mirror of
https://github.com/librenms/librenms.git
synced 2024-09-23 03:18:54 +00:00
Fix permissions in update-dashboard-config.inc.php
This commit is contained in:
parent
f80b10bfa0
commit
26d7851539
@ -9,18 +9,31 @@ $widget_id = mres($_POST['widget_id']);
|
||||
$dasboard_id = mres($_POST['dashboard_id']);
|
||||
|
||||
if ($sub_type == 'remove' && is_numeric($widget_id)) {
|
||||
if ($widget_id == 0 || dbDelete('users_widgets','`user_id`=? AND `user_widget_id`=? AND `dashboard_id`=?', array($_SESSION['user_id'],$widget_id,$dasboard_id))) {
|
||||
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?',array($_SESSION['user_id'],$dasboard_id)) == 1) {
|
||||
if ($widget_id == 0 || dbDelete('users_widgets','`user_widget_id`=? AND `dashboard_id`=?', array($widget_id,$dasboard_id))) {
|
||||
$status = 'ok';
|
||||
$message = '';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$status = 'error';
|
||||
$message = 'ERROR: You have no write access.';
|
||||
}
|
||||
}
|
||||
elseif ($sub_type == 'remove-all') {
|
||||
if (dbDelete('users_widgets','`user_id`=? AND `dashboard_id`=?', array($_SESSION['user_id'],$dasboard_id))) {
|
||||
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?',array($_SESSION['user_id'],$dasboard_id)) == 1) {
|
||||
if (dbDelete('users_widgets','`dashboard_id`=?', array($dasboard_id))) {
|
||||
$status = 'ok';
|
||||
$message = '';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$status = 'error';
|
||||
$message = 'ERROR: You have no write access.';
|
||||
}
|
||||
}
|
||||
elseif ($sub_type == 'add' && is_numeric($widget_id)) {
|
||||
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?',array($_SESSION['user_id'],$dasboard_id)) == 1) {
|
||||
$widget = dbFetchRow('SELECT * FROM `widgets` WHERE `widget_id`=?', array($widget_id));
|
||||
if (is_array($widget)) {
|
||||
list($x,$y) = explode(',',$widget['base_dimensions']);
|
||||
@ -33,16 +46,26 @@ elseif ($sub_type == 'add' && is_numeric($widget_id)) {
|
||||
}
|
||||
}
|
||||
else {
|
||||
$status = 'error';
|
||||
$message = 'ERROR: You have no write access.';
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (dbFetchCell('select 1 from dashboards where (user_id = ? || access = 2) && dashboard_id = ?',array($_SESSION['user_id'],$dasboard_id)) == 1) {
|
||||
$status = 'ok';
|
||||
$message = '';
|
||||
|
||||
foreach ($data as $line) {
|
||||
if (is_array($line)) {
|
||||
$update = array('col'=>$line['col'],'row'=>$line['row'],'size_x'=>$line['size_x'],'size_y'=>$line['size_y']);
|
||||
dbUpdate($update, 'users_widgets', '`user_widget_id`=? AND `user_id`=? AND `dashboard_id`=?', array($line['id'],$_SESSION['user_id'],$dasboard_id));
|
||||
dbUpdate($update, 'users_widgets', '`user_widget_id`=? AND `dashboard_id`=?', array($line['id'],$dasboard_id));
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$status = 'error';
|
||||
$message = 'ERROR: You have no write access.';
|
||||
}
|
||||
}
|
||||
|
||||
$response = array(
|
||||
'status' => $status,
|
||||
|
Loading…
Reference in New Issue
Block a user