clones/librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-09-21 10:28:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Device group based access (#10568)

Browse Source 
* Device group based access

* Use Permissions class to resolve permissions

Also give port access based on device access

* Convert more pages to use Permissions class

* shorten config setting name
use Eloquent relationships in several places
alphabetize config_definitions.json

* Change Models and Permissions

* Clean up ajax_search LIMIT sql

* Convert more pages to use Permissions class

Co-authored-by: Tony Murray <murraytony@gmail.com>
This commit is contained in:
Jellyfrog 2019-12-30 12:11:26 +01:00 committed by GitHub
parent 1998b8dd00
commit b361710148
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
44 changed files with 402 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
LibreNMS/Authentication/MysqlAuthorizer.php
View File

@ -144,6 +144,7 @@ class MysqlAuthorizer extends AuthorizerBase
// could be used on cli, use Eloquent helper
Eloquent::DB()->table('bill_perms')->where('user_id', $user_id)->delete();
Eloquent::DB()->table('devices_perms')->where('user_id', $user_id)->delete();
Eloquent::DB()->table('devices_group_perms')->where('user_id', $user_id)->delete();
Eloquent::DB()->table('ports_perms')->where('user_id', $user_id)->delete();
Eloquent::DB()->table('users_prefs')->where('user_id', $user_id)->delete();

18
LibreNMS/IRCBot.php
View File

@ -545,13 +545,8 @@ class IRCBot
$this->user['level'] = LegacyAuth::get()->getUserlevel($user['username']);
$this->user['expire'] = (time() + ($this->config['irc_authtime'] * 3600));
if ($this->user['level'] < 5) {
foreach (dbFetchRows('SELECT device_id FROM devices_perms WHERE user_id = ?', array($this->user['id'])) as $tmp) {
$this->user['devices'][] = $tmp['device_id'];
}
foreach (dbFetchRows('SELECT port_id FROM ports_perms WHERE user_id = ?', array($this->user['id'])) as $tmp) {
$this->user['ports'][] = $tmp['port_id'];
}
$this->user['devices'] = Permissions::devicesForUser($this->user['id'])->toArray();
$this->user['ports'] = Permissions::portsForUser($this->user['id'])->toArray();
}
if ($this->debug) {
$this->log("HostAuth on irc for '".$user['username']."', ID: '".$user_id."', Host: '".$host);
@ -581,13 +576,8 @@ class IRCBot
$tmp = LegacyAuth::get()->getUserlevel($tmp_user['username']);
$this->user['level'] = $tmp;
if ($this->user['level'] < 5) {
foreach (dbFetchRows('SELECT device_id FROM devices_perms WHERE user_id = ?', array($this->user['id'])) as $tmp) {
$this->user['devices'][] = $tmp['device_id'];
}
foreach (dbFetchRows('SELECT port_id FROM ports_perms WHERE user_id = ?', array($this->user['id'])) as $tmp) {
$this->user['ports'][] = $tmp['port_id'];
}
$this->user['devices'] = Permissions::devicesForUser($this->user['id'])->toArray();
$this->user['ports'] = Permissions::portsForUser($this->user['id'])->toArray();
}
return $this->respond('Authenticated.');

24
LibreNMS/Permissions.php
View File

@ -31,6 +31,7 @@ use App\Models\Port;
use App\Models\User;
use Auth;
use DB;
use LibreNMS\Config;
class Permissions
{
@ -140,7 +141,7 @@ class Permissions
}
/**
* Get a list of port_id of all ports the user can access
* Get a list of port_id of all ports the user can access directly
*
* @param User|int $user
* @return \Illuminate\Support\Collection
@ -153,7 +154,7 @@ class Permissions
}
/**
* Get a list of bill_id of all bills the user can access
* Get a list of bill_id of all bills the user can access directly
*
* @param User|int $user
* @return \Illuminate\Support\Collection
@ -193,7 +194,9 @@ class Permissions
public function getDevicePermissions()
{
if (is_null($this->devicePermissions)) {
$this->devicePermissions = DB::table('devices_perms')->get();
$this->devicePermissions = DB::table('devices_perms')
->union($this->getDeviceGroupPermissionsQuery())
->get();
}
return $this->devicePermissions;
@ -262,4 +265,19 @@ class Permissions
{
return $bill instanceof Bill ? $bill->bill_id : (is_numeric($bill) ? (int)$bill : 0);
}
/**
* @return \Illuminate\Database\Query\Builder
*/
public function getDeviceGroupPermissionsQuery()
{
return DB::table('devices_group_perms')
->select('devices_group_perms.user_id', 'device_group_device.device_id')
->join('device_group_device', 'device_group_device.device_group_id', '=', 'devices_group_perms.device_group_id')
->when(!Config::get('permission.device_group.allow_dynamic'), function ($query) {
return $query
->join('device_groups', 'device_groups.id', '=', 'devices_group_perms.device_group_id')
->where('device_groups.type', 'static');
});
}
}

5
app/Models/Device.php
View File

@ -15,6 +15,7 @@ use LibreNMS\Util\IPv4;
use LibreNMS\Util\IPv6;
use LibreNMS\Util\Url;
use LibreNMS\Util\Time;
use Permissions;
class Device extends BaseModel
{
@ -284,9 +285,7 @@ class Device extends BaseModel
return true;
}
return DB::table('devices_perms')
->where('user_id', $user->user_id)
->where('device_id', $this->device_id)->exists();
return Permissions::canAccessDevice($this->device_id, $user->user_id);
}
public function formatUptime($short = false)

5
app/Models/DeviceGroup.php
View File

@ -149,4 +149,9 @@ class DeviceGroup extends BaseModel
{
return $this->belongsToMany('App\Models\Service', 'device_group_device', 'device_group_id', 'device_id');
}
public function users()
{
return $this->belongsToMany('App\Models\User', 'devices_group_perms', 'device_group_id', 'user_id');
}
}

13
app/Models/Port.php
View File

@ -5,6 +5,7 @@ namespace App\Models;
use DB;
use Illuminate\Database\Eloquent\Builder;
use LibreNMS\Util\Rewrite;
use Permissions;
class Port extends DeviceRelatedModel
{
@ -62,7 +63,7 @@ class Port extends DeviceRelatedModel
/**
* Check if user can access this port.
*
* @param User $user
* @param User|int $user
* @return bool
*/
public function canAccess($user)
@ -75,15 +76,7 @@ class Port extends DeviceRelatedModel
return true;
}
$port_query = DB::table('ports_perms')
->where('user_id', $user->user_id)
->where('port_id', $this->port_id);
$device_query = DB::table('devices_perms')
->where('user_id', $user->user_id)
->where('device_id', $this->device_id);
return $port_query->union($device_query)->exists();
return Permissions::canAccessDevice($this->device_id, $user) || Permissions::canAccessPort($this->port_id, $user);
}
// ---- Accessors/Mutators ----

26
app/Models/User.php
View File

@ -7,6 +7,7 @@ use Illuminate\Database\Eloquent\Builder;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use LibreNMS\Authentication\LegacyAuth;
use Permissions;
class User extends Authenticatable
{
@ -83,7 +84,7 @@ class User extends Authenticatable
*/
public function canAccessDevice($device)
{
return $this->hasGlobalRead() || $this->devices->contains($device);
return $this->hasGlobalRead() || Permissions::canAccessDevice($device, $this->user_id);
}
/**
@ -163,6 +164,15 @@ class User extends Authenticatable
$this->attributes['enabled'] = $enable ? 1 : 0;
}
public function getDevicesAttribute()
{
// pseudo relation
if (!array_key_exists('devices', $this->relations)) {
$this->setRelation('devices', $this->devices()->get());
}
return $this->getRelation('devices');
}
// ---- Define Relationships ----
public function apiToken()
@ -172,11 +182,15 @@ class User extends Authenticatable
public function devices()
{
if ($this->hasGlobalRead()) {
return Device::query();
} else {
return $this->belongsToMany('App\Models\Device', 'devices_perms', 'user_id', 'device_id');
}
// pseudo relation
return Device::query()->when(!$this->hasGlobalRead(), function ($query) {
return $query->whereIn('device_id', Permissions::devicesForUser($this));
});
}
public function deviceGroups()
{
return $this->belongsToMany('App\Models\DeviceGroup', 'devices_group_perms', 'user_id', 'device_group_id');
}
public function ports()

2
config/librenms.php
View File

@ -23,7 +23,7 @@ return [
/*
|--------------------------------------------------------------------------
| User
| Group
|--------------------------------------------------------------------------
|
| This value is the group LibreNMS runs as. It is used to secure permissions

32
database/migrations/2019_10_21_105350_devices_group_perms.php Normal file
View File

@ -0,0 +1,32 @@
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class DevicesGroupPerms extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('devices_group_perms', function (Blueprint $table) {
$table->unsignedInteger('user_id')->index();
$table->unsignedInteger('device_group_id')->index();
$table->primary(['device_group_id','user_id']);
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::dropIfExists('devices_group_perms');
}
}

102
html/ajax_search.php
View File

@ -20,6 +20,14 @@ if (isset($_REQUEST['search'])) {
if (strlen($search) > 0) {
$found = 0;
if (!Auth::user()->hasGlobalRead()) {
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$perms_sql = "`D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
} else {
$device_ids = [];
$perms_sql = "1";
}
if ($_REQUEST['type'] == 'group') {
foreach (dbFetchRows("SELECT id,name FROM device_groups WHERE name LIKE ?", ["%$search%"]) as $group) {
if ($_REQUEST['map']) {
@ -43,13 +51,13 @@ if (isset($_REQUEST['search'])) {
// Device search
if (Auth::user()->hasGlobalRead()) {
$results = dbFetchRows(
"SELECT * FROM `devices` LEFT JOIN `locations` ON `locations`.`id` = `devices`.`location_id` WHERE `devices`.`hostname` LIKE ? OR `locations`.`location` LIKE ? OR `devices`.`sysName` LIKE ? OR `devices`.`purpose` LIKE ? OR `devices`.`notes` LIKE ? ORDER BY `devices`.hostname LIMIT " . $limit,
["%$search%", "%$search%", "%$search%", "%$search%", "%$search%"]
"SELECT * FROM `devices` LEFT JOIN `locations` ON `locations`.`id` = `devices`.`location_id` WHERE `devices`.`hostname` LIKE ? OR `locations`.`location` LIKE ? OR `devices`.`sysName` LIKE ? OR `devices`.`purpose` LIKE ? OR `devices`.`notes` LIKE ? ORDER BY `devices`.hostname LIMIT ?",
["%$search%", "%$search%", "%$search%", "%$search%", "%$search%", $limit]
);
} else {
$results = dbFetchRows(
"SELECT * FROM `devices` AS `D` INNER JOIN `devices_perms` AS `P` ON `P`.`device_id` = `D`.`device_id` LEFT JOIN `locations` ON `locations`.`id` = `D`.`location_id` WHERE `P`.`user_id` = ? AND (D.`hostname` LIKE ? OR D.`sysName` LIKE ? OR `locations`.`location` LIKE ?) ORDER BY hostname LIMIT " . $limit,
[Auth::id(), "%$search%", "%$search%", "%$search%"]
"SELECT * FROM `devices` AS `D` LEFT JOIN `locations` ON `locations`.`id` = `D`.`location_id` WHERE $perms_sql AND (D.`hostname` LIKE ? OR D.`sysName` LIKE ? OR `locations`.`location` LIKE ?) ORDER BY hostname LIMIT ?",
array_merge($device_ids, ["%$search%", "%$search%", "%$search%", $limit])
);
}
@ -72,11 +80,8 @@ if (isset($_REQUEST['search'])) {
$highlight_colour = '#008000';
}
if (Auth::user()->hasGlobalRead()) {
$num_ports = dbFetchCell('SELECT COUNT(*) FROM `ports` WHERE device_id = ?', [$result['device_id']]);
} else {
$num_ports = dbFetchCell('SELECT COUNT(*) FROM `ports` AS `I`, `devices` AS `D`, `devices_perms` AS `P` WHERE `P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id` AND `I`.`device_id` = `D`.`device_id` AND D.device_id = ?', [Auth::id(), $result['device_id']]);
}
$num_ports = dbFetchCell('SELECT COUNT(*) FROM `ports` AS `I`, `devices` AS `D` WHERE $perms_sql AND `I`.`device_id` = `D`.`device_id` AND D.device_id = ?', array_merge($device_ids, [$result['device_id']]));
$device[] = array(
'name' => $name,
@ -99,13 +104,13 @@ if (isset($_REQUEST['search'])) {
// Search ports
if (Auth::user()->hasGlobalRead()) {
$results = dbFetchRows(
"SELECT `ports`.*,`devices`.* FROM `ports` LEFT JOIN `devices` ON `ports`.`device_id` = `devices`.`device_id` WHERE `ifAlias` LIKE ? OR `ifDescr` LIKE ? OR `ifName` LIKE ? ORDER BY ifDescr LIMIT ".$limit,
["%$search%", "%$search%", "%$search%"]
"SELECT `ports`.*,`devices`.* FROM `ports` LEFT JOIN `devices` ON `ports`.`device_id` = `devices`.`device_id` WHERE `ifAlias` LIKE ? OR `ifDescr` LIKE ? OR `ifName` LIKE ? ORDER BY ifDescr LIMIT ?",
["%$search%", "%$search%", "%$search%", $limit]
);
} else {
$results = dbFetchRows(
"SELECT DISTINCT(`I`.`port_id`), `I`.*, `D`.`hostname` FROM `ports` AS `I`, `devices` AS `D`, `devices_perms` AS `P`, `ports_perms` AS `PP` WHERE ((`P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id`) OR (`PP`.`user_id` = ? AND `PP`.`port_id` = `I`.`port_id` AND `I`.`device_id` = `D`.`device_id`)) AND `D`.`device_id` = `I`.`device_id` AND (`ifAlias` LIKE ? OR `ifDescr` LIKE ? OR `ifName` LIKE ?) ORDER BY ifDescr LIMIT ".$limit,
[Auth::id(), Auth::id(), "%$search%", "%$search%", "%$search%"]
"SELECT DISTINCT(`I`.`port_id`), `I`.*, `D`.`hostname` FROM `ports` AS `I`, `devices` AS `D` WHERE $perms_sql AND `D`.`device_id` = `I`.`device_id` AND (`ifAlias` LIKE ? OR `ifDescr` LIKE ? OR `ifName` LIKE ?) ORDER BY ifDescr LIMIT ?",
array_merge($device_ids, ["%$search%", "%$search%", "%$search%", $limit])
);
}
@ -149,17 +154,10 @@ if (isset($_REQUEST['search'])) {
die($json);
} elseif ($_REQUEST['type'] == 'bgp') {
// Search bgp peers
if (Auth::user()->hasGlobalRead()) {
$results = dbFetchRows(
"SELECT `bgpPeers`.*,`devices`.* FROM `bgpPeers` LEFT JOIN `devices` ON `bgpPeers`.`device_id` = `devices`.`device_id` WHERE `astext` LIKE ? OR `bgpPeerIdentifier` LIKE ? OR `bgpPeerRemoteAs` LIKE ? ORDER BY `astext` LIMIT " . $limit,
["%$search%", "%$search%", "%$search%"]
);
} else {
$results = dbFetchRows(
"SELECT `bgpPeers`.*,`D`.* FROM `bgpPeers`, `devices` AS `D`, `devices_perms` AS `P` WHERE `P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id` AND `bgpPeers`.`device_id`=`D`.`device_id` AND (`astext` LIKE ? OR `bgpPeerIdentifier` LIKE ? OR `bgpPeerRemoteAs` LIKE ?) ORDER BY `astext` LIMIT ".$limit,
[Auth::id(), "%$search%", "%$search%", "%$search%"]
);
}
$results = dbFetchRows(
"SELECT `bgpPeers`.*,`D`.* FROM `bgpPeers`, `devices` AS `D` WHERE $perms_sql AND `bgpPeers`.`device_id`=`D`.`device_id` AND (`astext` LIKE ? OR `bgpPeerIdentifier` LIKE ? OR `bgpPeerRemoteAs` LIKE ?) ORDER BY `astext` LIMIT ?",
array_merge($device_ids, ["%$search%", "%$search%", "%$search%", $limit])
);
if (count($results)) {
$found = 1;
@ -205,17 +203,11 @@ if (isset($_REQUEST['search'])) {
die($json);
} elseif ($_REQUEST['type'] == 'applications') {
// Device search
if (Auth::user()->hasGlobalRead()) {
$results = dbFetchRows(
"SELECT * FROM `applications` INNER JOIN `devices` ON devices.device_id = applications.device_id WHERE `app_type` LIKE ? OR `hostname` LIKE ? ORDER BY hostname LIMIT ".$limit,
["%$search%", "%$search%"]
);
} else {
$results = dbFetchRows(
"SELECT * FROM `applications` INNER JOIN `devices` AS `D` ON `D`.`device_id` = `applications`.`device_id` INNER JOIN `devices_perms` AS `P` ON `P`.`device_id` = `D`.`device_id` WHERE `P`.`user_id` = ? AND (`app_type` LIKE ? OR `hostname` LIKE ?) ORDER BY hostname LIMIT ".$limit,
[Auth::id(), "%$search%", "%$search%"]
);
}
$results = dbFetchRows(
"SELECT * FROM `applications` INNER JOIN `devices` AS `D` ON `D`.`device_id` = `applications`.`device_id` WHERE $perms_sql AND (`app_type` LIKE ? OR `hostname` LIKE ?) ORDER BY hostname LIMIT ?",
array_merge($device_ids, ["%$search%", "%$search%", $limit])
);
if (count($results)) {
$found = 1;
@ -252,17 +244,11 @@ if (isset($_REQUEST['search'])) {
die($json);
} elseif ($_REQUEST['type'] == 'munin') {
// Device search
if (Auth::user()->hasGlobalRead()) {
$results = dbFetchRows(
"SELECT * FROM `munin_plugins` INNER JOIN `devices` ON devices.device_id = munin_plugins.device_id WHERE `mplug_type` LIKE ? OR `mplug_title` LIKE ? OR `hostname` LIKE ? ORDER BY hostname LIMIT ".$limit,
["%$search%", "%$search%", "%$search%"]
);
} else {
$results = dbFetchRows(
"SELECT * FROM `munin_plugins` INNER JOIN `devices` AS `D` ON `D`.`device_id` = `munin_plugins`.`device_id` INNER JOIN `devices_perms` AS `P` ON `P`.`device_id` = `D`.`device_id` WHERE `P`.`user_id` = ? AND (`mplug_type` LIKE ? OR `mplug_title` LIKE ? OR `hostname` LIKE ?) ORDER BY hostname LIMIT ".$limit,
[Auth::id(), "%$search%", "%$search%", "%$search%"]
);
}
$results = dbFetchRows(
"SELECT * FROM `munin_plugins` INNER JOIN `devices` AS `D` ON `D`.`device_id` = `munin_plugins`.`device_id` WHERE $perms_sql AND (`mplug_type` LIKE ? OR `mplug_title` LIKE ? OR `hostname` LIKE ?) ORDER BY hostname LIMIT ?",
array_merge($device_ids, ["%$search%", "%$search%", "%$search%", $limit])
);
if (count($results)) {
$found = 1;
@ -299,17 +285,11 @@ if (isset($_REQUEST['search'])) {
die($json);
} elseif ($_REQUEST['type'] == 'iftype') {
// Device search
if (Auth::user()->hasGlobalRead()) {
$results = dbFetchRows(
"SELECT `ports`.ifType FROM `ports` WHERE `ifType` LIKE ? GROUP BY ifType ORDER BY ifType LIMIT ".$limit,
["%$search%"]
);
} else {
$results = dbFetchRows(
"SELECT `I`.ifType FROM `ports` AS `I`, `devices` AS `D`, `devices_perms` AS `P`, `ports_perms` AS `PP` WHERE ((`P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id`) OR (`PP`.`user_id` = ? AND `PP`.`port_id` = `I`.`port_id` AND `I`.`device_id` = `D`.`device_id`)) AND `D`.`device_id` = `I`.`device_id` AND (`ifType` LIKE ?) GROUP BY ifType ORDER BY ifType LIMIT ".$limit,
[Auth::id(), Auth::id(), "%$search%"]
);
}
$results = dbFetchRows(
"SELECT `ports`.ifType FROM `ports` WHERE $perms_sql AND `ifType` LIKE ? GROUP BY ifType ORDER BY ifType LIMIT ?",
array_merge($device_ids, ["%$search%", $limit])
);
if (count($results)) {
$found = 1;
$devices = count($results);
@ -327,13 +307,13 @@ if (isset($_REQUEST['search'])) {
// Device search
if (Auth::user()->hasGlobalRead()) {
$results = dbFetchRows(
"SELECT `bills`.bill_id, `bills`.bill_name FROM `bills` WHERE `bill_name` LIKE ? OR `bill_notes` LIKE ? LIMIT ".$limit,
["%$search%", "%$search%"]
"SELECT `bills`.bill_id, `bills`.bill_name FROM `bills` WHERE `bill_name` LIKE ? OR `bill_notes` LIKE ? LIMIT ?",
["%$search%", "%$search%", $limit]
);
} else {
$results = dbFetchRows(
"SELECT `bills`.bill_id, `bills`.bill_name FROM `bills` INNER JOIN `bill_perms` ON `bills`.bill_id = `bill_perms`.bill_id WHERE `bill_perms`.user_id = ? AND (`bill_name` LIKE ? OR `bill_notes` LIKE ?) LIMIT ".$limit,
[Auth::id(), "%$search%", "%$search%"]
"SELECT `bills`.bill_id, `bills`.bill_name FROM `bills` INNER JOIN `bill_perms` ON `bills`.bill_id = `bill_perms`.bill_id WHERE `bill_perms`.user_id = ? AND (`bill_name` LIKE ? OR `bill_notes` LIKE ?) LIMIT ?",
[Auth::id(), "%$search%", "%$search%", $limit]
);
}
$json = json_encode($results);

2
html/js/vendor.js
View File

File diff suppressed because one or more lines are too long

14
html/mix-manifest.json
View File

@ -2,11 +2,11 @@
"/js/app.js": "/js/app.js?id=d074dd82ac08dba78c44",
"/css/app.css": "/css/app.css?id=17e56994706c74ee9663",
"/js/manifest.js": "/js/manifest.js?id=3c768977c2574a34506e",
"/js/vendor.js": "/js/vendor.js?id=00c1d21ecfea78860e09",
"/js/lang/de.js": "/js/lang/de.js?id=e0623715e8df0895188b",
"/js/lang/en.js": "/js/lang/en.js?id=116363543952443ac4cb",
"/js/lang/fr.js": "/js/lang/fr.js?id=2d1159debd99a1909f12",
"/js/lang/ru.js": "/js/lang/ru.js?id=b007ddce75134acbe635",
"/js/lang/uk.js": "/js/lang/uk.js?id=146819d3cf1dfb16672d",
"/js/lang/zh-TW.js": "/js/lang/zh-TW.js?id=f57574a3892e5990ecbc"
"/js/vendor.js": "/js/vendor.js?id=8903cec9b99453318869",
"/js/lang/de.js": "/js/lang/de.js?id=04de715032d1fe1584d9",
"/js/lang/en.js": "/js/lang/en.js?id=368d06aa81687a47cbdf",
"/js/lang/fr.js": "/js/lang/fr.js?id=51f0ee3b59a7dace8913",
"/js/lang/ru.js": "/js/lang/ru.js?id=d1a4a7e38c1e19a9f35f",
"/js/lang/uk.js": "/js/lang/uk.js?id=a4f38c7e0cfec6593e8e",
"/js/lang/zh-TW.js": "/js/lang/zh-TW.js?id=d973da2eac4a300af36d"
}

7
includes/caches/alerts.inc.php
View File

@ -3,8 +3,11 @@
if (Auth::user()->hasGlobalRead()) {
$data['active_count'] = array('query' => 'SELECT COUNT(`alerts`.`id`) FROM `alerts` LEFT JOIN `devices` ON `alerts`.`device_id`=`devices`.`device_id` RIGHT JOIN `alert_rules` ON `alerts`.`rule_id`=`alert_rules`.`id` WHERE 1 AND `alerts`.`state` NOT IN (0,2) AND `devices`.`disabled` = 0 AND `devices`.`ignore` = 0');
} else {
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$perms_sql = "`D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$data['active_count'] = array(
'query' => 'SELECT COUNT(`alerts`.`id`) FROM `alerts` LEFT JOIN `devices` ON `alerts`.`device_id`=`devices`.`device_id` LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id` RIGHT JOIN `alert_rules` ON `alerts`.`rule_id`=`alert_rules`.`id` WHERE 1 AND `alerts`.`state` NOT IN (0,2) AND `devices`.`disabled` = 0 AND `devices`.`ignore` = 0 AND `DP`.`user_id`=?',
'params' => array(Auth::id()),
'query' => 'SELECT COUNT(`alerts`.`id`) FROM `alerts` LEFT JOIN `devices` ON `alerts`.`device_id`=`devices`.`device_id` RIGHT JOIN `alert_rules` ON `alerts`.`rule_id`=`alert_rules`.`id` WHERE $perms_sql AND `alerts`.`state` NOT IN (0,2) AND `devices`.`disabled` = 0 AND `devices`.`ignore` = 0',
'params' => $device_ids
);
}

23
includes/caches/devices.inc.php
View File

@ -11,28 +11,31 @@ if (Auth::user()->hasGlobalRead()) {
$data['disabled'] = array('query' => "SELECT COUNT(*) FROM devices WHERE `disabled` = '1'");
} else {
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$perms_sql = "`D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$data['count'] = array(
'query' => 'SELECT COUNT(*) FROM devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id`',
'params' => array(Auth::id()),
'query' => 'SELECT COUNT(*) FROM devices AS D WHERE $perms_sql',
'params' => $device_ids
);
$data['up'] = array(
'query' => "SELECT COUNT(*) FROM devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id` AND D.`status` = '1' AND D.`ignore` = '0' AND D.`disabled` = '0'",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM devices AS D WHERE $perms_sql AND D.`status` = '1' AND D.`ignore` = '0' AND D.`disabled` = '0'",
'params' => $device_ids
);
$data['down'] = array(
'query' => "SELECT COUNT(*) FROM devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id` AND D.`status` = '0' AND D.`ignore` = '0' AND D.`disabled` = '0'",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM devices AS D WHERE $perms_sql AND D.`status` = '0' AND D.`ignore` = '0' AND D.`disabled` = '0'",
'params' => $device_ids
);
$data['ignored'] = array(
'query' => "SELECT COUNT(*) FROM devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id` AND D.`ignore` = '1' AND D.`disabled` = '0'",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM devices AS D WHERE $perms_sql AND D.`ignore` = '1' AND D.`disabled` = '0'",
'params' => $device_ids
);
$data['disabled'] = array(
'query' => "SELECT COUNT(*) FROM devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id` AND D.`disabled` = '1'",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM devices AS D WHERE $perms_sql AND D.`disabled` = '1'",
'params' => $device_ids
);
}//end if

27
includes/caches/ports.inc.php
View File

@ -13,33 +13,36 @@ if (Auth::user()->hasGlobalRead()) {
$data['ignored'] = array('query' => "SELECT COUNT(*) FROM ports AS I, devices AS D WHERE I.`deleted` = '0' AND D.`device_id` = I.`device_id` AND (I.`ignore` = '1' OR D.`ignore` = '1')");
} else {
$device_ids = Permissions::portsForUser()->toArray() ?: [0];
$perms_sql = "`I`.`port_id` IN " .dbGenPlaceholders(count($device_ids));
$data['count'] = array(
'query' => "SELECT COUNT(*) FROM ports AS I, devices AS D, devices_perms AS P WHERE I.`deleted` = '0' AND P.`user_id` = ? AND P.`device_id` = D.`device_id` AND I.`device_id` = D.`device_id`",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM ports AS I WHERE $perms_sql AND I.`deleted` = '0'",
'params' => $device_ids
);
$data['up'] = array(
'query' => "SELECT COUNT(*) FROM ports AS I, devices AS D, devices_perms AS P WHERE I.`deleted` = '0' AND P.`user_id` = ? AND P.`device_id` = D.`device_id` AND I.`device_id` = D.`device_id` AND I.`ignore` = '0' AND D.`ignore` = '0' AND I.`ifOperStatus` = 'up'",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM ports AS I, devices AS D WHERE $perms_sql AND I.`deleted` = '0' AND I.`device_id` = D.`device_id` AND I.`ignore` = '0' AND D.`ignore` = '0' AND I.`ifOperStatus` = 'up'",
'params' => $device_ids
);
$data['down'] = array(
'query' => "SELECT COUNT(*) FROM ports AS I, devices AS D, devices_perms AS P WHERE I.`deleted` = '0' AND P.`user_id` = ? AND P.`device_id` = D.`device_id` AND I.`device_id` = D.`device_id` AND I.`ignore` = '0' AND D.`ignore` = '0' AND I.`ifOperStatus` = 'down' AND I.`ifAdminStatus` = 'up'",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM ports AS I, devices AS D WHERE $perms_sql AND I.`deleted` = '0' AND I.`device_id` = D.`device_id` AND I.`ignore` = '0' AND D.`ignore` = '0' AND I.`ifOperStatus` = 'down' AND I.`ifAdminStatus` = 'up'",
'params' => $device_ids
);
$data['shutdown'] = array(
'query' => "SELECT COUNT(*) FROM ports AS I, devices AS D, devices_perms AS P WHERE I.`deleted` = '0' AND P.`user_id` = ? AND P.`device_id` = D.`device_id` AND I.`device_id` = D.`device_id` AND I.`ignore` = '0' AND D.`ignore` = '0' AND I.`ifAdminStatus` = 'down'",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM ports AS I, devices AS D WHERE $perms_sql AND I.`deleted` = '0' AND I.`device_id` = D.`device_id` AND I.`ignore` = '0' AND D.`ignore` = '0' AND I.`ifAdminStatus` = 'down'",
'params' => $device_ids
);
$data['errored'] = array(
'query' => "SELECT COUNT(*) FROM ports AS I, devices AS D, devices_perms AS P WHERE I.`deleted` = '0' AND P.`user_id` = ? AND P.`device_id` = D.`device_id` AND I.`device_id` = D.`device_id` AND I.`ignore` = '0' AND D.`ignore` = '0' AND (I.`ifInErrors_delta` > '0' OR I.`ifOutErrors_delta` > '0')",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM ports AS I, devices AS D WHERE $perms_sql AND I.`deleted` = '0' AND I.`device_id` = D.`device_id` AND I.`ignore` = '0' AND D.`ignore` = '0' AND (I.`ifInErrors_delta` > '0' OR I.`ifOutErrors_delta` > '0')",
'params' => $device_ids
);
$data['ignored'] = array(
'query' => "SELECT COUNT(*) FROM ports AS I, devices AS D, devices_perms AS P WHERE I.`deleted` = '0' AND P.`user_id` = ? AND P.`device_id` = D.`device_id` AND I.`device_id` = D.`device_id` AND (I.`ignore` = '1' OR D.`ignore` = '1')",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM ports AS I, devices AS D WHERE $perms_sql AND I.`deleted` = '0' AND I.`device_id` = D.`device_id` AND (I.`ignore` = '1' OR D.`ignore` = '1')",
'params' => $device_ids
);
}//end if

23
includes/caches/services.inc.php
View File

@ -7,28 +7,31 @@ if (Auth::user()->hasGlobalRead()) {
$data['ignored'] = array( 'query' => "SELECT COUNT(*) FROM services WHERE `service_ignore` = '1' AND `service_disabled` = '0'");
$data['disabled'] = array( 'query' => "SELECT COUNT(*) FROM services WHERE `service_disabled` = '1'");
} else {
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$perms_sql = "`S`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$data['count'] = array(
'query' => 'SELECT COUNT(*) FROM services AS S, devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id` AND S.`device_id` = D.`device_id`',
'params' => array(Auth::id()),
'query' => 'SELECT COUNT(*) FROM services AS S WHERE $perms_sql',
'params' => $device_ids
);
$data['up'] = array(
'query' => "SELECT COUNT(*) FROM services AS S, devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id` AND S.`device_id` = D.`device_id` AND S.`service_ignore` = '0' AND S.`service_disabled` = '0' AND S.`service_status` = '0'",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM services AS S WHERE $perms_sql AND S.`service_ignore` = '0' AND S.`service_disabled` = '0' AND S.`service_status` = '0'",
'params' => $device_ids
);
$data['down'] = array(
'query' => "SELECT COUNT(*) FROM services AS S, devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id` AND S.`device_id` = D.`device_id` AND S.`service_ignore` = '0' AND S.`service_disabled` = '0' AND S.`service_status` = '2'",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM services AS S WHERE $perms_sql AND S.`service_ignore` = '0' AND S.`service_disabled` = '0' AND S.`service_status` = '2'",
'params' => $device_ids
);
$data['ignored'] = array(
'query' => "SELECT COUNT(*) FROM services AS S, devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id` AND S.`device_id` = D.`device_id` AND S.`service_ignore` = '1' AND S.`service_disabled` = '0'",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM services AS S WHERE $perms_sql AND S.`service_ignore` = '1' AND S.`service_disabled` = '0'",
'params' => $device_ids
);
$data['disabled'] = array(
'query' => "SELECT COUNT(*) FROM services AS S, devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id` AND S.`device_id` = D.`device_id` AND S.`service_disabled` = '1'",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(*) FROM services AS S WHERE $perms_sql AND S.`service_disabled` = '1'",
'params' => $device_ids
);
}//end if

7
includes/caches/toner.inc.php
View File

@ -3,8 +3,11 @@
if (Auth::user()->hasGlobalRead()) {
$data['count'] = array('query' => "SELECT COUNT(`toner_id`) FROM toner");
} else {
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$perms_sql = "`toner`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$data['count'] = array(
'query' => "SELECT COUNT(`toner_id`) FROM toner AS T, devices AS D, devices_perms AS P WHERE P.`user_id` = ? AND P.`device_id` = D.`device_id` AND T.`device_id` = D.`device_id`",
'params' => array(Auth::id()),
'query' => "SELECT COUNT(`toner_id`) FROM toner WHERE $perms_sql",
'params' => $device_ids
);
}

10
includes/html/common/worldmap.inc.php
View File

@ -91,14 +91,16 @@ var greenMarker = L.AwesomeMarkers.icon({
$param = $show_status;
} else {
// Normal user - grab devices that user has permissions to
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$sql = "SELECT DISTINCT(`devices`.`device_id`) as `device_id`,`location`,`sysName`,`hostname`,`os`,`status`,`lat`,`lng`
FROM `devices_perms`, `devices`
FROM `devices`
LEFT JOIN `locations` ON `devices`.location_id=`locations`.`id`
WHERE `disabled`=0 AND `ignore`=0 AND ((`lat` != '' AND `lng` != '') OR (`location` REGEXP '\[[0-9\.\, ]+\]'))
AND `devices`.`device_id` = `devices_perms`.`device_id`
AND `devices_perms`.`user_id` = ? AND `status` IN " . dbGenPlaceholders(count($show_status)) .
AND `devices`.`device_id` IN " . dbGenPlaceholders(count($device_ids)) .
" AND `status` IN " . dbGenPlaceholders(count($show_status)) .
" ORDER BY `status` ASC, `hostname`";
$param = array_merge([Auth::id()], $show_status);
$param = array_merge($device_ids, $show_status);
}
foreach (dbFetchRows($sql, $param) as $map_devices) {

6
includes/html/list/devices.inc.php
View File

@ -28,9 +28,9 @@ $where = [];
$params = [];
if (!Auth::user()->hasGlobalRead()) {
$query .= ' LEFT JOIN `devices_perms` USING (`device_id`)';
$where = '`devices_perms`.`user_id`=?';
$params[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where[] = " `devices`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$params = array_merge($params, $device_ids);
}
if (!empty($_REQUEST['search'])) {

71
includes/html/pages/edituser.inc.php
View File

@ -1,5 +1,6 @@
<?php
use App\Models\DeviceGroup;
use App\Models\User;
$no_refresh = true;
@ -32,6 +33,14 @@ if (! Auth::user()->hasGlobalAdmin()) {
}
}
if ($vars['action'] == 'deldevgroupperm') {
$user->deviceGroups()->detach($vars['device_group_id']);
}
if ($vars['action'] == 'adddevgroupperm') {
$user->deviceGroups()->syncWithoutDetaching($vars['device_group_id']);
}
if ($vars['action'] == 'delifperm') {
if (dbFetchCell('SELECT COUNT(*) FROM ports_perms WHERE `port_id` = ? AND `user_id` = ?', array($vars['port_id'], $user_data['user_id']))) {
dbDelete('ports_perms', '`port_id` = ? AND `user_id` = ?', array($vars['port_id'], $user_data['user_id']));
@ -112,7 +121,65 @@ if (! Auth::user()->hasGlobalAdmin()) {
</div>
<button type='submit' class='btn btn-default' name='Submit'>Add</button></form>";
echo "</div>
echo '</div>
<div class="col-md-4">';
// Display devices this users has access to
echo '<h3>Device access via Device Group (beta)</h3>';
echo "<div class='panel panel-default panel-condensed'>
<table class='table table-hover table-condensed table-striped'>
<tr>
<th>Device Group</th>
<th>Action</th>
</tr>";
foreach ($user->deviceGroups as $device_group_perm) {
echo '<tr><td><strong>'.$device_group_perm->name."</td><td> <a href='edituser/action=deldevgroupperm/user_id=".$user->user_id.'/device_group_id='.$device_group_perm->id."'><i class='fa fa-trash fa-lg icon-theme' aria-hidden='true'></i></a></strong></td></tr>";
}
echo '</table>
</div>';
if ($user->deviceGroups->isEmpty()) {
echo 'None Configured';
}
// Display device groups this user doesn't have access to
echo '<h4>Grant access to new Device Group</h4>';
$allow_dynamic = \LibreNMS\Config::get('permission.device_group.allow_dynamic');
if (!$allow_dynamic) {
echo "<i>Dynamic groups are disabled, set permission.device_group.allow_dynamic to enable.</i>";
}
echo "<form class='form-inline' role='form' method='post' action=''>
" . csrf_field() . "
<input type='hidden' value='".$user_data['user_id']."' name='user_id'>
<input type='hidden' value='edituser' name='page'>
<input type='hidden' value='adddevgroupperm' name='action'>
<div class='form-group'>
<label class='sr-only' for='device_group_id'>Device</label>
<select name='device_group_id' id='device_group_id' class='form-control'>";
$device_groups = DeviceGroup::query()
->whereNotIn('id', $user->deviceGroups->pluck('id'))
->when(!$allow_dynamic, function ($query) {
return $query->where('type', 'static');
})
->orderBy('name')
->get(['id', 'name']);
foreach ($device_groups as $group) {
echo '<option value="'.$group->id . '">' . $group->name . '</option>';
}
echo "</select>
</div>
<button type='submit' class='btn btn-default' name='Submit'>Add</button></form>";
echo "</div></div>
<div class='row'>
<div class='col-md-4'>";
echo '<h3>Interface Access</h3>';
@ -143,7 +210,7 @@ if (! Auth::user()->hasGlobalAdmin()) {
echo 'None Configured';
}
// Display devices this user doesn't have access to
// Display interfaces this user doesn't have access to
echo '<h4>Grant access to new interface</h4>';
echo "<form action='' method='post' class='form-horizontal' role='form'>

10
includes/html/pages/fullscreenmap.inc.php
View File

@ -4,12 +4,12 @@
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
* GNU General Public License for more details.
*
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/**
@ -32,7 +32,7 @@ $config['leaflet']['default_lat'] = 65.3258792;
$config['leaflet']['default_lng'] = 14.1115485;
Dag B <dag@bakke.com>
*/
$pagetitle[] = 'Geographical Map';
if (\LibreNMS\Config::get('map.engine') == 'leaflet') {
@ -55,7 +55,7 @@ if (\LibreNMS\Config::get('map.engine') == 'leaflet') {
setStyle();
};
}, false);
function setStyle() {
if(isFullscreen) {
document.getElementsByClassName('navbar-fixed-top')[0].style.display = "none";
@ -64,7 +64,7 @@ if (\LibreNMS\Config::get('map.engine') == 'leaflet') {
document.getElementsByClassName('navbar-fixed-top')[0].style.removeProperty("display");
document.getElementsByTagName('body')[0].style.paddingTop = "50px";
};
};
};
window.dispatchEvent(new Event('resize'));
</script>

36
includes/html/pages/ports.inc.php
View File

@ -13,6 +13,8 @@
* @author LibreNMS Contributors
*/
use App\Models\Port;
$pagetitle[] = "Ports";
// Set Defaults here
@ -162,14 +164,13 @@ if ((isset($vars['searchbar']) && $vars['searchbar'] != "hide") || !isset($vars[
$output .= "<select name='ifSpeed' id='ifSpeed' class='form-control input-sm'>";
$output .= "<option value=''>All Speeds</option>";
if (Auth::user()->hasGlobalRead()) {
$sql = "SELECT `ifSpeed` FROM `ports` GROUP BY `ifSpeed` ORDER BY `ifSpeed`";
} else {
$sql = "SELECT `ifSpeed` FROM `ports` AS `I`, `devices` AS `D`, `devices_perms` AS `P`, `ports_perms` AS `PP` WHERE ((`P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id`) OR (`PP`.`user_id` = ? AND `PP`.`port_id` = `I`.`port_id` AND `I`.`device_id` = `D`.`device_id`)) AND `D`.`device_id` = `I`.`device_id` GROUP BY `ifSpeed` ORDER BY `ifSpeed`";
$param[] = array(Auth::id(), Auth::id());
}
$ifSpeed = Port::select('ifSpeed')
->hasAccess(Auth::user())
->groupBy('ifSpeed')
->orderBy('ifSpeed')
->get();
foreach (dbFetchRows($sql, $param) as $data) {
foreach ($ifSpeed as $data) {
if ($data['ifSpeed']) {
if ($data['ifSpeed'] == $vars['ifSpeed']) {
$speedselected = "selected";
@ -186,14 +187,13 @@ if ((isset($vars['searchbar']) && $vars['searchbar'] != "hide") || !isset($vars[
$output .= "<select name='ifType' id='ifType' class='form-control input-sm'>";
$output .= "<option value=''>All Media</option>";
if (Auth::user()->hasGlobalRead()) {
$sql = "SELECT `ifType` FROM `ports` GROUP BY `ifType` ORDER BY `ifType`";
} else {
$sql = "SELECT `ifType` FROM `ports` AS `I`, `devices` AS `D`, `devices_perms` AS `P`, `ports_perms` AS `PP` WHERE ((`P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id`) OR (`PP`.`user_id` = ? AND `PP`.`port_id` = `I`.`port_id` AND `I`.`device_id` = `D`.`device_id`)) AND `D`.`device_id` = `I`.`device_id` GROUP BY `ifType` ORDER BY `ifType`";
$param[] = array(Auth::id(), Auth::id());
}
$ifType = Port::select('ifType')
->hasAccess(Auth::user())
->groupBy('ifType')
->orderBy('ifType')
->get();
foreach (dbFetchRows($sql, $param) as $data) {
foreach ($ifType as $data) {
if ($data['ifType']) {
if ($data['ifType'] == $vars['ifType']) {
$dataselected = "selected";
@ -214,9 +214,13 @@ if ((isset($vars['searchbar']) && $vars['searchbar'] != "hide") || !isset($vars[
$sql = "SELECT `port_descr_type` FROM `ports` AS `I`, `devices` AS `D`, `devices_perms` AS `P`, `ports_perms` AS `PP` WHERE ((`P`.`user_id` = ? AND `P`.`device_id` = `D`.`device_id`) OR (`PP`.`user_id` = ? AND `PP`.`port_id` = `I`.`port_id` AND `I`.`device_id` = `D`.`device_id`)) AND `D`.`device_id` = `I`.`device_id` GROUP BY `port_descr_type` ORDER BY `port_descr_type`";
$param[] = array(Auth::id(), Auth::id());
}
$ports = dbFetchRows($sql, $param);
$port_descr_type = Port::select('port_descr_type')
->hasAccess(Auth::user())
->groupBy('port_descr_type')
->orderBy('port_descr_type')
->get();
foreach ($ports as $data) {
foreach ($port_descr_type as $data) {
if ($data['port_descr_type']) {
if ($data['port_descr_type'] == $vars['port_descr_type']) {
$portdescrib = "selected";

7
includes/html/pages/search/arp.inc.php
View File

@ -33,11 +33,12 @@ var grid = $("#arp-search").bootgrid({
// Select the devices only with ARP tables
$sql = 'SELECT D.device_id AS device_id, `hostname`, `D`.`sysName` AS `sysName` FROM `ipv4_mac` AS M, `ports` AS P, `devices` AS D';
$param = array();
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `D`.`device_id` = `DP`.`device_id`';
$where .= ' AND `DP`.`user_id`=?';
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$sql .= " WHERE M.port_id = P.port_id AND P.device_id = D.device_id $where GROUP BY `D`.`device_id`, `D`.`hostname`, `D`.`sysName` ORDER BY `hostname`";

8
includes/html/pages/search/fdb.inc.php
View File

@ -36,12 +36,12 @@ var grid = $("#fdb-search").bootgrid({
// Select the devices only with FDB tables
$sql = 'SELECT D.device_id AS device_id, `hostname` FROM `ports_fdb` AS F, `ports` AS P, `devices` AS D';
$param = array();
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `D`.`device_id` = `DP`.`device_id`';
$where .= ' AND `DP`.`user_id`=?';
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$sql .= " WHERE F.port_id = P.port_id AND P.device_id = D.device_id $where GROUP BY `D`.`device_id`, `D`.`hostname` ORDER BY `hostname`";

7
includes/html/pages/search/ipv4.inc.php
View File

@ -30,11 +30,12 @@ var grid = $("#ipv4-search").bootgrid({
<?php
$sql = 'SELECT `devices`.`device_id`,`hostname`,`sysName` FROM `devices`';
$param = [];
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`';
$where .= ' WHERE `DP`.`user_id`=?';
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " WHERE `devices`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$sql .= " $where ORDER BY `hostname`";

7
includes/html/pages/search/ipv6.inc.php
View File

@ -29,11 +29,12 @@ var grid = $("#ipv6-search").bootgrid({
<?php
$sql = 'SELECT `devices`.`device_id`,`hostname`, `sysName` FROM `devices`';
$param = [];
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`';
$where .= ' WHERE `DP`.`user_id`=?';
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " WHERE `devices`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$sql .= " $where ORDER BY `hostname`";

7
includes/html/pages/search/mac.inc.php
View File

@ -30,11 +30,12 @@ var grid = $("#mac-search").bootgrid({
<?php
$sql = 'SELECT `devices`.`device_id`,`hostname`, `sysName` FROM `devices`';
$param = [];
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`';
$where .= ' WHERE `DP`.`user_id`=?';
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " WHERE `devices`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$sql .= " $where ORDER BY `hostname`";

6
includes/html/pages/search/packages.inc.php
View File

@ -77,9 +77,9 @@ $query = 'SELECT packages.name FROM packages,devices ';
$param = array();
if (!Auth::user()->hasGlobalRead()) {
$query .= " LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`";
$sql_where .= " AND `DP`.`user_id`=?";
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$query .= " WHERE packages.device_id = devices.device_id AND packages.name LIKE '%".mres($_POST['package'])."%' $sql_where GROUP BY packages.name";

14
includes/html/pages/services.inc.php
View File

@ -120,14 +120,16 @@ require_once 'includes/html/modal/delete_service.inc.php';
$sql_param[] = $state;
}
if (Auth::user()->hasGlobalRead()) {
$host_sql = 'SELECT `D`.`device_id`,`D`.`hostname`,`D`.`sysName` FROM devices AS D, services AS S WHERE D.device_id = S.device_id GROUP BY `D`.`hostname`, `D`.`device_id`, `D`.`sysName` ORDER BY D.hostname';
$host_par = array();
} else {
$host_sql = 'SELECT `D`.`device_id`,`D`.`hostname`,`D`.`sysName` FROM devices AS D, services AS S, devices_perms AS P WHERE D.device_id = S.device_id AND D.device_id = P.device_id AND P.user_id = ? GROUP BY `D`.`hostname`, `D`.`device_id`, `D`.`sysName` ORDER BY D.hostname';
$host_par = array(Auth::id());
$host_par = array();
$perms_sql = null;
if (!Auth::user()->hasGlobalRead()) {
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$perms_sql .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$host_par = $device_ids;
}
$host_sql = 'SELECT `D`.`device_id`,`D`.`hostname`,`D`.`sysName` FROM devices AS D, services AS S WHERE D.device_id = S.device_id ' . $perms_sql . ' GROUP BY `D`.`hostname`, `D`.`device_id`, `D`.`sysName` ORDER BY D.hostname';
$shift = 1;
foreach (dbFetchRows($host_sql, $host_par) as $device) {
$device_id = $device['device_id'];

12
includes/html/print-graph-alerts.inc.php
View File

@ -18,7 +18,7 @@
*/
$pagetitle[] = "Alert Stats";
$param = [];
$sql = "";
if (isset($device['device_id']) && $device['device_id'] > 0) {
$sql = " AND alert_log.device_id=?";
@ -27,13 +27,13 @@ if (isset($device['device_id']) && $device['device_id'] > 0) {
);
}
if (Auth::user()->hasGlobalRead()) {
$query = "SELECT DATE_FORMAT(time_logged, '" . \LibreNMS\Config::get('alert_graph_date_format') . "') Date, COUNT(alert_log.rule_id) totalCount, alert_rules.severity Severity FROM alert_log,alert_rules WHERE alert_log.rule_id=alert_rules.id AND `alert_log`.`state` != 0 $sql GROUP BY DATE_FORMAT(time_logged, '" . \LibreNMS\Config::get('alert_graph_date_format') . "'),alert_rules.severity";
if (!Auth::user()->hasGlobalRead()) {
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$sql .= " AND `alert_log`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
if (!Auth::user()->hasGlobalRead()) {
$query = "SELECT DATE_FORMAT(time_logged, '" . \LibreNMS\Config::get('alert_graph_date_format') . "') Date, COUNT(alert_log.device_id) totalCount, alert_rules.severity Severity FROM alert_log,alert_rules,devices_perms WHERE alert_log.rule_id=alert_rules.id AND `alert_log`.`state` != 0 $sql AND alert_log.device_id = devices_perms.device_id AND devices_perms.user_id = " . Auth::id() . " GROUP BY DATE_FORMAT(time_logged, '" . \LibreNMS\Config::get('alert_graph_date_format') . "'),alert_rules.severity";
}
$query = "SELECT DATE_FORMAT(time_logged, '" . \LibreNMS\Config::get('alert_graph_date_format') . "') Date, COUNT(alert_log.rule_id) totalCount, alert_rules.severity Severity FROM alert_log,alert_rules WHERE alert_log.rule_id=alert_rules.id AND `alert_log`.`state` != 0 $sql GROUP BY DATE_FORMAT(time_logged, '" . \LibreNMS\Config::get('alert_graph_date_format') . "'),alert_rules.severity";
?>
<br>

7
includes/html/print-map.inc.php
View File

@ -28,9 +28,10 @@ if (!empty($device['hostname'])) {
}
if (!Auth::user()->hasGlobalRead()) {
$join_sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `D1`.`device_id` = `DP`.`device_id`';
$sql .= ' AND `DP`.`user_id`=?';
$sql_array[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$sql .= " AND `D1`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$sql .= " AND `D2`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$sql_array = array_merge($sql_array, $device_ids, $device_ids);
}
$devices_by_id = array();

9
includes/html/table/address-search.inc.php
View File

@ -5,15 +5,14 @@ use LibreNMS\Util\IP;
$param = array();
if (!Auth::user()->hasGlobalRead()) {
$perms_sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `D`.`device_id` = `DP`.`device_id`';
$where .= ' AND `DP`.`user_id`=?';
$param[] = array(Auth::id());
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
list($address,$prefix) = explode('/', $vars['address']);
if ($vars['search_type'] == 'ipv4') {
$sql = ' FROM `ipv4_addresses` AS A, `ports` AS I, `ipv4_networks` AS N, `devices` AS D';
$sql .= $perms_sql;
$sql .= " WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv4_network_id = A.ipv4_network_id $where ";
if (!empty($address)) {
$sql .= " AND ipv4_address LIKE '%".$address."%'";
@ -25,7 +24,6 @@ if ($vars['search_type'] == 'ipv4') {
}
} elseif ($vars['search_type'] == 'ipv6') {
$sql = ' FROM `ipv6_addresses` AS A, `ports` AS I, `ipv6_networks` AS N, `devices` AS D';
$sql .= $perms_sql;
$sql .= " WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv6_network_id = A.ipv6_network_id $where ";
if (!empty($address)) {
$sql .= " AND (ipv6_address LIKE '%".$address."%' OR ipv6_compressed LIKE '%".$address."%')";
@ -36,7 +34,6 @@ if ($vars['search_type'] == 'ipv4') {
}
} elseif ($vars['search_type'] == 'mac') {
$sql = ' FROM `ports` AS I, `devices` AS D';
$sql .= $perms_sql;
$sql .= " WHERE I.device_id = D.device_id AND `ifPhysAddress` LIKE '%".str_replace(array(':', ' ', '-', '.', '0x'), '', mres($vars['address']))."%' $where ";
}//end if
if (is_numeric($vars['device_id'])) {

9
includes/html/table/alertlog.inc.php
View File

@ -29,11 +29,10 @@ if (isset($vars['min_severity'])) {
$where .= get_sql_filter_min_severity($vars['min_severity'], "R");
}
if (Auth::user()->hasGlobalRead()) {
$sql = " FROM `alert_log` AS E LEFT JOIN devices AS D ON E.device_id=D.device_id RIGHT JOIN alert_rules AS R ON E.rule_id=R.id WHERE $where";
} else {
$sql = " FROM `alert_log` AS E LEFT JOIN devices AS D ON E.device_id=D.device_id RIGHT JOIN alert_rules AS R ON E.rule_id=R.id RIGHT JOIN devices_perms AS P ON E.device_id = P.device_id WHERE $where AND P.user_id = ?";
$param[] = array(Auth::id());
if (!Auth::user()->hasGlobalRead()) {
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
if (isset($searchPhrase) && !empty($searchPhrase)) {

8
includes/html/table/alerts.inc.php
View File

@ -14,7 +14,7 @@
*/
$where = ' `devices`.`disabled` = 0';
$param = [];
$alert_states = array(
// divined from librenms/alerts.php
'recovered' => 0,
@ -66,9 +66,9 @@ if (isset($searchPhrase) && !empty($searchPhrase)) {
$sql = ' FROM `alerts` LEFT JOIN `devices` ON `alerts`.`device_id`=`devices`.`device_id`';
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`';
$where .= ' AND `DP`.`user_id`=?';
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$sql .= " LEFT JOIN `locations` ON `devices`.`location_id` = `locations`.`id`";

6
includes/html/table/arp-search.inc.php
View File

@ -5,9 +5,9 @@ $param = array();
$sql .= ' FROM `ipv4_mac` AS M, `ports` AS P, `devices` AS D ';
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `D`.`device_id` = `DP`.`device_id`';
$where .= ' AND `DP`.`user_id`=?';
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$sql .= " WHERE M.port_id = P.port_id AND P.device_id = D.device_id $where ";

13
includes/html/table/inventory.inc.php
View File

@ -3,15 +3,14 @@
$where = '1';
$param = array();
if (Auth::user()->hasGlobalRead()) {
$sql = " FROM entPhysical AS E, devices AS D WHERE $where AND D.device_id = E.device_id";
} else {
$sql = " FROM entPhysical AS E, devices AS D, devices_perms AS P WHERE $where AND D.device_id = E.device_id AND P.device_id = D.device_id AND P.user_id = ?";
$param[] = Auth::id();
if (!Auth::user()->hasGlobalRead()) {
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$sql = " FROM entPhysical AS E, devices AS D WHERE $where AND D.device_id = E.device_id";
if (isset($searchPhrase) && !empty($searchPhrase)) {
$sql .= " AND (`D`.`hostname` LIKE '%$searchPhrase%' OR `E`.`entPhysicalDescr` LIKE '%$searchPhrase%' OR `E`.`entPhysicalModelName` LIKE '%$searchPhrase%' OR `E`.`entPhysicalSerialNum` LIKE '%$searchPhrase%')";
}

8
includes/html/table/mempool.inc.php
View File

@ -18,10 +18,12 @@
$graph_type = 'mempool_usage';
$where = 1;
$sql = ' FROM `mempools` AS `M` LEFT JOIN `devices` AS `D` ON `M`.`device_id` = `D`.`device_id`';
$param = [];
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `M`.`device_id` = `DP`.`device_id`';
$where .= ' AND `DP`.`user_id`=?';
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$sql .= " WHERE $where";

12
includes/html/table/ports.inc.php
View File

@ -28,12 +28,12 @@ $param = array();
$sql = 'FROM `ports`';
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `ports`.`device_id` = `DP`.`device_id`';
$sql .= ' LEFT JOIN `ports_perms` AS `PP` ON `ports`.`port_id` = `PP`.`port_id`';
$where .= ' AND (`DP`.`user_id`=? OR `PP`.`user_id`=?)';
$param[] = Auth::id();
$param[] = Auth::id();
$port_ids = Permissions::portsForUser()->toArray() ?: [0];
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " AND (`ports`.`port_id` IN " . dbGenPlaceholders(count($port_ids));
$where .= " OR `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$where .= ")";
$param = array_merge($param, $port_ids, $device_ids);
}
$sql .= ' LEFT JOIN `devices` AS `D` ON `ports`.`device_id` = `D`.`device_id`';

8
includes/html/table/processor.inc.php
View File

@ -18,10 +18,12 @@
$graph_type = 'processor_usage';
$where = 1;
$sql = ' FROM `processors` AS `P` LEFT JOIN `devices` AS `D` ON `P`.`device_id` = `D`.`device_id`';
$param = [];
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `P`.`device_id` = `DP`.`device_id`';
$where .= ' AND `DP`.`user_id`=?';
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [false];
$where .= " AND `P`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$sql .= " WHERE $where";

9
includes/html/table/sensors-common.php
View File

@ -23,16 +23,13 @@ $class = mres($vars['class']);
$sql = " FROM `$table` AS S, `devices` AS D";
if (!Auth::user()->hasGlobalRead()) {
$sql .= ', devices_perms as P';
}
$sql .= " WHERE S.sensor_class=? AND S.device_id = D.device_id ";
$param[] = mres($vars['class']);
if (!Auth::user()->hasGlobalRead()) {
$sql .= " AND D.device_id = P.device_id AND P.user_id = ?";
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$sql .= " AND `D`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
if (isset($searchPhrase) && !empty($searchPhrase)) {

7
includes/html/table/storage.inc.php
View File

@ -18,13 +18,14 @@
$graph_type = 'storage_usage';
$where = 1;
$param = [];
$sql = ' FROM `storage` AS `S` LEFT JOIN `devices` AS `D` ON `S`.`device_id` = `D`.`device_id`';
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' LEFT JOIN `devices_perms` AS `DP` ON `S`.`device_id` = `DP`.`device_id`';
$where .= ' AND `DP`.`user_id`=?';
$param[] = Auth::id();
$device_ids = Permissions::devicesForUser()->toArray() ?: [0];
$where .= " AND `S`.`device_id` IN " .dbGenPlaceholders(count($device_ids));
$param = array_merge($param, $device_ids);
}
$sql .= " WHERE $where";

7
misc/config_definitions.json
View File

@ -3610,6 +3610,13 @@
"order": 6,
"type": "integer"
},
"permission.device_group.allow_dynamic": {
"default": false,
"group": "authorization",
"order": 1,
"section": "device-group",
"type": "boolean"
},
"ping": {
"default": "/bin/ping",
"group": "external",

8
misc/db_schema.yaml
View File

@ -515,6 +515,14 @@ devices_attribs:
Indexes:
PRIMARY: { Name: PRIMARY, Columns: [attrib_id], Unique: true, Type: BTREE }
device_id: { Name: device_id, Columns: [device_id], Unique: false, Type: BTREE }
devices_group_perms:
Columns:
- { Field: user_id, Type: 'int(10) unsigned', 'Null': false, Extra: '' }
- { Field: device_group_id, Type: 'int(10) unsigned', 'Null': false, Extra: '' }
Indexes:
PRIMARY: { Name: PRIMARY, Columns: [device_group_id, user_id], Unique: true, Type: BTREE }
devices_group_perms_device_group_id_index: { Name: devices_group_perms_device_group_id_index, Columns: [device_group_id], Unique: false, Type: BTREE }
devices_group_perms_user_id_index: { Name: devices_group_perms_user_id_index, Columns: [user_id], Unique: false, Type: BTREE }
devices_perms:
Columns:
- { Field: user_id, Type: 'int(10) unsigned', 'Null': false, Extra: '' }

11
resources/lang/en/settings.php
View File

@ -5,6 +5,7 @@ return [
'groups' => [
'alerting' => 'Alerting',
'auth' => 'Authentication',
'authorization' => 'Authorization',
'external' => 'External',
'global' => 'Global',
'os' => 'OS',
@ -23,6 +24,9 @@ return [
'ad' => 'Active Directory Settings',
'ldap' => 'LDAP Settings'
],
'authorization' => [
'device-group' => 'Device Group Settings'
],
'discovery' => [
'general' => 'General Discovery Settings',
'route' => 'Routes Discovery Module',
@ -592,6 +596,13 @@ return [
'description' => 'Poller performance log entries older than (days)',
'help' => 'Cleanup done by daily.sh'
],
'permission' => [
'device_group' => [
'allow_dynamic' => [
'description' => 'Enable user access via dynamic Device Groups',
]
]
],
'ping' => [
'description' => 'Path to ping'
],