1<?php 2/* 3** Zabbix 4** Copyright (C) 2001-2021 Zabbix SIA 5** 6** This program is free software; you can redistribute it and/or modify 7** it under the terms of the GNU General Public License as published by 8** the Free Software Foundation; either version 2 of the License, or 9** (at your option) any later version. 10** 11** This program is distributed in the hope that it will be useful, 12** but WITHOUT ANY WARRANTY; without even the implied warranty of 13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14** GNU General Public License for more details. 15** 16** You should have received a copy of the GNU General Public License 17** along with this program; if not, write to the Free Software 18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19**/ 20 21 22require_once dirname(__FILE__).'/include/config.inc.php'; 23require_once dirname(__FILE__).'/include/screens.inc.php'; 24 25$page['title'] = _('Configuration of slide shows'); 26$page['file'] = 'slideconf.php'; 27$page['type'] = detect_page_type(PAGE_TYPE_HTML); 28$page['scripts'] = ['multiselect.js']; 29 30require_once dirname(__FILE__).'/include/page_header.php'; 31 32// VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION 33$fields = [ 34 'shows' => [T_ZBX_INT, O_OPT, P_SYS, DB_ID, null], 35 'slideshowid' => [T_ZBX_INT, O_NO, P_SYS, DB_ID, 'isset({form}) && {form} == "update"'], 36 'name' => [T_ZBX_STR, O_OPT, null, NOT_EMPTY, 'isset({add}) || isset({update})', _('Name')], 37 'delay' => [T_ZBX_INT, O_OPT, null, BETWEEN(1, SEC_PER_DAY), 'isset({add}) || isset({update})',_('Default delay (in seconds)')], 38 'slides' => [null, O_OPT, null, null, null], 39 'userid' => [T_ZBX_INT, O_OPT, P_SYS, DB_ID, null], 40 'private' => [T_ZBX_INT, O_OPT, null, BETWEEN(0, 1), null], 41 'users' => [T_ZBX_INT, O_OPT, null, null, null], 42 'userGroups' => [T_ZBX_INT, O_OPT, null, null, null], 43 // actions 44 'action' => [T_ZBX_STR, O_OPT, P_SYS|P_ACT, IN('"slideshow.massdelete"'), null], 45 'add' => [T_ZBX_STR, O_OPT, P_SYS|P_ACT, null, null], 46 'update' => [T_ZBX_STR, O_OPT, P_SYS|P_ACT, null, null], 47 'delete' => [T_ZBX_STR, O_OPT, P_SYS|P_ACT, null, null], 48 'cancel' => [T_ZBX_STR, O_OPT, P_SYS, null, null], 49 'form' => [T_ZBX_STR, O_OPT, P_SYS, null, null], 50 'form_refresh' => [T_ZBX_INT, O_OPT, null, null, null], 51 // filter 52 'filter_set' => [T_ZBX_STR, O_OPT, P_SYS, null, null], 53 'filter_rst' => [T_ZBX_STR, O_OPT, P_SYS, null, null], 54 'filter_name' => [T_ZBX_STR, O_OPT, null, null, null], 55 // sort and sortorder 56 'sort' => [T_ZBX_STR, O_OPT, P_SYS, IN('"cnt","delay","name"'), null], 57 'sortorder' => [T_ZBX_STR, O_OPT, P_SYS, IN('"'.ZBX_SORT_DOWN.'","'.ZBX_SORT_UP.'"'), null] 58]; 59check_fields($fields); 60 61if (!empty($_REQUEST['slides'])) { 62 natksort($_REQUEST['slides']); 63} 64 65/* 66 * Permissions 67 */ 68if (hasRequest('slideshowid')) { 69 if (!slideshow_accessible($_REQUEST['slideshowid'], PERM_READ)) { 70 access_deny(); 71 } 72 73 $db_slideshow = get_slideshow_by_slideshowid(getRequest('slideshowid'), PERM_READ_WRITE); 74 75 if (!$db_slideshow) { 76 access_deny(); 77 } 78} 79else { 80 $db_slideshow = []; 81} 82if (hasRequest('action')) { 83 if (!hasRequest('shows') || !is_array(getRequest('shows'))) { 84 access_deny(); 85 } 86 else { 87 $dbSlideshowCount = DBfetch(DBselect( 88 'SELECT COUNT(*) AS cnt FROM slideshows s WHERE '.dbConditionInt('s.slideshowid', getRequest('shows')) 89 )); 90 91 if ($dbSlideshowCount['cnt'] != count(getRequest('shows'))) { 92 access_deny(); 93 } 94 } 95} 96 97/* 98 * Actions 99 */ 100if (hasRequest('add') || hasRequest('update')) { 101 DBstart(); 102 103 if (hasRequest('update')) { 104 $data = [ 105 'slideshowid' => getRequest('slideshowid'), 106 'name' => getRequest('name'), 107 'delay' => getRequest('delay'), 108 'slides' => getRequest('slides', []), 109 'userid' => getRequest('userid', ''), 110 'private' => getRequest('private'), 111 'users' => getRequest('users', []), 112 'userGroups' => getRequest('userGroups', []) 113 ]; 114 115 // Only administrators can set slide show owner. 116 if (CWebUser::getType() == USER_TYPE_ZABBIX_USER) { 117 unset($data['userid']); 118 } 119 // Slide show update with inaccessible user. 120 elseif (CWebUser::getType() == USER_TYPE_ZABBIX_ADMIN && $data['userid'] === '') { 121 $user_exist = API::User()->get([ 122 'output' => ['userid'], 123 'userids' => [$data['userid']] 124 ]); 125 126 if (!$user_exist) { 127 unset($data['userid']); 128 } 129 } 130 131 $result = update_slideshow($data); 132 133 $messageSuccess = _('Slide show updated'); 134 $messageFailed = _('Cannot update slide show'); 135 $auditAction = AUDIT_ACTION_UPDATE; 136 } 137 else { 138 $result = add_slideshow([ 139 'name' => getRequest('name'), 140 'delay' => getRequest('delay'), 141 'slides' => getRequest('slides', []), 142 'userid' => getRequest('userid'), 143 'private' => getRequest('private'), 144 'users' => getRequest('users', []), 145 'userGroups' => getRequest('userGroups', []) 146 ]); 147 148 $messageSuccess = _('Slide show added'); 149 $messageFailed = _('Cannot add slide show'); 150 $auditAction = AUDIT_ACTION_ADD; 151 } 152 153 if ($result) { 154 add_audit($auditAction, AUDIT_RESOURCE_SLIDESHOW, ' Name "'.getRequest('name').'" '); 155 unset($_REQUEST['form'], $_REQUEST['slideshowid']); 156 } 157 158 $result = DBend($result); 159 160 if ($result) { 161 uncheckTableRows(); 162 } 163 show_messages($result, $messageSuccess, $messageFailed); 164} 165elseif (isset($_REQUEST['delete']) && isset($_REQUEST['slideshowid'])) { 166 DBstart(); 167 168 $result = delete_slideshow($_REQUEST['slideshowid']); 169 170 if ($result) { 171 add_audit(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_SLIDESHOW, ' Name "'.$db_slideshow['name'].'" '); 172 } 173 unset($_REQUEST['slideshowid'], $_REQUEST['form']); 174 175 $result = DBend($result); 176 177 if ($result) { 178 uncheckTableRows(); 179 } 180 show_messages($result, _('Slide show deleted'), _('Cannot delete slide show')); 181} 182elseif (hasRequest('action') && getRequest('action') == 'slideshow.massdelete' && hasRequest('shows')) { 183 $result = true; 184 185 $shows = getRequest('shows'); 186 DBstart(); 187 188 foreach ($shows as $showid) { 189 $result &= delete_slideshow($showid); 190 if (!$result) { 191 break; 192 } 193 } 194 195 $result = DBend($result); 196 197 if ($result) { 198 unset($_REQUEST['form']); 199 uncheckTableRows(); 200 } 201 show_messages($result, _('Slide show deleted'), _('Cannot delete slide show')); 202} 203 204/* 205 * Display 206 */ 207if (hasRequest('form')) { 208 $current_userid = CWebUser::$data['userid']; 209 $userids[$current_userid] = true; 210 $user_groupids = []; 211 212 $data = [ 213 'form' => getRequest('form'), 214 'form_refresh' => getRequest('form_refresh', 0) 215 ]; 216 217 if (!hasRequest('slideshowid') || hasRequest('form_refresh')) { 218 // Slide show owner. 219 $slideshow_owner = getRequest('userid', $current_userid); 220 $userids[$slideshow_owner] = true; 221 222 foreach (getRequest('users', []) as $user) { 223 $userids[$user['userid']] = true; 224 } 225 226 foreach (getRequest('userGroups', []) as $user_group) { 227 $user_groupids[$user_group['usrgrpid']] = true; 228 } 229 } 230 else { 231 // Slide show owner. 232 $userids[$db_slideshow['userid']] = true; 233 234 $db_slideshow['users'] = DBfetchArray(DBselect( 235 'SELECT s.userid,s.permission'. 236 ' FROM slideshow_user s'. 237 ' WHERE s.slideshowid='.zbx_dbstr(getRequest('slideshowid')) 238 )); 239 240 foreach ($db_slideshow['users'] as $user) { 241 $userids[$user['userid']] = true; 242 } 243 244 $db_slideshow['userGroups'] = DBfetchArray(DBselect( 245 'SELECT s.usrgrpid,s.permission'. 246 ' FROM slideshow_usrgrp s'. 247 ' WHERE s.slideshowid='.zbx_dbstr(getRequest('slideshowid')) 248 )); 249 250 foreach ($db_slideshow['userGroups'] as $user_group) { 251 $user_groupids[$user_group['usrgrpid']] = true; 252 } 253 } 254 255 $data['users'] = API::User()->get([ 256 'output' => ['userid', 'alias', 'name', 'surname'], 257 'userids' => array_keys($userids), 258 'preservekeys' => true 259 ]); 260 261 $data['user_groups'] = API::UserGroup()->get([ 262 'output' => ['usrgrpid', 'name'], 263 'usrgrpids' => array_keys($user_groupids), 264 'preservekeys' => true 265 ]); 266 267 if (array_key_exists('slideshowid', $db_slideshow) && !isset($_REQUEST['form_refresh'])) { 268 $data['slideshow'] = [ 269 'slideshowid' => $db_slideshow['slideshowid'], 270 'name' => $db_slideshow['name'], 271 'delay' => $db_slideshow['delay'], 272 'userid' => $db_slideshow['userid'], 273 'private' => $db_slideshow['private'], 274 'users' => $db_slideshow['users'], 275 'userGroups' => $db_slideshow['userGroups'] 276 ]; 277 278 // Get slides. 279 $data['slideshow']['slides'] = DBfetchArray(DBselect( 280 'SELECT s.slideid, s.screenid, s.delay'. 281 ' FROM slides s'. 282 ' WHERE s.slideshowid='.zbx_dbstr($db_slideshow['slideshowid']). 283 ' ORDER BY s.step' 284 )); 285 } 286 else { 287 $data['slideshow'] = [ 288 'slideshowid' => getRequest('slideshowid'), 289 'name' => getRequest('name', ''), 290 'delay' => getRequest('delay', ZBX_ITEM_DELAY_DEFAULT), 291 'slides' => getRequest('slides', []), 292 'private' => getRequest('private', PRIVATE_SHARING), 293 'users' => getRequest('users', []), 294 'userGroups' => getRequest('userGroups', []) 295 ]; 296 if (hasRequest('form_refresh')) { 297 if (CWebUser::getType() == USER_TYPE_SUPER_ADMIN || CWebUser::getType() == USER_TYPE_ZABBIX_ADMIN) { 298 $data['slideshow']['userid'] = getRequest('userid', ''); 299 } 300 else { 301 $data['slideshow']['userid'] = getRequest('userid'); 302 } 303 } 304 else { 305 if ($db_slideshow) { 306 $data['slideshow']['userid'] = $db_slideshow['userid']; 307 } 308 else { 309 $data['slideshow']['userid'] = $current_userid; 310 } 311 } 312 } 313 314 $screenids = []; 315 foreach ($data['slideshow']['slides'] as $slides) { 316 $screenids[] = $slides['screenid']; 317 } 318 319 $data['slideshow']['screens'] = API::Screen()->get([ 320 'output' => ['screenid', 'name'], 321 'screenids' => $screenids, 322 'preservekeys' => true 323 ]); 324 325 $data['current_user_userid'] = $current_userid; 326 327 // Get slides without delay. 328 $data['slides_without_delay'] = $data['slideshow']['slides']; 329 foreach ($data['slides_without_delay'] as &$slide) { 330 unset($slide['delay']); 331 } 332 unset($slide); 333 334 // render view 335 $slideshowView = new CView('monitoring.slideconf.edit', $data); 336 $slideshowView->render(); 337 $slideshowView->show(); 338} 339else { 340 CProfile::delete('web.slides.elementid'); 341 342 $sortField = getRequest('sort', CProfile::get('web.'.$page['file'].'.sort', 'name')); 343 $sortOrder = getRequest('sortorder', CProfile::get('web.'.$page['file'].'.sortorder', ZBX_SORT_UP)); 344 345 CProfile::update('web.'.$page['file'].'.sort', $sortField, PROFILE_TYPE_STR); 346 CProfile::update('web.'.$page['file'].'.sortorder', $sortOrder, PROFILE_TYPE_STR); 347 348 if (hasRequest('filter_set')) { 349 CProfile::update('web.slideconf.filter_name', getRequest('filter_name', ''), PROFILE_TYPE_STR); 350 } 351 elseif (hasRequest('filter_rst')) { 352 DBStart(); 353 CProfile::delete('web.slideconf.filter_name'); 354 DBend(); 355 } 356 357 $config = select_config(); 358 $limit = $config['search_limit'] + 1; 359 360 $data = [ 361 'filter' => [ 362 'name' => CProfile::get('web.slideconf.filter_name', '') 363 ], 364 'sort' => $sortField, 365 'sortorder' => $sortOrder 366 ]; 367 368 if ($data['filter']['name'] !== '') { 369 // escaping parameter that is about to be used in LIKE statement 370 $pattern = str_replace("!", "!!", $data['filter']['name']); 371 $pattern = str_replace("%", "!%", $pattern); 372 $pattern = str_replace("_", "!_", $pattern); 373 374 $sql_where = ' WHERE UPPER(s.name) LIKE '.zbx_dbstr('%'.mb_strtoupper($pattern).'%')." ESCAPE '!'"; 375 } 376 else { 377 $sql_where = ''; 378 } 379 380 $data['slides'] = DBfetchArray(DBselect( 381 'SELECT s.slideshowid,s.name,s.delay,COUNT(sl.slideshowid) AS cnt'. 382 ' FROM slideshows s'. 383 ' LEFT JOIN slides sl ON sl.slideshowid=s.slideshowid'. 384 $sql_where. 385 ' GROUP BY s.slideshowid,s.name,s.delay'. 386 ' ORDER BY '.(($sortField === 'cnt') ? 'cnt' : 's.'.$sortField) 387 )); 388 389 foreach ($data['slides'] as $key => &$slide) { 390 if (!slideshow_accessible($slide['slideshowid'], PERM_READ)) { 391 unset($data['slides'][$key]); 392 } 393 else { 394 $slide['editable'] = (bool) get_slideshow_by_slideshowid($slide['slideshowid'], PERM_READ_WRITE); 395 } 396 } 397 unset($slide); 398 399 order_result($data['slides'], $sortField, $sortOrder); 400 401 if ($sortOrder == ZBX_SORT_UP) { 402 $data['slides'] = array_slice($data['slides'], 0, $limit); 403 } 404 else { 405 $data['slides'] = array_slice($data['slides'], -$limit, $limit); 406 } 407 408 order_result($data['slides'], $sortField, $sortOrder); 409 410 $data['paging'] = getPagingLine($data['slides'], $sortOrder, new CUrl('slideconf.php')); 411 412 // render view 413 $slideshowView = new CView('monitoring.slideconf.list', $data); 414 $slideshowView->render(); 415 $slideshowView->show(); 416} 417 418require_once dirname(__FILE__).'/include/page_footer.php'; 419