Ad Widget

**azurit** · 12-08-2007, 12:12

sorry, i found out that 'zabbix super admin' wasn't able to access all hosts _without_ giving him persmission - super admin should have perm to everything automatically. just replace this line in patch:

Code:

if(!is_null($host_data['userid'])) {

by this line:

Code:

if(!is_null($host_data['userid']) || $user_type == USER_TYPE_SUPER_ADMIN) {

BTW, the similiar fix should be applied to the function 'get_accessible_groups_by_user':

Code:

if(!is_null($group_data['userid']) || $user_type == USER_TYPE_SUPER_ADMIN) {

**azurit** · 12-08-2007, 16:20

i have some other patches which fixies another permissions issues. anyone interested ?

**Palmertree** · 14-08-2007, 21:08

Yes, please submit your patches.

**azurit** · 14-08-2007, 21:38

here goes the patch to fix graphs - after applying, only the user who has the read or write privileges to the host will be able to see it's graphs (you need to apply the first patch in this thread to make this work good):
file charts.php

find this:

Code:

$denyed_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY, PERM_MODE_LT);

replace by this:

Code:

$available_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY,null,null,$ZBX_CURNODEID);

--
find:

Code:

" and h.hostid not in (".$denyed_hosts.") ".

replace:

Code:

" and h.hostid in (".$available_hosts.") ".

--
find:

Code:

" and h.hostid not in (".$denyed_hosts.") and i.itemid=gi.itemid".

replace:

Code:

" and h.hostid in (".$available_hosts.") and i.itemid=gi.itemid".

--
find:

Code:

" and h.hostid not in (".$denyed_hosts.") and i.itemid=gi.itemid".

replace:

Code:

" and h.hostid in (".$available_hosts.") and i.itemid=gi.itemid".

--
find:

Code:

" and i.hostid not in (".$denyed_hosts.") ".

replace:

Code:

" and i.hostid in (".$available_hosts.") ".

--
find:

Code:

" and h.hostid not in (".$denyed_hosts.") ".

replace:

Code:

" and h.hostid not in (".$available_hosts.") ".

--
find:

Code:

" and h.hostid not in (".$denyed_hosts.") ".

replace:

Code:

" and h.hostid in (".$available_hosts.") ".

**azurit** · 14-08-2007, 21:43

patch to fix triggers - after applying, only the user who has the read or write privileges to the host will be able to see it's triggers (you need to apply the first patch in this thread to make this work good):
file tr_status.php

find:

Code:

$result = DBselect("select distinct t.triggerid,t.status,t.description,t.expression,t.priority,".
	" t.lastchange,t.comments,t.url,t.value,h.host from triggers t,hosts h,items i,functions f".
	" where f.itemid=i.itemid and h.hostid=i.hostid and t.triggerid=f.triggerid and t.status=".TRIGGER_STATUS_ENABLED.
	" and t.description $select_cond and i.status=".ITEM_STATUS_ACTIVE.
	" and ".DBid2nodeid("t.triggerid")."=".$ZBX_CURNODEID.
	" and h.hostid not in (".get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY, PERM_MODE_LT).") ". 
	" and h.status=".HOST_STATUS_MONITORED." $cond $sort");

replace:

Code:

$available_hosts = get_accessible_hosts_by_user($USER_DETAILS, PERM_READ_ONLY,null,null,$ZBX_CURNODEID);

$result = DBselect("select distinct t.triggerid,t.status,t.description,t.expression,t.priority,".
	" t.lastchange,t.comments,t.url,t.value,h.host from triggers t,hosts h,items i,functions f".
	" where f.itemid=i.itemid and h.hostid=i.hostid and t.triggerid=f.triggerid and t.status=".TRIGGER_STATUS_ENABLED.
	" and t.description $select_cond and i.status=".ITEM_STATUS_ACTIVE.
	" and ".DBid2nodeid("t.triggerid")."=".$ZBX_CURNODEID.
	" and h.hostid in (".$available_hosts.") ".
	" and h.status=".HOST_STATUS_MONITORED." $cond $sort");

i'm working on some other patches

**Andreas Bollhalder** · 16-08-2007, 12:58

Very good! This should really get into the stable version of 1.4.2. We got interally the same problems.

Andreas

**technow0rker** · 16-08-2007, 16:29

Maybe you guys would better use diff utility?

)) Patch files make our life easier

**azurit** · 16-08-2007, 16:49

here goes the diffs!

there is a little correction in patch for charts.php

Attached Files

**Palmertree** · 18-12-2007, 00:46

I was having issues with permissions and maps and applied your patches and it did the trick. I found the problem was due to the fact have if a host is in two different groups and if a user only had read-only access to that one group but the other group they were denied by default, it would sometimes show the map and sometimes it would not. With this patch I was able to control the behavior better and not allow the user to see the other host in the denied group. I was also able to control admin access as well to which groups they could modify. I had to modify the patch a little by replacing the $ZBX_CURNOIDID with get_current_nodeid() function. Thanks for the patch.

Ad Widget

Patch for Version 1.4.1 to fix Read-Write access

Patch for Version 1.4.1 to fix Read-Write access

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment