From 678134f24a212343344bc9bc2ed735ac91e448ae Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Mon, 8 Aug 2016 14:24:42 -0600 Subject: [PATCH] Update device_dashboard.php Update device dashboard use the group permissions. --- app/devices/device_dashboard.php | 128 ++++++++++++++++++++++++++----- 1 file changed, 110 insertions(+), 18 deletions(-) diff --git a/app/devices/device_dashboard.php b/app/devices/device_dashboard.php index 790e51c9fd..f577740362 100644 --- a/app/devices/device_dashboard.php +++ b/app/devices/device_dashboard.php @@ -42,19 +42,51 @@ //include the device class //require_once "app/devices/resources/classes/device.php"; +//get the vendor functions + $sql = "SELECT v.name as vendor_name, f.name, f.value "; + $sql .= "FROM v_device_vendors as v, v_device_vendor_functions as f "; + $sql .= "WHERE v.device_vendor_uuid = f.device_vendor_uuid "; + $sql .= "AND f.device_vendor_function_uuid in "; + $sql .= "("; + $sql .= " SELECT device_vendor_function_uuid FROM v_device_vendor_function_groups "; + $sql .= " WHERE device_vendor_function_uuid = f.device_vendor_function_uuid "; + $sql .= " AND ( "; + if (is_array($_SESSION['groups'])) { + $x = 0; + foreach($_SESSION['groups'] as $row) { + if ($x == 0) { + $sql .= " group_name = '".$row['group_name']."' "; + } + else { + $sql .= " or group_name = '".$row['group_name']."' "; + } + $x++; + } + } + $sql .= " ) "; + $sql .= ") "; + $sql .= "AND v.enabled = 'true' "; + $sql .= "AND f.enabled = 'true' "; + $sql .= "ORDER BY v.name ASC, f.name ASC "; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + $vendor_functions = $prep_statement->fetchAll(PDO::FETCH_NAMED); + //add or update the database if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { //add or update the database if ($_POST["persistformvar"] != "true") { - //get the $device_profile_uuid - foreach ($_POST['device_keys'] as &$row) { - if (strlen($row["device_profile_uuid"]) > 0 && is_uuid($row['device_profile_uuid'])) { - $device_profile_uuid = $row["device_profile_uuid"]; - break; - } - } + //get device + $sql = "SELECT device_uuid, device_profile_uuid FROM v_devices "; + $sql .= "WHERE device_user_uuid = '".$_SESSION['user_uuid']."' "; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + $row = $prep_statement->fetch(PDO::FETCH_NAMED); + $device_uuid = $row['device_uuid']; + $device_profile_uuid = $row['device_profile_uuid']; + unset($row); //get device profile keys if (isset($device_profile_uuid)) { @@ -66,6 +98,56 @@ unset($sql,$prep_statement); } + //get device keys + if (isset($device_uuid)) { + $sql = "SELECT * FROM v_device_keys "; + $sql .= "WHERE device_uuid = '".$device_uuid."' "; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + $device_keys = $prep_statement->fetchAll(PDO::FETCH_NAMED); + unset($sql,$prep_statement); + } + + //create a list of protected keys - device keys + foreach($device_keys as $row) { + //determine if the key is allowed + $device_key_authorized = false; + foreach($vendor_functions as $function) { + if ($function['vendor_name'] == $row['device_key_vendor'] && $function['value'] == $row['device_key_type']) { + $device_key_authorized = true; + } + } + //add the protected keys + if (!$device_key_authorized) { + $protected_keys[$row['device_key_id']] = 'true'; + } + } + //create a list of protected keys - device proile keys + foreach($device_profile_keys as $row) { + //determine if the key is allowed + $device_key_authorized = false; + foreach($vendor_functions as $function) { + if ($function['vendor_name'] == $row['device_key_vendor'] && $function['value'] == $row['device_key_type']) { + $device_key_authorized = true; + } + } + //add the protected keys + if (!$device_key_authorized) { + $protected_keys[$row['device_key_id']] = 'true'; + } + } + + //remove the keys the user is not allowed to edit based on the authorized vendor keys + $x=0; + foreach($_POST['device_keys'] as $row) { + //loop through the authorized vendor functions + if ($protected_keys[$row['device_key_id']] == "true") { + unset($_POST['device_keys'][$x]); + } + //increment the row id + $x++; + } + //add or update the device keys foreach ($_POST['device_keys'] as &$row) { @@ -296,17 +378,6 @@ } } -//get the vendor functions - $sql = "SELECT v.name as vendor_name, f.name, f.value "; - $sql .= "FROM v_device_vendors as v, v_device_vendor_functions as f "; - $sql .= "where v.device_vendor_uuid = f.device_vendor_uuid "; - $sql .= "and v.enabled = 'true' "; - $sql .= "and f.enabled = 'true' "; - $sql .= "order by v.name asc, f.name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $vendor_functions = $prep_statement->fetchAll(PDO::FETCH_NAMED); - //add a new key if (permission_exists('device_key_add')) { $device_keys[$x]['device_key_category'] = $device_key_category; @@ -320,6 +391,26 @@ $device_keys[$x]['device_key_label'] = ''; } +//remove the keys the user is not allowed to edit based on the authorized vendor keys + foreach($device_keys as $row) { + //loop through the authorized vendor functions + $device_key_authorized = false; + foreach($vendor_functions as $function) { + if (strlen($row['device_key_type'] == 0)) { + $device_key_authorized = true; + } + else { + if ($function['vendor_name'] == $row['device_key_vendor'] && $function['value'] == $row['device_key_type']) { + $device_key_authorized = true; + } + } + } + //unset vendor functions the is not allowed to edit + if (!$device_key_authorized) { + unset($device_keys[$row['device_key_id']]); + } + } + //show the header //require_once "resources/header.php"; @@ -349,6 +440,7 @@ //set the variables $device_key_vendor = $row['device_key_vendor']; $device_vendor = $row['device_key_vendor']; + //set the column names if ($previous_device_key_vendor != $row['device_key_vendor']) { echo " \n";