		$userids[$db_slideshow['userid']] = true;
233
234		$db_slideshow['users'] = DBfetchArray(DBselect(
235			'SELECT s.userid,s.permission'.
236			' FROM slideshow_user s'.
237			' WHERE s.slideshowid='.zbx_dbstr(getRequest('slideshowid'))
238		));
239
240		foreach ($db_slideshow['users'] as $user) {
241			$userids[$user['userid']] = true;
242		}
243
244		$db_slideshow['userGroups'] = DBfetchArray(DBselect(
245			'SELECT s.usrgrpid,s.permission'.
246			' FROM slideshow_usrgrp s'.
247			' WHERE s.slideshowid='.zbx_dbstr(getRequest('slideshowid'))
248		));
249
250		foreach ($db_slideshow['userGroups'] as $user_group) {
251			$user_groupids[$user_group['usrgrpid']] = true;
252		}
253	}
254
255	$data['users'] = API::User()->get([
256		'output' => ['userid', 'alias', 'name', 'surname'],
257		'userids' => array_keys($userids),
258		'preservekeys' => true
259	]);
260
261	$data['user_groups'] = API::UserGroup()->get([
262		'output' => ['usrgrpid', 'name'],
263		'usrgrpids' => array_keys($user_groupids),
264		'preservekeys' => true
265	]);
266
267	if (array_key_exists('slideshowid', $db_slideshow) && !isset($_REQUEST['form_refresh'])) {
268		$data['slideshow'] = [
269			'slideshowid' => $db_slideshow['slideshowid'],
270			'name' => $db_slideshow['name'],
271			'delay' => $db_slideshow['delay'],
272			'userid' => $db_slideshow['userid'],
273			'private' => $db_slideshow['private'],
274			'users' => $db_slideshow['users'],
275			'userGroups' => $db_slideshow['userGroups']
276		];
277
278		// Get slides.
279		$data['slideshow']['slides'] = DBfetchArray(DBselect(
280				'SELECT s.slideid, s.screenid, s.delay'.
281				' FROM slides s'.
282				' WHERE s.slideshowid='.zbx_dbstr($db_slideshow['slideshowid']).
283				' ORDER BY s.step'
284		));
285	}
286	else {
287		$data['slideshow'] = [
288			'slideshowid' => getRequest('slideshowid'),
289			'name' => getRequest('name', ''),
290			'delay' => getRequest('delay', ZBX_ITEM_DELAY_DEFAULT),
291			'slides' => getRequest('slides', []),
292			'private' => getRequest('private', PRIVATE_SHARING),
293			'users' => getRequest('users', []),
294			'userGroups' => getRequest('userGroups', [])
295		];
296		if (hasRequest('form_refresh')) {
297			if (CWebUser::getType() == USER_TYPE_SUPER_ADMIN || CWebUser::getType() == USER_TYPE_ZABBIX_ADMIN) {
298				$data['slideshow']['userid'] = getRequest('userid', '');
299			}
300			else {
301				$data['slideshow']['userid'] = getRequest('userid');
302			}
303		}
304		else {
305			if ($db_slideshow) {
306				$data['slideshow']['userid'] = $db_slideshow['userid'];
307			}
308			else {
309				$data['slideshow']['userid'] = $current_userid;
310			}
311		}
312	}
313
314	$screenids = [];
315	foreach ($data['slideshow']['slides'] as $slides) {
316		$screenids[] = $slides['screenid'];
317	}
318
319	$data['slideshow']['screens'] = API::Screen()->get([
320		'output' => ['screenid', 'name'],
321		'screenids' => $screenids,
322		'preservekeys' => true
323	]);
324
325	$data['current_user_userid'] = $current_userid;
326
327	// Get slides without delay.
328	$data['slides_without_delay'] = $data['slideshow']['slides'];
329	foreach ($data['slides_without_delay'] as &$slide) {
330		unset($slide['delay']);
331	}
332	unset($slide);
333
334	// render view
335	$slideshowView = new CView('monitoring.slideconf.edit', $data);
336	$slideshowView->render();
337	$slideshowView->show();
338}
339else {
340	CProfile::delete('web.slides.elementid');
341
342	$sortField = getRequest('sort', CProfile::get('web.'.$page['file'].'.sort', 'name'));
343	$sortOrder = getRequest('sortorder', CProfile::get('web.'.$page['file'].'.sortorder', ZBX_SORT_UP));
344
345	CProfile::update('web.'.$page['file'].'.sort', $sortField, PROFILE_TYPE_STR);
346	CProfile::update('web.'.$page['file'].'.sortorder', $sortOrder, PROFILE_TYPE_STR);
347
348	if (hasRequest('filter_set')) {
349		CProfile::update('web.slideconf.filter_name', getRequest('filter_name', ''), PROFILE_TYPE_STR);
350	}
351	elseif (hasRequest('filter_rst')) {
352		DBStart();
353		CProfile::delete('web.slideconf.filter_name');
354		DBend();
355	}
356
357	$config = select_config();
358	$limit = $config['search_limit'] + 1;
359
360	$data = [
361		'filter' => [
362			'name' => CProfile::get('web.slideconf.filter_name', '')
363		],
364		'sort' => $sortField,
365		'sortorder' => $sortOrder
366	];
367
368	if ($data['filter']['name'] !== '') {
369		// escaping parameter that is about to be used in LIKE statement
370		$pattern = str_replace("!", "!!", $data['filter']['name']);
371		$pattern = str_replace("%", "!%", $pattern);
372		$pattern = str_replace("_", "!_", $pattern);
373
374		$sql_where = ' WHERE UPPER(s.name) LIKE '.zbx_dbstr('%'.mb_strtoupper($pattern).'%')." ESCAPE '!'";
375	}
376	else {
377		$sql_where = '';
378	}
379
380	$data['slides'] = DBfetchArray(DBselect(
381			'SELECT s.slideshowid,s.name,s.delay,COUNT(sl.slideshowid) AS cnt'.
382			' FROM slideshows s'.
383				' LEFT JOIN slides sl ON sl.slideshowid=s.slideshowid'.
384			$sql_where.
385			' GROUP BY s.slideshowid,s.name,s.delay'.
386			' ORDER BY '.(($sortField === 'cnt') ? 'cnt' : 's.'.$sortField)
387	));
388
389	foreach ($data['slides'] as $key => &$slide) {
390		if (!slideshow_accessible($slide['slideshowid'], PERM_READ)) {
391			unset($data['slides'][$key]);
392		}
393		else {
394			$slide['editable'] = (bool) get_slideshow_by_slideshowid($slide['slideshowid'], PERM_READ_WRITE);
395		}
396	}
397	unset($slide);
398
399	order_result($data['slides'], $sortField, $sortOrder);
400
401	if ($sortOrder == ZBX_SORT_UP) {
402		$data['slides'] = array_slice($data['slides'], 0, $limit);
403	}
404	else {
405		$data['slides'] = array_slice($data['slides'], -$limit, $limit);
406	}
407
408	order_result($data['slides'], $sortField, $sortOrder);
409
410	$data['paging'] = getPagingLine($data['slides'], $sortOrder, new CUrl('slideconf.php'));
411
412	// render view
413	$slideshowView = new CView('monitoring.slideconf.list', $data);
414	$slideshowView->render();
415	$slideshowView->show();
416}
417
418require_once dirname(__FILE__).'/include/page_footer.php';
419