/**
* Checks whether the Web user is allowed to perform the specified action.
* @param CWebUser $user the user object
* @param CController $controller the controller currently being executed
* @param CAction $action the action to be performed
* @param string $ip the request IP address
* @param string $verb the request verb (GET, POST, etc.)
* @return integer 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user
*/
public function isUserAllowed($user, $controller, $action, $ip, $verb)
{
try {
/*
$sesMod = $user->getState('modType');
$oCurMod = $controller->getModule();
if( $oCurMod != NULL ){
if( ($oCurMod->getId() == 'ad' && $sesMod == 'pub') ||
($oCurMod->getId() == 'pub' && $sesMod == 'ad') )
throw new CHttpException(EXCEPTION_NO_RIGHTS, Yii::t('general', 'pub_ad_mod_confused'));
}
*/
echo 'user access';
return false;
$aPerm = $user->perm;
$aAction = $aPerm[$controller->getId()]['_p'];
if (is_array($aAction) && in_array(strtolower($action->getId()), $aAction)) {
return true;
} else {
throw new CHttpException(EXCEPTION_NO_RIGHTS, Yii::t('general', 'sorry, you have no rights to do this'));
}
} catch (Exception $e) {
throw new CHttpException(EXCEPTION_NO_RIGHTS, Yii::t('general', 'sorry, you have no rights to do this'));
}
}
/**
* Override of CAction's construct; all child classes need to have the
* behavior {@link UpdaterBehavior} attached and enabled.
*
* @param type $controller
* @param type $id
*/
public function __construct($controller, $id)
{
parent::__construct($controller, $id);
$this->attachBehaviors($this->behaviors());
// Be certain we can continue safely:
$this->requireDependencies();
}
/**
* Needed to override the constructor to make this automatically attach
* behaviors listed in the {@link X2TranslationAction::behaviors} function.
* @param CController $controller The controller who owns this action.
* @param string $action The ID of the action.
*/
public function __construct($controller, $action)
{
$this->attachBehaviors($this->behaviors());
// Automatically attach all behaviors defined in behaviors method.
parent::__construct($controller, $action);
// Call parent constructor, nothing else to do.
}
public function __get($name)
{
if (!$this->canGetProperty($name)) {
return $this->options[$name];
} else {
return parent::__get($name);
}
}
/**
* CFilterChain factory method.
* This method creates a CFilterChain instance.
* @param CController $controller the controller who executes the action.
* @param CAction $action the action being filtered by this chain.
* @param array $filters list of filters to be applied to the action.
* @return CFilterChain
*/
public static function create($controller, $action, $filters)
{
$chain = new CFilterChain($controller, $action);
$actionID = $action->getId();
foreach ($filters as $filter) {
if (is_string($filter)) {
if (($pos = strpos($filter, '+')) !== false || ($pos = strpos($filter, '-')) !== false) {
$matched = preg_match("/\\b{$actionID}\\b/i", substr($filter, $pos + 1)) > 0;
if (($filter[$pos] === '+') === $matched) {
$filter = CInlineFilter::create($controller, trim(substr($filter, 0, $pos)));
}
} else {
$filter = CInlineFilter::create($controller, $filter);
}
} else {
if (is_array($filter)) {
if (!isset($filter[0])) {
throw new CException(Yii::t('yii', 'The first element in a filter configuration must be the filter class.'));
}
$filterClass = $filter[0];
unset($filter[0]);
if (($pos = strpos($filterClass, '+')) !== false || ($pos = strpos($filterClass, '-')) !== false) {
$matched = preg_match("/\\b{$actionID}\\b/i", substr($filterClass, $pos + 1)) > 0;
if (($filterClass[$pos] === '+') === $matched) {
$filterClass = trim(substr($filterClass, 0, $pos));
} else {
continue;
}
}
$filter['class'] = $filterClass;
$filter = Yii::createComponent($filter);
}
}
if (is_object($filter)) {
$filter->init();
$chain->add($filter);
}
}
return $chain;
}
public function __construct($controller, $id, $target_id = null)
{
$requestedTarget = Yii::app()->request->getParam('target_id', FALSE);
if (!$this->target_id && $requestedTarget) {
$this->target_id = $requestedTarget;
} elseif (!$this->target_id && $target_id) {
$this->target_id = $target_id;
} else {
throw new CException('target_id should be specified');
}
$this->user_id = !Yii::app()->user->isGuest ? Yii::app()->user->id : 0;
parent::__construct($controller, $id);
}
/**
* Override runWithParams() implementation in CAction to help us parse
* requests with subactions.
*
* @param array $params URL Parameters
*/
public function runWithParams($params)
{
// Default method that would be called if the subaction and run() do not exist
$sDefault = 'index';
// Check for a subaction
if (empty($params['sa'])) {
$sSubAction = $sDefault;
// default
} else {
$sSubAction = $params['sa'];
}
// Check if the class has the method
$oClass = new ReflectionClass($this);
if (!$oClass->hasMethod($sSubAction)) {
// If it doesn't, revert to default Yii method, that is run() which should reroute us somewhere else
$sSubAction = 'run';
}
// Populate the params. eg. surveyid -> iSurveyId
$params = $this->_addPseudoParams($params);
if (!empty($params['iSurveyId'])) {
if (!Survey::model()->findByPk($params['iSurveyId'])) {
Yii::app()->setFlashMessage(gT("Invalid survey ID"), 'error');
$this->getController()->redirect(array("admin/index"));
} elseif (!Permission::model()->hasSurveyPermission($params['iSurveyId'], 'survey', 'read')) {
Yii::app()->setFlashMessage(gT("No permission"), 'error');
$this->getController()->redirect(array("admin/index"));
} else {
LimeExpressionManager::SetSurveyId($params['iSurveyId']);
// must be called early - it clears internal cache if a new survey is being used
}
}
// Check if the method is public and of the action class, not its parents
// ReflectionClass gets us the methods of the class and parent class
// If the above method existence check passed, it might not be neceessary that it is of the action class
$oMethod = new ReflectionMethod($this, $sSubAction);
// Get the action classes from the admin controller as the urls necessarily do not equal the class names. Eg. survey -> surveyaction
$aActions = Yii::app()->getController()->getActionClasses();
if (empty($aActions[$this->getId()]) || strtolower($oMethod->getDeclaringClass()->name) != strtolower($aActions[$this->getId()]) || !$oMethod->isPublic()) {
// Either action doesn't exist in our whitelist, or the method class doesn't equal the action class or the method isn't public
// So let us get the last possible default method, ie. index
$oMethod = new ReflectionMethod($this, $sDefault);
}
// We're all good to go, let's execute it
// runWithParamsInternal would automatically get the parameters of the method and populate them as required with the params
return parent::runWithParamsInternal($this, $oMethod, $params);
}
/**
* Override runWithParams() implementation in CAction to help us parse
* requests with subactions.
*
* @param array $params URL Parameters
*/
public function runWithParams($params)
{
// Default method that would be called if the subaction and run() do not exist
$sDefault = 'index';
// Check for a subaction
if (empty($params['sa'])) {
$sSubAction = $sDefault;
// default
} else {
$sSubAction = $params['sa'];
}
// Check if the class has the method
$oClass = new ReflectionClass($this);
if (!$oClass->hasMethod($sSubAction)) {
// If it doesn't, revert to default Yii method, that is run() which should reroute us somewhere else
$sSubAction = 'run';
}
// Populate the params. eg. plid -> iSurveyId
$params = $this->_addPseudoParams($params);
if (!empty($params['iPanellistId'])) {
if (!PL::model()->findByPk($params['iPanellistId'])) {
$this->getController()->error('Invalid panel-list id');
} elseif (!PL::model()->IsValid($params['iPanellistId'])) {
$this->getController()->error('Not active');
} else {
}
}
// Check if the method is public and of the action class, not its parents
// ReflectionClass gets us the methods of the class and parent class
// If the above method existence check passed, it might not be neceessary that it is of the action class
$oMethod = new ReflectionMethod($this, $sSubAction);
// Get the action classes from the admin controller as the urls necessarily do not equal the class names. Eg. survey -> surveyaction
$aActions = Yii::app()->getController()->getActionClasses();
if (empty($aActions[$this->getId()]) || strtolower($oMethod->getDeclaringClass()->name) != $aActions[$this->getId()] || !$oMethod->isPublic()) {
// Either action doesn't exist in our whitelist, or the method class doesn't equal the action class or the method isn't public
// So let us get the last possible default method, ie. index
$oMethod = new ReflectionMethod($this, $sDefault);
}
// We're all good to go, let's execute it
// runWithParamsInternal would automatically get the parameters of the method and populate them as required with the params
return parent::runWithParamsInternal($this, $oMethod, $params);
}
/**
* @return EGearmanHandler
*/
public function getHandler()
{
return parent::getController();
}
/**
* The pre-filter for controller actions.
* This method is invoked before the currently requested controller action and all its filters
* are executed. You may override this method with logic that needs to be done
* before all controller actions.
* @param CController $controller the controller
* @param CAction $action the action
* @return boolean whether the action should be executed.
*/
public function beforeControllerAction($controller, $action)
{
/**
* Plugin event done before all web controller action
* Can set run to false to deactivate action
*/
$event = new PluginEvent('beforeControllerAction');
$event->set('controller', $controller->getId());
$event->set('action', $action->getId());
App()->getPluginManager()->dispatchEvent($event);
return $event->get("run", parent::beforeControllerAction($controller, $action));
}
/**
* @param CAction $action the action
* @return boolean whether the rule applies to the action
*/
protected function isActionMatched($action)
{
return empty($this->actions) || in_array(strtolower($action->getId()), $this->actions);
}
/**
* Calls a controller method.
* This is a PHP magic method that we override to implement the shortcut format methods.
* @param string the method name
* @param array method parameters
* @return mixed the method return value
*/
public function __call($name, $parameters)
{
$controller = $this->getController();
if (method_exists($controller, $name)) {
return call_user_func_array(array($controller, $name), $parameters);
} else {
return parent::__call($name, $parameters);
}
}
private static function action($action, $params)
{
CAction::$error = array();
switch ($action) {
default:
$result = call_user_func(array('CAction', $action), $params);
}
self::$result = $result;
}
/**
* Delete Media types
*
* {@source}
* @access public
* @static
* @since 1.8
* @version 1
*
* @param array $mediatypes
* @param array $mediatypes[0,...]['mediatypeids']
* @return boolean
*/
public static function delete($mediatypeids)
{
global $USER_DETAILS;
if (USER_TYPE_SUPER_ADMIN != $USER_DETAILS['type']) {
self::exception(ZBX_API_ERROR_PERMISSIONS, S_CMEDIATYPE_ERROR_ONLY_SUPER_ADMIN_CAN_DELETE_MEDIATYPES);
}
$mediatypeids = zbx_toArray($mediatypeids);
try {
self::BeginTransaction(__METHOD__);
$options = array('mediatypeids' => $mediatypeids, 'output' => API_OUTPUT_EXTEND, 'preservekeys' => 1);
$actions = CAction::get($options);
if (!empty($actions)) {
$action = reset($actions);
self::exception(ZBX_API_ERROR_PARAMETERS, S_MEDIATYPE_USED_BY_ACTIONS . ' ' . $action['name']);
}
DB::delete('media', DBcondition('mediatypeid', $mediatypeids));
DB::delete('alerts', DBcondition('mediatypeid', $mediatypeids));
DB::delete('media_type', DBcondition('mediatypeid', $mediatypeids));
self::EndTransaction(true, __METHOD__);
return array('mediatypeids' => $mediatypeids);
} catch (APIException $e) {
self::EndTransaction(false, __METHOD__);
$error = $e->getErrors();
$error = reset($error);
self::setError(__METHOD__, $e->getCode(), $error);
return false;
}
}
$validateConditions[] = $condition;
}
}
if ($validateConditions) {
CAction::validateConditions($validateConditions);
}
$_REQUEST['conditions'] = $validateConditions;
}
} catch (APIException $e) {
show_error_message(_('Cannot add action condition'));
error($e->getMessage());
}
} elseif (isset($_REQUEST['add_opcondition']) && isset($_REQUEST['new_opcondition'])) {
$new_opcondition = $_REQUEST['new_opcondition'];
try {
CAction::validateOperationConditions($new_opcondition);
$new_operation = get_request('new_operation', array());
if (!isset($new_operation['opconditions'])) {
$new_operation['opconditions'] = array();
}
if (!str_in_array($new_opcondition, $new_operation['opconditions'])) {
array_push($new_operation['opconditions'], $new_opcondition);
}
$_REQUEST['new_operation'] = $new_operation;
unset($_REQUEST['new_opcondition']);
} catch (APIException $e) {
error($e->getMessage());
}
} elseif (isset($_REQUEST['add_operation']) && isset($_REQUEST['new_operation'])) {
$new_operation = $_REQUEST['new_operation'];
$result = true;
/**
* @param CAction $controller the action
*
* @return boolean whether the rule applies to the action
*/
protected function isControllerMatched($controller)
{
return empty($this->controllers) || in_array(strtolower($controller->getId()), $this->controllers);
}
$cmbSource->addItem(EVENT_SOURCE_DISCOVERY, S_DISCOVERY);
$cmbSource->addItem(EVENT_SOURCE_AUTO_REGISTRATION, S_AUTO_REGISTRATION);
$form->addItem(array(S_EVENT_SOURCE, SPACE, $cmbSource));
$numrows = new CDiv();
$numrows->setAttribute('name', 'numrows');
$action_wdgt->addHeader(S_ACTIONS_BIG, $form);
$action_wdgt->addHeader($numrows);
// table
$form = new CForm();
$form->setName('actions');
$tblActions = new CTableInfo(S_NO_ACTIONS_DEFINED);
$tblActions->setHeader(array(new CCheckBox('all_items', null, "checkAll('" . $form->getName() . "','all_items','g_actionid');"), make_sorting_header(S_NAME, 'name'), S_CONDITIONS, S_OPERATIONS, make_sorting_header(S_STATUS, 'status')));
$sortfield = getPageSortField('name');
$sortorder = getPageSortOrder();
$options = array('output' => API_OUTPUT_EXTEND, 'filter' => array('eventsource' => array($_REQUEST['eventsource'])), 'select_conditions' => API_OUTPUT_EXTEND, 'select_operations' => API_OUTPUT_EXTEND, 'editable' => 1, 'sortfield' => $sortfield, 'sortorder' => $sortorder, 'limit' => $config['search_limit'] + 1);
$actions = CAction::get($options);
// sorting && paging
order_result($actions, $sortfield, $sortorder);
$paging = getPagingLine($actions);
//-------
foreach ($actions as $anum => $action) {
$conditions = array();
order_result($action['conditions'], 'conditiontype', ZBX_SORT_DOWN);
foreach ($action['conditions'] as $cnum => $condition) {
$conditions[] = array(get_condition_desc($condition['conditiontype'], $condition['operator'], $condition['value']), BR());
}
$operations = array();
order_result($action['operations'], 'operationtype', ZBX_SORT_DOWN);
foreach ($action['operations'] as $onum => $operation) {
$operations[] = array(get_operation_desc(SHORT_DESCRITION, $operation), BR());
}
