diff options
Diffstat (limited to 'modules-available/statistics/pages/replace.inc.php')
| -rw-r--r-- | modules-available/statistics/pages/replace.inc.php | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/modules-available/statistics/pages/replace.inc.php b/modules-available/statistics/pages/replace.inc.php index 9c16aed7..50bfd6cf 100644 --- a/modules-available/statistics/pages/replace.inc.php +++ b/modules-available/statistics/pages/replace.inc.php @@ -5,6 +5,7 @@ class SubPage public static function doPreprocess() { + User::assertPermission('replace'); $action = Request::post('action', false, 'string'); if ($action === 'replace') { self::handleReplace(); @@ -17,11 +18,13 @@ class SubPage private static function handleReplace() { $replace = Request::post('replace', false, 'array'); - if ($replace === false || empty($replace)) { + if (empty($replace)) { Message::addError('main.parameter-empty', 'replace'); return; } $list = []; + $allowed = User::getAllowedLocations('replace'); + // Loop through passed machines, filter out unsuited pairs (both in use) and those without permission foreach ($replace as $p) { $split = explode('x', $p); if (count($split) !== 2) { @@ -29,13 +32,13 @@ class SubPage continue; } $entry = ['old' => $split[0], 'new' => $split[1]]; - $old = Database::queryFirst('SELECT lastseen FROM machine WHERE machineuuid = :old', + $old = Database::queryFirst('SELECT locationid, lastseen FROM machine WHERE machineuuid = :old', ['old' => $entry['old']]); if ($old === false) { Message::addError('unknown-machine', $entry['old']); continue; } - $new = Database::queryFirst('SELECT firstseen FROM machine WHERE machineuuid = :new', + $new = Database::queryFirst('SELECT locationid, firstseen FROM machine WHERE machineuuid = :new', ['new' => $entry['new']]); if ($new === false) { Message::addError('unknown-machine', $entry['new']); @@ -45,6 +48,16 @@ class SubPage Message::addWarning('ignored-both-in-use', $entry['old'], $entry['new']); continue; } + if (!in_array(0, $allowed)) { + if (!in_array($old['locationid'], $allowed)) { + Message::addWarning('ignored-no-permission', $entry['old']); + continue; + } + if (!in_array($new['locationid'], $allowed)) { + Message::addWarning('ignored-no-permission', $entry['new']); + continue; + } + } $entry['datelimit'] = min($new['firstseen'], $old['lastseen']); $list[] = $entry; } @@ -106,7 +119,10 @@ class SubPage FROM machine old INNER JOIN machine new ON (old.clientip = new.clientip AND old.lastseen < new.firstseen AND old.lastseen > $oldCutoff AND new.firstseen > $newCutoff) ORDER BY oldhost ASC, oldip ASC"); $list = []; - while ($row = $res->fetch(PDO::FETCH_ASSOC)) { + $allowed = User::getAllowedLocations('replace'); + foreach ($res as $row) { + if (!in_array(0, $allowed) && (!in_array($row['oldlid'], $allowed) || !in_array($row['newlid'], $allowed))) + continue; $row['oldlastseen_s'] = Util::prettyTime($row['oldlastseen']); $row['newfirstseen_s'] = Util::prettyTime($row['newfirstseen']); $list[] = $row; |