diff options
| author | Udo Walter | 2018-01-18 17:54:13 +0100 |
|---|---|---|
| committer | Udo Walter | 2018-01-18 17:54:13 +0100 |
| commit | 734c493dc1e416ee188ad121033b7856e8259816 (patch) | |
| tree | 6b28d6606a9bd960bf5f9d2b44ec60c46a7c4696 /modules-available/syslog/page.inc.php | |
| parent | [minilinux] implemented permission-system. you can't see the side without any... (diff) | |
| download | slx-admin-734c493dc1e416ee188ad121033b7856e8259816.tar.gz slx-admin-734c493dc1e416ee188ad121033b7856e8259816.tar.xz slx-admin-734c493dc1e416ee188ad121033b7856e8259816.zip | |
[statistics] added permissions to view client logs;
removed unused query arguments from Paginate::exec (caused an error if
query arguments that are actually used in the query are passed to Paginate::exec)
Diffstat (limited to 'modules-available/syslog/page.inc.php')
| -rw-r--r-- | modules-available/syslog/page.inc.php | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/modules-available/syslog/page.inc.php b/modules-available/syslog/page.inc.php index c679877a..a34ceb53 100644 --- a/modules-available/syslog/page.inc.php +++ b/modules-available/syslog/page.inc.php @@ -15,6 +15,13 @@ class Page_SysLog extends Page protected function doRender() { + Render::addTemplate("heading"); + + if (!User::hasPermission("view")) { + Message::addError('main.no-permission'); + return; + } + $cutoff = strtotime('-1 month'); $res = Database::simpleQuery("SELECT logtypeid, Count(*) AS counter FROM clientlog WHERE dateline > $cutoff GROUP BY logtypeid ORDER BY counter ASC"); $types = array(); @@ -55,11 +62,24 @@ class Page_SysLog extends Page else $whereClause .= ' AND '; - $whereClause .= "machineuuid='" . preg_replace('/[^0-9a-zA-Z\-]/', '', Request::get('machineuuid', '', 'string')) . "'"; + $whereClause .= "machineuuid='" . preg_replace('/[^0-9a-zA-Z\-]/', '', Request::get('machineuuid', '', 'string')) . "'"; + } + + $allowedLocations = User::getAllowedLocations("view"); + $joinClause = ""; + if (!in_array(0, $allowedLocations)) { + $joinClause = "INNER JOIN machine ON machine.machineuuid = clientlog.machineuuid"; + if (empty($whereClause)) + $whereClause .= ' WHERE '; + else + $whereClause .= ' AND '; + + $whereClause .= 'locationid IN (:allowedLocations)'; } + $lines = array(); - $paginate = new Paginate("SELECT logid, dateline, logtypeid, clientip, description, extra FROM clientlog $whereClause ORDER BY logid DESC", 50); - $res = $paginate->exec(); + $paginate = new Paginate("SELECT logid, dateline, logtypeid, clientlog.clientip as clientip, description, extra FROM clientlog $joinClause $whereClause ORDER BY logid DESC", 50); + $res = $paginate->exec(array("allowedLocations" => $allowedLocations)); while ($row = $res->fetch(PDO::FETCH_ASSOC)) { $row['date'] = Util::prettyTime($row['dateline']); $row['icon'] = $this->eventToIconName($row['logtypeid']); |