1<?php
2/*
3** Zabbix
4** Copyright (C) 2001-2021 Zabbix SIA
5**
6** This program is free software; you can redistribute it and/or modify
7** it under the terms of the GNU General Public License as published by
8** the Free Software Foundation; either version 2 of the License, or
9** (at your option) any later version.
10**
11** This program is distributed in the hope that it will be useful,
12** but WITHOUT ANY WARRANTY; without even the implied warranty of
13** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14** GNU General Public License for more details.
15**
16** You should have received a copy of the GNU General Public License
17** along with this program; if not, write to the Free Software
18** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19**/
20
21
22require_once dirname(__FILE__).'/include/config.inc.php';
23require_once dirname(__FILE__).'/include/screens.inc.php';
24
25$page['title'] = _('Configuration of slide shows');
26$page['file'] = 'slideconf.php';
27$page['type'] = detect_page_type(PAGE_TYPE_HTML);
28$page['scripts'] = ['multiselect.js'];
29
30require_once dirname(__FILE__).'/include/page_header.php';
31
32//	VAR		TYPE	OPTIONAL FLAGS	VALIDATION	EXCEPTION
33$fields = [
34	'shows' =>			[T_ZBX_INT, O_OPT,	P_SYS,		DB_ID,	null],
35	'slideshowid' =>	[T_ZBX_INT, O_NO,	P_SYS,		DB_ID,	'isset({form}) && {form} == "update"'],
36	'name' =>			[T_ZBX_STR, O_OPT, null, NOT_EMPTY, 'isset({add}) || isset({update})', _('Name')],
37	'delay' =>			[T_ZBX_TU,  O_OPT, null, null, 'isset({add}) || isset({update})', _('Default delay')],
38	'slides' =>			[null,		 O_OPT, null,		null,	null],
39	'userid' =>			[T_ZBX_INT, O_OPT, P_SYS,	DB_ID,			null],
40	'private' =>		[T_ZBX_INT, O_OPT, null,	BETWEEN(0, 1),	null],
41	'users' =>			[T_ZBX_INT, O_OPT, null,	null,			null],
42	'userGroups' =>		[T_ZBX_INT, O_OPT, null,	null,			null],
43	// actions
44	'action' =>			[T_ZBX_STR, O_OPT, P_SYS|P_ACT, IN('"slideshow.massdelete"'),	null],
45	'add' =>			[T_ZBX_STR, O_OPT, P_SYS|P_ACT, null,	null],
46	'update' =>			[T_ZBX_STR, O_OPT, P_SYS|P_ACT, null,	null],
47	'delete' =>			[T_ZBX_STR, O_OPT, P_SYS|P_ACT, null,	null],
48	'cancel' =>			[T_ZBX_STR, O_OPT, P_SYS,		null,	null],
49	'form' =>			[T_ZBX_STR, O_OPT, P_SYS,		null,	null],
50	'form_refresh' =>	[T_ZBX_INT, O_OPT, null,		null,	null],
51	// filter
52	'filter_set' =>		[T_ZBX_STR, O_OPT, P_SYS,	null,			null],
53	'filter_rst' =>		[T_ZBX_STR, O_OPT, P_SYS,	null,			null],
54	'filter_name' =>	[T_ZBX_STR, O_OPT, null,	null,			null],
55	// sort and sortorder
56	'sort' =>			[T_ZBX_STR, O_OPT, P_SYS, IN('"cnt","delay","name"'),					null],
57	'sortorder' =>		[T_ZBX_STR, O_OPT, P_SYS, IN('"'.ZBX_SORT_DOWN.'","'.ZBX_SORT_UP.'"'),	null]
58];
59check_fields($fields);
60
61if (!empty($_REQUEST['slides'])) {
62	natksort($_REQUEST['slides']);
63}
64
65/*
66 * Permissions
67 */
68if (hasRequest('slideshowid')) {
69	if (!slideshow_accessible($_REQUEST['slideshowid'], PERM_READ)) {
70		access_deny();
71	}
72
73	$db_slideshow = get_slideshow_by_slideshowid(getRequest('slideshowid'), PERM_READ_WRITE);
74
75	if (!$db_slideshow) {
76		access_deny();
77	}
78}
79else {
80	$db_slideshow = [];
81}
82if (hasRequest('action')) {
83	if (!hasRequest('shows') || !is_array(getRequest('shows'))) {
84		access_deny();
85	}
86	else {
87		$slideshows = DBfetchArray(DBselect(
88			'SELECT slideshowid FROM slideshows s WHERE '.dbConditionInt('s.slideshowid', getRequest('shows'))
89		));
90
91		if (count($slideshows) != count(getRequest('shows'))) {
92			uncheckTableRows(null, zbx_objectValues($slideshows, 'slideshowid'));
93		}
94	}
95}
96
97/*
98 * Actions
99 */
100if (hasRequest('add') || hasRequest('update')) {
101	DBstart();
102
103	$slides = getRequest('slides', []);
104
105	foreach ($slides as &$slide) {
106		$slide['delay'] = ($slide['delay'] === '') ? '0' : $slide['delay'];
107	}
108	unset($slide);
109
110	if (hasRequest('update')) {
111		$data = [
112			'slideshowid' => getRequest('slideshowid'),
113			'name' => getRequest('name'),
114			'delay' => getRequest('delay'),
115			'slides' => $slides,
116			'userid' => getRequest('userid', ''),
117			'private' => getRequest('private'),
118			'users' => getRequest('users', []),
119			'userGroups' => getRequest('userGroups', [])
120		];
121
122		// Only administrators can set slide show owner.
123		if (CWebUser::getType() == USER_TYPE_ZABBIX_USER) {
124			unset($data['userid']);
125		}
126		// Slide show update with inaccessible user.
127		elseif (CWebUser::getType() == USER_TYPE_ZABBIX_ADMIN && $data['userid'] === '') {
128			$user_exist = API::User()->get([
129				'output' => ['userid'],
130				'userids' => [$data['userid']]
131			]);
132
133			if (!$user_exist) {
134				unset($data['userid']);
135			}
136		}
137
138		$result = update_slideshow($data);
139
140		$messageSuccess = _('Slide show updated');
141		$messageFailed = _('Cannot update slide show');
142		$auditAction = AUDIT_ACTION_UPDATE;
143	}
144	else {
145		$result = add_slideshow([
146			'name' => getRequest('name'),
147			'delay' => getRequest('delay'),
148			'slides' => $slides,
149			'userid' => getRequest('userid'),
150			'private' => getRequest('private'),
151			'users' => getRequest('users', []),
152			'userGroups' => getRequest('userGroups', [])
153		]);
154
155		$messageSuccess = _('Slide show added');
156		$messageFailed = _('Cannot add slide show');
157		$auditAction = AUDIT_ACTION_ADD;
158	}
159
160	if ($result) {
161		add_audit($auditAction, AUDIT_RESOURCE_SLIDESHOW, ' Name "'.getRequest('name').'" ');
162		unset($_REQUEST['form'], $_REQUEST['slideshowid']);
163	}
164
165	$result = DBend($result);
166
167	if ($result) {
168		uncheckTableRows();
169	}
170	show_messages($result, $messageSuccess, $messageFailed);
171}
172elseif (isset($_REQUEST['delete']) && isset($_REQUEST['slideshowid'])) {
173	DBstart();
174
175	$result = delete_slideshow($_REQUEST['slideshowid']);
176
177	if ($result) {
178		add_audit(AUDIT_ACTION_DELETE, AUDIT_RESOURCE_SLIDESHOW, ' Name "'.$db_slideshow['name'].'" ');
179	}
180	unset($_REQUEST['slideshowid'], $_REQUEST['form']);
181
182	$result = DBend($result);
183
184	if ($result) {
185		uncheckTableRows();
186	}
187	show_messages($result, _('Slide show deleted'), _('Cannot delete slide show'));
188}
189elseif (hasRequest('action') && getRequest('action') == 'slideshow.massdelete' && hasRequest('shows')) {
190	$result = true;
191
192	$shows = getRequest('shows');
193	DBstart();
194
195	foreach ($shows as $showid) {
196		$result &= delete_slideshow($showid);
197		if (!$result) {
198			break;
199		}
200	}
201
202	$result = DBend($result);
203
204	if ($result) {
205		unset($_REQUEST['form']);
206		uncheckTableRows();
207	}
208	show_messages($result, _('Slide show deleted'), _('Cannot delete slide show'));
209}
210
211/*
212 * Display
213 */
214if (hasRequest('form')) {
215	$current_userid = CWebUser::$data['userid'];
216	$userids[$current_userid] = true;
217	$user_groupids = [];
218
219	$data = [
220		'form' => getRequest('form'),
221		'form_refresh' => getRequest('form_refresh', 0)
222	];
223
224	if (!hasRequest('slideshowid') || hasRequest('form_refresh')) {
225		// Slide show owner.
226		$slideshow_owner = getRequest('userid', $current_userid);
227		$userids[$slideshow_owner] = true;
228
229		foreach (getRequest('users', []) as $user) {
230			$userids[$user['userid']] = true;
231		}
232
233		foreach (getRequest('userGroups', []) as $user_group) {
234			$user_groupids[$user_group['usrgrpid']] = true;
235		}
236	}
237	else {
238		// Slide show owner.
239		$userids[$db_slideshow['userid']] = true;
240
241		$db_slideshow['users'] = DBfetchArray(DBselect(
242			'SELECT s.userid,s.permission'.
243			' FROM slideshow_user s'.
244			' WHERE s.slideshowid='.zbx_dbstr(getRequest('slideshowid'))
245		));
246
247		foreach ($db_slideshow['users'] as $user) {
248			$userids[$user['userid']] = true;
249		}
250
251		$db_slideshow['userGroups'] = DBfetchArray(DBselect(
252			'SELECT s.usrgrpid,s.permission'.
253			' FROM slideshow_usrgrp s'.
254			' WHERE s.slideshowid='.zbx_dbstr(getRequest('slideshowid'))
255		));
256
257		foreach ($db_slideshow['userGroups'] as $user_group) {
258			$user_groupids[$user_group['usrgrpid']] = true;
259		}
260	}
261
262	$data['users'] = API::User()->get([
263		'output' => ['userid', 'alias', 'name', 'surname'],
264		'userids' => array_keys($userids),
265		'preservekeys' => true
266	]);
267
268	$data['user_groups'] = API::UserGroup()->get([
269		'output' => ['usrgrpid', 'name'],
270		'usrgrpids' => array_keys($user_groupids),
271		'preservekeys' => true
272	]);
273
274	if (array_key_exists('slideshowid', $db_slideshow) && !isset($_REQUEST['form_refresh'])) {
275		$data['slideshow'] = [
276			'slideshowid' => $db_slideshow['slideshowid'],
277			'name' => $db_slideshow['name'],
278			'delay' => $db_slideshow['delay'],
279			'userid' => $db_slideshow['userid'],
280			'private' => $db_slideshow['private'],
281			'users' => $db_slideshow['users'],
282			'userGroups' => $db_slideshow['userGroups']
283		];
284
285		// Get slides.
286		$data['slideshow']['slides'] = DBfetchArray(DBselect(
287				'SELECT s.slideid, s.screenid, s.delay'.
288				' FROM slides s'.
289				' WHERE s.slideshowid='.zbx_dbstr($db_slideshow['slideshowid']).
290				' ORDER BY s.step'
291		));
292	}
293	else {
294		$data['slideshow'] = [
295			'slideshowid' => getRequest('slideshowid'),
296			'name' => getRequest('name', ''),
297			'delay' => getRequest('delay', DB::getDefault('slideshows', 'delay')),
298			'slides' => getRequest('slides', []),
299			'private' => getRequest('private', PRIVATE_SHARING),
300			'users' => getRequest('users', []),
301			'userGroups' => getRequest('userGroups', [])
302		];
303		if (hasRequest('form_refresh')) {
304			if (CWebUser::getType() == USER_TYPE_SUPER_ADMIN || CWebUser::getType() == USER_TYPE_ZABBIX_ADMIN) {
305				$data['slideshow']['userid'] = getRequest('userid', '');
306			}
307			else {
308				$data['slideshow']['userid'] = getRequest('userid');
309			}
310		}
311		else {
312			if ($db_slideshow) {
313				$data['slideshow']['userid'] = $db_slideshow['userid'];
314			}
315			else {
316				$data['slideshow']['userid'] = $current_userid;
317			}
318		}
319	}
320
321	foreach ($data['slideshow']['slides'] as &$slide) {
322		$slide['delay'] = $slide['delay'] === '0' ? '' : $slide['delay'];
323	}
324	unset($slide);
325
326	$screenids = [];
327	foreach ($data['slideshow']['slides'] as $slides) {
328		$screenids[] = $slides['screenid'];
329	}
330
331	$data['slideshow']['screens'] = API::Screen()->get([
332		'output' => ['screenid', 'name'],
333		'screenids' => $screenids,
334		'preservekeys' => true
335	]);
336
337	$data['current_user_userid'] = $current_userid;
338
339	// Get slides without delay.
340	$data['slides_without_delay'] = $data['slideshow']['slides'];
341	foreach ($data['slides_without_delay'] as &$slide) {
342		unset($slide['delay']);
343	}
344	unset($slide);
345
346	// render view
347	echo (new CView('monitoring.slideconf.edit', $data))->getOutput();
348}
349else {
350	CProfile::delete('web.slides.elementid');
351
352	$sortField = getRequest('sort', CProfile::get('web.'.$page['file'].'.sort', 'name'));
353	$sortOrder = getRequest('sortorder', CProfile::get('web.'.$page['file'].'.sortorder', ZBX_SORT_UP));
354
355	CProfile::update('web.'.$page['file'].'.sort', $sortField, PROFILE_TYPE_STR);
356	CProfile::update('web.'.$page['file'].'.sortorder', $sortOrder, PROFILE_TYPE_STR);
357
358	if (hasRequest('filter_set')) {
359		CProfile::update('web.slideconf.filter_name', getRequest('filter_name', ''), PROFILE_TYPE_STR);
360	}
361	elseif (hasRequest('filter_rst')) {
362		DBStart();
363		CProfile::delete('web.slideconf.filter_name');
364		DBend();
365	}
366
367	$config = select_config();
368	$limit = $config['search_limit'] + 1;
369
370	$data = [
371		'filter' => [
372			'name' => CProfile::get('web.slideconf.filter_name', '')
373		],
374		'sort' => $sortField,
375		'sortorder' => $sortOrder,
376		'profileIdx' => 'web.slideconf.filter',
377		'active_tab' => CProfile::get('web.slideconf.filter.active', 1)
378	];
379
380	if ($data['filter']['name'] !== '') {
381		// escaping parameter that is about to be used in LIKE statement
382		$pattern = str_replace("!", "!!", $data['filter']['name']);
383		$pattern = str_replace("%", "!%", $pattern);
384		$pattern = str_replace("_", "!_", $pattern);
385
386		$sql_where = ' WHERE UPPER(s.name) LIKE '.zbx_dbstr('%'.mb_strtoupper($pattern).'%')." ESCAPE '!'";
387	}
388	else {
389		$sql_where = '';
390	}
391
392	$data['slides'] = DBfetchArray(DBselect(
393			'SELECT s.slideshowid,s.name,s.delay,COUNT(sl.slideshowid) AS cnt'.
394			' FROM slideshows s'.
395				' LEFT JOIN slides sl ON sl.slideshowid=s.slideshowid'.
396			$sql_where.
397			' GROUP BY s.slideshowid,s.name,s.delay'.
398			' ORDER BY '.(($sortField === 'cnt') ? 'cnt' : 's.'.$sortField)
399	));
400
401	foreach ($data['slides'] as $key => &$slide) {
402		if (!slideshow_accessible($slide['slideshowid'], PERM_READ)) {
403			unset($data['slides'][$key]);
404		}
405		else {
406			$slide['editable'] = (bool) get_slideshow_by_slideshowid($slide['slideshowid'], PERM_READ_WRITE);
407		}
408	}
409	unset($slide);
410
411	order_result($data['slides'], $sortField, $sortOrder);
412
413	if ($sortOrder == ZBX_SORT_UP) {
414		$data['slides'] = array_slice($data['slides'], 0, $limit);
415	}
416	else {
417		$data['slides'] = array_slice($data['slides'], -$limit, $limit);
418	}
419
420	order_result($data['slides'], $sortField, $sortOrder);
421
422	// pager
423	if (hasRequest('page')) {
424		$page_num = getRequest('page');
425	}
426	elseif (isRequestMethod('get') && !hasRequest('cancel')) {
427		$page_num = 1;
428	}
429	else {
430		$page_num = CPagerHelper::loadPage($page['file']);
431	}
432
433	CPagerHelper::savePage($page['file'], $page_num);
434
435	$data['paging'] = CPagerHelper::paginate($page_num, $data['slides'], $sortOrder, new CUrl('slideconf.php'));
436
437	// render view
438	echo (new CView('monitoring.slideconf.list', $data))->getOutput();
439}
440
441require_once dirname(__FILE__).'/include/page_footer.php';
442