1<?php
2
3use App\Models\DeviceGroup;
4use App\Models\User;
5
6$no_refresh = true;
7
8require 'includes/html/javascript-interfacepicker.inc.php';
9
10echo "<div style='margin: 10px;'>";
11
12$pagetitle[] = 'Edit user';
13
14if (! Auth::user()->hasGlobalAdmin()) {
15    include 'includes/html/error-no-perm.inc.php';
16} else {
17    if ($vars['user_id'] && ! $vars['edit']) {
18        /** @var User $user */
19        $user = User::find($vars['user_id']);
20        $user_data = $user->toArray(); // for compatibility with current code
21
22        echo '<p><h2>' . $user_data['realname'] . '</h2></p>';
23        // Perform actions if requested
24        if ($vars['action'] == 'deldevperm') {
25            if (dbFetchCell('SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?', [$vars['device_id'], $user_data['user_id']])) {
26                dbDelete('devices_perms', '`device_id` =  ? AND `user_id` = ?', [$vars['device_id'], $user_data['user_id']]);
27            }
28        }
29
30        if ($vars['action'] == 'adddevperm') {
31            if (! dbFetchCell('SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?', [$vars['device_id'], $user_data['user_id']])) {
32                dbInsert(['device_id' => $vars['device_id'], 'user_id' => $user_data['user_id']], 'devices_perms');
33            }
34        }
35
36        if ($vars['action'] == 'deldevgroupperm') {
37            $user->deviceGroups()->detach($vars['device_group_id']);
38        }
39
40        if ($vars['action'] == 'adddevgroupperm') {
41            $user->deviceGroups()->syncWithoutDetaching($vars['device_group_id']);
42        }
43
44        if ($vars['action'] == 'delifperm') {
45            if (dbFetchCell('SELECT COUNT(*) FROM ports_perms WHERE `port_id` = ? AND `user_id` = ?', [$vars['port_id'], $user_data['user_id']])) {
46                dbDelete('ports_perms', '`port_id` =  ? AND `user_id` = ?', [$vars['port_id'], $user_data['user_id']]);
47            }
48        }
49
50        if ($vars['action'] == 'addifperm') {
51            if (! dbFetchCell('SELECT COUNT(*) FROM ports_perms WHERE `port_id` = ? AND `user_id` = ?', [$vars['port_id'], $user_data['user_id']])) {
52                dbInsert(['port_id' => $vars['port_id'], 'user_id' => $user_data['user_id']], 'ports_perms');
53            }
54        }
55
56        if ($vars['action'] == 'delbillperm') {
57            if (dbFetchCell('SELECT COUNT(*) FROM bill_perms WHERE `bill_id` = ? AND `user_id` = ?', [$vars['bill_id'], $user_data['user_id']])) {
58                dbDelete('bill_perms', '`bill_id` =  ? AND `user_id` = ?', [$vars['bill_id'], $user_data['user_id']]);
59            }
60        }
61
62        if ($vars['action'] == 'addbillperm') {
63            if (! dbFetchCell('SELECT COUNT(*) FROM bill_perms WHERE `bill_id` = ? AND `user_id` = ?', [$vars['bill_id'], $user_data['user_id']])) {
64                dbInsert(['bill_id' => $vars['bill_id'], 'user_id' => $user_data['user_id']], 'bill_perms');
65            }
66        }
67
68        echo '<div class="row">
69           <div class="col-md-4">';
70
71        // Display devices this users has access to
72        echo '<h3>Device Access</h3>';
73
74        echo "<div class='panel panel-default panel-condensed'>
75            <table class='table table-hover table-condensed table-striped'>
76              <tr>
77                <th>Device</th>
78                <th>Action</th>
79              </tr>";
80
81        $device_perms = dbFetchRows('SELECT * from devices_perms as P, devices as D WHERE `user_id` = ? AND D.device_id = P.device_id', [$user_data['user_id']]);
82        foreach ($device_perms as $device_perm) {
83            echo '<tr><td><strong>' . format_hostname($device_perm) . "</td><td> <a href='edituser/action=deldevperm/user_id=" . $vars['user_id'] . '/device_id=' . $device_perm['device_id'] . "'><i class='fa fa-trash fa-lg icon-theme' aria-hidden='true'></i></a></strong></td></tr>";
84            $access_list[] = $device_perm['device_id'];
85            $permdone = 'yes';
86        }
87
88        echo '</table>
89          </div>';
90
91        if (! $permdone) {
92            echo 'None Configured';
93        }
94
95        // Display devices this user doesn't have access to
96        echo '<h4>Grant access to new device</h4>';
97        echo "<form class='form-inline' role='form' method='post' action=''>
98            " . csrf_field() . "
99            <input type='hidden' value='" . $user_data['user_id'] . "' name='user_id'>
100            <input type='hidden' value='edituser' name='page'>
101            <input type='hidden' value='adddevperm' name='action'>
102            <div class='form-group'>
103              <label class='sr-only' for='device_id'>Device</label>
104              <select name='device_id' id='device_id' class='form-control'>";
105
106        $devices = dbFetchRows('SELECT * FROM `devices` ORDER BY hostname');
107        foreach ($devices as $device) {
108            unset($done);
109            foreach ($access_list as $ac) {
110                if ($ac == $device['device_id']) {
111                    $done = 1;
112                }
113            }
114
115            if (! $done) {
116                echo "<option value='" . $device['device_id'] . "'>" . format_hostname($device, $device['hostname']) . '</option>';
117            }
118        }
119
120        echo "</select>
121           </div>
122           <button type='submit' class='btn btn-default' name='Submit'>Add</button></form>";
123
124        echo '</div>
125           <div class="col-md-4">';
126
127        // Display devices this users has access to
128        echo '<h3>Device access via Device Group (beta)</h3>';
129
130        echo "<div class='panel panel-default panel-condensed'>
131            <table class='table table-hover table-condensed table-striped'>
132              <tr>
133                <th>Device Group</th>
134                <th>Action</th>
135              </tr>";
136
137        foreach ($user->deviceGroups as $device_group_perm) {
138            echo '<tr><td><strong>' . $device_group_perm->name . "</td><td> <a href='edituser/action=deldevgroupperm/user_id=" . $user->user_id . '/device_group_id=' . $device_group_perm->id . "'><i class='fa fa-trash fa-lg icon-theme' aria-hidden='true'></i></a></strong></td></tr>";
139        }
140
141        echo '</table>
142          </div>';
143
144        if ($user->deviceGroups->isEmpty()) {
145            echo 'None Configured';
146        }
147
148        // Display device groups this user doesn't have access to
149        echo '<h4>Grant access to new Device Group</h4>';
150        $allow_dynamic = \LibreNMS\Config::get('permission.device_group.allow_dynamic');
151        if (! $allow_dynamic) {
152            echo '<i>Dynamic groups are disabled, set permission.device_group.allow_dynamic to enable.</i>';
153        }
154
155        echo "<form class='form-inline' role='form' method='post' action=''>
156            " . csrf_field() . "
157            <input type='hidden' value='" . $user_data['user_id'] . "' name='user_id'>
158            <input type='hidden' value='edituser' name='page'>
159            <input type='hidden' value='adddevgroupperm' name='action'>
160            <div class='form-group'>
161              <label class='sr-only' for='device_group_id'>Device</label>
162              <select name='device_group_id' id='device_group_id' class='form-control'>";
163
164        $device_groups = DeviceGroup::query()
165            ->whereNotIn('id', $user->deviceGroups->pluck('id'))
166            ->when(! $allow_dynamic, function ($query) {
167                return $query->where('type', 'static');
168            })
169            ->orderBy('name')
170            ->get(['id', 'name']);
171
172        foreach ($device_groups as $group) {
173            echo '<option value="' . $group->id . '">' . $group->name . '</option>';
174        }
175
176        echo "</select>
177           </div>
178           <button type='submit' class='btn btn-default' name='Submit'>Add</button></form>";
179
180        echo "</div></div>
181
182        <div class='row'>
183          <div class='col-md-4'>";
184        echo '<h3>Interface Access</h3>';
185
186        $interface_perms = dbFetchRows('SELECT * from ports_perms as P, ports as I, devices as D WHERE `user_id` = ? AND I.port_id = P.port_id AND D.device_id = I.device_id', [$user_data['user_id']]);
187
188        echo "<div class='panel panel-default panel-condensed'>
189            <table class='table table-hover table-condensed table-striped'>
190              <tr>
191                <th>Interface name</th>
192                <th>Action</th>
193              </tr>";
194        foreach ($interface_perms as $interface_perm) {
195            echo '<tr>
196              <td>
197                <strong>' . $interface_perm['hostname'] . ' - ' . $interface_perm['ifDescr'] . '</strong>' . '' . \LibreNMS\Util\Clean::html($interface_perm['ifAlias'], []) . "
198              </td>
199              <td>
200                &nbsp;&nbsp;<a href='edituser/action=delifperm/user_id=" . $user_data['user_id'] . '/port_id=' . $interface_perm['port_id'] . "'><i class='fa fa-trash fa-lg icon-theme' aria-hidden='true'></i></a>
201              </td>
202            </tr>";
203            $ipermdone = 'yes';
204        }
205
206        echo '</table>
207          </div>';
208
209        if (! $ipermdone) {
210            echo 'None Configured';
211        }
212
213        // Display interfaces this user doesn't have access to
214        echo '<h4>Grant access to new interface</h4>';
215
216        echo "<form action='' method='post' class='form-horizontal' role='form'>
217        " . csrf_field() . "
218        <input type='hidden' value='" . $user_data['user_id'] . "' name='user_id'>
219        <input type='hidden' value='edituser' name='page'>
220        <input type='hidden' value='addifperm' name='action'>
221        <div class='form-group'>
222          <label for='device' class='col-sm-2 control-label'>Device: </label>
223          <div class='col-sm-10'>
224            <select id='device' class='form-control' name='device' onchange='getInterfaceList(this)'>
225          <option value=''>Select a device</option>";
226
227        foreach ($devices as $device) {
228            unset($done);
229            foreach ($access_list as $ac) {
230                if ($ac == $device['device_id']) {
231                    $done = 1;
232                }
233            }
234
235            if (! $done) {
236                echo "<option value='" . $device['device_id'] . "'>" . format_hostname($device, $device['hostname']) . '</option>';
237            }
238        }
239
240        echo "</select>
241          </div>
242          </div>
243          <div class='form-group'>
244            <label for='port_id' class='col-sm-2 control-label'>Interface: </label>
245            <div class='col-sm-10'>
246              <select class='form-control' id='port_id' name='port_id'>
247              </select>
248            </div>
249         </div>
250         <div class='form-group'>
251           <div class='col-sm-12'>
252             <button type='submit' class='btn btn-default' name='Submit' value='Add'>Add</button>
253           </div>
254         </div>
255       </form>";
256
257        echo "</div>
258          <div class='col-md-4'>";
259        echo '<h3>Bill Access</h3>';
260
261        $bill_perms = dbFetchRows('SELECT * from bills AS B, bill_perms AS P WHERE P.user_id = ? AND P.bill_id = B.bill_id', [$user_data['user_id']]);
262
263        echo "<div class='panel panel-default panel-condensed'>
264            <table class='table table-hover table-condensed table-striped'>
265            <tr>
266              <th>Bill name</th>
267              <th>Action</th>
268            </tr>";
269
270        foreach ($bill_perms as $bill_perm) {
271            echo '<tr>
272              <td>
273                <strong>' . $bill_perm['bill_name'] . "</strong></td><td width=50>&nbsp;&nbsp;<a href='edituser/action=delbillperm/user_id=" . $vars['user_id'] . '/bill_id=' . $bill_perm['bill_id'] . "'><i class='fa fa-trash fa-lg icon-theme' aria-hidden='true'></i></a>
274              </td>
275            </tr>";
276            $bill_access_list[] = $bill_perm['bill_id'];
277
278            $bpermdone = 'yes';
279        }
280
281        echo '</table>
282          </div>';
283
284        if (! $bpermdone) {
285            echo 'None Configured';
286        }
287
288        // Display devices this user doesn't have access to
289        echo '<h4>Grant access to new bill</h4>';
290        echo "<form method='post' action='' class='form-inline' role='form'>
291            " . csrf_field() . "
292            <input type='hidden' value='" . $user_data['user_id'] . "' name='user_id'>
293            <input type='hidden' value='edituser' name='page'>
294            <input type='hidden' value='addbillperm' name='action'>
295            <div class='form-group'>
296              <label class='sr-only' for='bill_id'>Bill</label>
297              <select name='bill_id' class='form-control' id='bill_id'>";
298
299        $bills = dbFetchRows('SELECT * FROM `bills` ORDER BY `bill_name`');
300        foreach ($bills as $bill) {
301            unset($done);
302            foreach ($bill_access_list as $ac) {
303                if ($ac == $bill['bill_id']) {
304                    $done = 1;
305                }
306            }
307
308            if (! $done) {
309                echo "<option value='" . $bill['bill_id'] . "'>" . $bill['bill_name'] . '</option>';
310            }
311        }
312
313        echo "</select>
314          </div>
315          <button type='submit' class='btn btn-default' name='Submit' value='Add'>Add</button>
316        </form>
317        </div>";
318    } else {
319        echo '<script>window.location.replace("' . url('users') . '");</script>';
320    }//end if
321}//end if
322
323echo '</div>';
324