pandorafms/pandora_console/operation/incidents/incident.php

<script type="text/javascript">
        
    $( document ).ready(function() {

        $('[id^=checkbox-id_inc]').change(function(){
            if($(this).parent().parent().hasClass('checkselected')){
                $(this).parent().parent().removeClass('checkselected');
            }
            else{
                $(this).parent().parent().addClass('checkselected');                            
            }
        });

        $('[id^=checkbox-all_action]').change(function(){    
            if ($("#checkbox-all_action").prop("checked")) {
                $('[id^=checkbox-id_inc]').parent().parent().addClass('checkselected');
                $('[name^=id_inc]').prop("checked", true);
            }
            else{
                $('[id^=checkbox-id_inc]').parent().parent().removeClass('checkselected');
                $('[name^=id_inc]').prop("checked", false);
            }    
        });

    });

</script>

<?php

// Pandora FMS - http://pandorafms.com
// ==================================================
// Copyright (c) 2005-2011 Artica Soluciones Tecnologicas
// Please see http://pandorafms.org for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation for version 2.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
global $config;
require_once 'include/functions_incidents.php';

check_login();

$incident_r = check_acl($config['id_user'], 0, 'IR');
$incident_w = check_acl($config['id_user'], 0, 'IW');
$incident_m = check_acl($config['id_user'], 0, 'IM');
$access = ($incident_r == true) ? 'IR' : (($incident_w == true) ? 'IW' : (($incident_m == true) ? 'IM' : 'IR'));

if (!$incident_r && !$incident_w && !$incident_m) {
    db_pandora_audit('ACL Violation', 'Trying to access incident viewer');
    include 'general/noaccess.php';
    exit;
}

// Header
ui_print_page_header(
    __('Incident management'),
    'images/book_edit.png',
    false,
    '',
    false,
    ''
);

// Take input parameters
// Offset adjustment
if (isset($_GET['offset'])) {
    $offset = get_parameter('offset');
} else {
    $offset = 0;
}

// Check action. Try to get author and group
$action = get_parameter('action');

if ($action == 'mass') {
    $id_inc = get_parameter('id_inc', []);
    $delete_btn = get_parameter('delete_btn', -1);
    $own_btn = get_parameter('own_btn', -1);

    foreach ($id_inc as $incident) {
        if (check_acl($config['id_user'], incidents_get_group($incident), 'IM') || incidents_get_author($incident) == $config['id_user'] || incidents_get_owner($incident) == $config['id_user']) {
            continue;
        }

        db_pandora_audit('ACL Forbidden', 'Mass-update or deletion of incident');
        include 'general/noaccess.php';
        exit;
    }

    if ($delete_btn != -1) {
        $result = incidents_delete_incident($id_inc);
        ui_print_result_message(
            $result,
            __('Successfully deleted'),
            __('Could not be deleted')
        );
    }

    if ($own_btn != -1) {
        $result = incidents_process_chown($id_inc, $config['id_user']);
        ui_print_result_message(
            $result,
            __('Successfully reclaimed ownership'),
            __('Could not reclame ownership')
        );
    }
} else if ($action == 'update') {
    $id_inc = get_parameter('id_inc', 0);
    $author = incidents_get_author($id_inc);
    $owner = incidents_get_owner($id_inc);
    $grupo = incidents_get_group($id_inc);

    if ($author != $config['id_user'] && $owner != $config['id_user'] && !check_acl($config['id_user'], $grupo, 'IM')) {
        // Only admins (manage incident) or owners/creators can modify incidents
        db_pandora_audit('ACL Forbidden', 'Update incident #'.$id_inc, $author);
        include 'general/noaccess.php';
        exit;
    }

    $titulo = get_parameter('titulo');
    $titulo = io_safe_input(strip_tags(io_safe_output($titulo)));
    $descripcion = get_parameter('descripcion');
    $origen = get_parameter('origen_form');
    $prioridad = get_parameter('prioridad_form', 0);
    $estado = get_parameter('estado_form', 0);
    $grupo = get_parameter('grupo_form', 1);
    $usuario = get_parameter('usuario_form', $config['id_user']);
    $id_agent = get_parameter('id_agent');

    $sql = sprintf(
        "UPDATE tincidencia
		SET titulo = '%s', origen = '%s', estado = %d, id_grupo = %d, id_usuario = '%s', prioridad = %d, descripcion = '%s', id_lastupdate = '%s', id_agent = %d
		WHERE id_incidencia = %d",
        $titulo,
        $origen,
        $estado,
        $grupo,
        $usuario,
        $prioridad,
        $descripcion,
        $config['id_user'],
        $id_agent,
        $id_inc
    );
    $result = db_process_sql($sql);

    if ($result !== false) {
        db_pandora_audit('Incident updated', 'User '.$config['id_user'].' updated incident #'.$id_inc);
    }

    ui_print_result_message(
        $result,
        __('Successfully updated'),
        __('Could not be updated')
    );
} else if ($action == 'insert') {
    // Create incident
    $grupo = get_parameter('grupo_form', 1);

    if (!check_acl($config['id_user'], $grupo, 'IW')) {
        db_pandora_audit('ACL Forbidden', 'User '.$config['id_user'].' tried to update incident');
        include 'general/noaccess.php';
        exit;
    }

    // Read input variables
    $titulo = get_parameter('titulo');
    $titulo = io_safe_input(strip_tags(io_safe_output($titulo)));
    $descripcion = get_parameter('descripcion');
    $origen = get_parameter('origen_form');
    $prioridad = get_parameter('prioridad_form');
    $id_creator = $config['id_user'];
    $estado = get_parameter('estado_form');
    $usuario = get_parameter('usuario_form', '');
    $id_agent = get_parameter('id_agent');

    $sql = sprintf(
        "INSERT INTO tincidencia
			(inicio, actualizacion, titulo, descripcion, id_usuario, origen, estado, prioridad, id_grupo, id_creator, id_agent, id_agente_modulo)
		VALUES 
			(NOW(), NOW(), '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0)",
        $titulo,
        $descripcion,
        $usuario,
        $origen,
        $estado,
        $prioridad,
        $grupo,
        $config['id_user'],
        $id_agent
    );
    $id_inc = db_process_sql($sql, 'insert_id');

    if ($id_inc === false) {
        ui_print_error_message(__('Error creating incident'));
    } else {
        ui_print_success_message(__('Incident created'));
        db_pandora_audit('Incident created', 'User '.$config['id_user'].' created incident #'.$id_inc);
    }
}

// Search
$filter = '';

$texto = (string) get_parameter('texto', '');
if ($texto != '') {
    $filter .= sprintf(" AND (titulo LIKE '%%%s%%' OR descripcion LIKE '%%%s%%')", $texto, $texto);
}

$usuario = (string) get_parameter('usuario', '');
if ($usuario != '') {
    $filter .= sprintf(" AND id_usuario = '%s'", $usuario);
}

$estado = (int) get_parameter('estado', -1);
if ($estado >= 0) {
    // -1 = All
    $filter .= sprintf(' AND estado = %d', $estado);
}

$grupo = (int) get_parameter('grupo', 0);
if ($grupo > 0) {
    $filter .= sprintf(' AND id_grupo = %d', $grupo);
    if (check_acl($config['id_user'], $grupo, 'IM') == 0) {
        db_pandora_audit('ACL Forbidden', 'User tried to read incidents from group without access');
        include 'general/noaccess.php';
        exit;
    }
}

$prioridad = (int) get_parameter('prioridad', -1);
if ($prioridad != -1) {
    // -1 = All
    $filter .= sprintf(' AND prioridad = %d', $prioridad);
}

$agent_search = (int) get_parameter('agent_search');
if ($agent_search != 0) {
    $filter .= sprintf(' AND id_agent = %d', $agent_search);
}

$offset = (int) get_parameter('offset', 0);
$groups = users_get_groups($config['id_user'], 'IR');

// Select incidencts where the user has access to ($groups from
// get_user_groups), array_keys for the id, implode to pass to SQL
switch ($config['dbtype']) {
    case 'mysql':
        $sql = 'SELECT * FROM tincidencia WHERE 
			id_grupo IN ('.implode(',', array_keys($groups)).')'.$filter.' 
			ORDER BY actualizacion DESC LIMIT '.$offset.','.$config['block_size'];
        $count_sql = 'SELECT count(*) FROM tincidencia WHERE
			id_grupo IN ('.implode(',', array_keys($groups)).')'.$filter.'
			ORDER BY actualizacion DESC';
        $total_sql = 'SELECT count(*) FROM tincidencia WHERE
			id_grupo IN ('.implode(',', array_keys($groups)).')
			ORDER BY actualizacion DESC';
    break;

    case 'postgresql':
    case 'oracle':
        $set = [];
        $set['limit'] = $config['block_size'];
        $set['offset'] = $offset;
        $sql = 'SELECT * FROM tincidencia WHERE
			id_grupo IN ('.implode(',', array_keys($groups)).')'.$filter.'
			ORDER BY actualizacion DESC';
        $sql = oracle_recode_query($sql, $set);
        $count_sql = 'SELECT count(*) FROM tincidencia WHERE
			id_grupo IN ('.implode(',', array_keys($groups)).')'.$filter;
        $total_sql = 'SELECT count(*) FROM tincidencia WHERE
			id_grupo IN ('.implode(',', array_keys($groups)).')';
    break;
}

$result = db_get_all_rows_sql($sql);
$count = db_get_value_sql($count_sql);
$count_total = db_get_value_sql($total_sql);

if (empty($result)) {
    $result = [];
    $count = 0;
}

if ($count_total >= 1) {
    echo '<form name="visualizacion" method="post" action="index.php?sec=workspace&amp;sec2=operation/incidents/incident">';

    echo '<table class="databox filters" cellpadding="4" cellspacing="4" width="100%"><tr>
	<td valign="middle"><h3>'.__('Filter').'</h3>';

    $fields = incidents_get_status();
    echo '<b>'.__('Incidents:').'</b>'.'&nbsp;&nbsp;';
     html_print_select($fields, 'estado', $estado, 'javascript:this.form.submit();', __('All incidents'), -1, false, false, false, 'w155');

    // Legend
    echo '</td><td valign="middle"><noscript>';
    html_print_submit_button(__('Show'), 'submit-estado', false, ['class' => 'sub']);

    echo '</noscript></td><td rowspan="7" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Status').'</h3>';
    foreach (incidents_get_status() as $id => $str) {
        incidents_print_status_img($id);
        echo ' - '.$str.'<br />';
    }

    echo '</td><td rowspan="7" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Priority').'</h3>';
    foreach (incidents_get_priorities() as $id => $str) {
        incidents_print_priority_img($id);
        echo ' - '.$str.'<br />';
    }

    echo '</td></tr><tr><td>';

    $fields = incidents_get_priorities();

    echo '<b>'.__('Priorities:').'</b>'.'&nbsp;&nbsp;';
    html_print_select($fields, 'prioridad', $prioridad, 'javascript:this.form.submit();', __('All priorities'), -1, false, false, false, 'w155');

    echo '</td></tr><tr><td>';

    echo '<b>'.__('Users:').'</b>'.'&nbsp;&nbsp;';
    html_print_select(users_get_info(), 'usuario', $usuario, 'javascript:this.form.submit();', __('All users'), '', false, false, false, 'w155');

    echo '</td></tr><tr><td>';

    $agents_incidents = agents_get_agents(false, ['id_agente', 'nombre']);

    if ($agents_incidents === false) {
        $agents_incidents = [];
    }

    $result_agent_incidents = [];
    foreach ($agents_incidents as $agent_incident) {
        $result_agent_incidents[$agent_incident['id_agente']] = $agent_incident['nombre'];
    }

    echo '<b>'.__('Agents:').'</b>'.'&nbsp;&nbsp;';
    html_print_select(
        $result_agent_incidents,
        'agent_search',
        $agent_search,
        'javascript:this.form.submit();',
        __('All agents'),
        '',
        false,
        false,
        false,
        'w155'
    );

    echo '</td></tr><tr><td colspan=3>';

    echo '<b>'.__('Groups:').'</b>'.'&nbsp;&nbsp;';
    html_print_select_groups($config['id_user'], 'IR', true, 'grupo', $grupo, 'javascript:this.form.submit();', '', '', false, false, false, 'w155');

    // echo "&nbsp;&nbsp;&nbsp;&nbsp;";
    echo '</td></tr><tr><td colspan=3>';

    echo '<b>'.__('Free text:').'</b>'.ui_print_help_tip(
        __('Search by incident name or description, list matches.'),
        true
    ).'&nbsp;&nbsp;';
    html_print_input_text('texto', $texto, '', 45);
    echo '&nbsp;';
    html_print_input_image('submit', 'images/zoom.png', __('Search'), 'padding:0;', false, ['alt' => __('Search')]);

    echo '</td></tr></table>';
    echo '</form>';
}

if ($count_total < 1) {
    include_once $config['homedir'].'/general/firts_task/incidents.php';
} else {
    // TOTAL incidents
    $url = 'index.php?sec=workspace&amp;sec2=operation/incidents/incident';

    $estado = -1;

    // add form filter values for group, priority, state, and search fields: user and text
    if ($grupo != -1) {
        $url .= '&amp;grupo='.$grupo;
    }

    if ($prioridad != -1) {
        $url .= '&amp;prioridad='.$prioridad;
    }

    if ($estado != -1) {
        $url .= '&amp;estado='.$estado;
    }

    if ($usuario != '') {
        $url .= '&amp;usuario='.$usuario;
    }

    if ($texto != '') {
        $url .= '&amp;texto='.$texto;
    }

    // Show pagination
    ui_pagination($count, $url, $offset, 0, false);
    // ($count + $offset) it's real count of incidents because it's use LIMIT $offset in query.
    echo '<br />';

    // Show headers
    $table->width = '100%';
    $table->class = 'databox data';
    $table->cellpadding = 4;
    $table->cellspacing = 4;
    $table->head = [];
    $table->data = [];
    $table->size = [];
    $table->align = [];

    $table->head[0] = __('ID');
    $table->head[1] = __('Status');
    $table->head[2] = __('Incident');
    $table->head[3] = __('Priority');
    $table->head[4] = __('Group');
    $table->head[5] = __('Updated');
    $table->head[6] = __('Source');
    $table->head[7] = __('Owner');
    $table->head[8] = __('Action').html_print_checkbox('all_action', 0, false, true, false);

    $table->size[0] = 43;
    $table->size[7] = 50;

    $table->align[1] = 'left';
    $table->align[3] = 'left';
    $table->align[4] = 'left';
    $table->align[8] = 'left';

    $rowPair = true;
    $iterator = 0;
    foreach ($result as $row) {
        if ($rowPair) {
            $table->rowclass[$iterator] = 'rowPair';
        } else {
            $table->rowclass[$iterator] = 'rowOdd';
        }

        $rowPair = !$rowPair;
        $iterator++;

        $data = [];

        $data[0] = '<a href="index.php?sec=workspace&amp;sec2=operation/incidents/incident_detail&amp;id='.$row['id_incidencia'].'">'.$row['id_incidencia'].'</a>';
        $attach = incidents_get_attach($row['id_incidencia']);

        if (!empty($attach)) {
            $data[0] .= '&nbsp;&nbsp;'.html_print_image('images/attachment.png', true, ['style' => 'align:middle;']);
        }

        $data[1] = incidents_print_status_img($row['estado'], true);
        $data[2] = '<a href="index.php?sec=workspace&amp;sec2=operation/incidents/incident_detail&amp;id='.$row['id_incidencia'].'">'.ui_print_truncate_text(io_safe_output($row['titulo']), 'item_title').'</a>';
        $data[3] = incidents_print_priority_img($row['prioridad'], true);
        $data[4] = ui_print_group_icon($row['id_grupo'], true);
        $data[5] = ui_print_timestamp($row['actualizacion'], true);
        $data[6] = $row['origen'];
        if (empty($row['id_usuario'])) {
            $data[7] = 'SYSTEM';
        } else {
            $data[7] = ui_print_username($row['id_usuario'], true);
        }

        if (check_acl($config['id_user'], $row['id_grupo'], 'IM') || $config['id_user'] == $row['id_usuario'] || $config['id_user'] == $row['id_creator']) {
            $data[8] = html_print_checkbox('id_inc[]', $row['id_incidencia'], false, true);
        } else {
            $data[8] = '';
        }

        array_push($table->data, $data);
    }

    echo '<form method="post" action="'.$url.'&amp;action=mass" style="margin-bottom: 0px;">';
    html_print_table($table);
    echo '<div style="text-align:right; float:right;">';
    if (check_acl($config['id_user'], 0, 'IW')) {
        html_print_submit_button(__('Delete incidents'), 'delete_btn', false, 'class="sub delete" style="margin-right: 5px;"');
    }

    if (check_acl($config['id_user'], 0, 'IM')) {
        html_print_submit_button(__('Become owner'), 'own_btn', false, 'class="sub upd"');
    }

    echo '</div>';
    echo '</form>';
    unset($table);
    if (check_acl($config['id_user'], 0, 'IW')) {
        echo '<div style="text-align:right; float:right; padding-right: 5px;">';
        echo '<form method="post" action="index.php?sec=workspace&amp;sec2=operation/incidents/incident_detail&amp;insert_form=1">';
        html_print_submit_button(__('Create incident'), 'crt', false, 'class="sub next"');
        echo '</form>';
        echo '</div>';
    }
}


echo '<div style="clear:both">&nbsp;</div>';