503 lines
17 KiB
PHP
Executable File
503 lines
17 KiB
PHP
Executable File
<script type="text/javascript">
|
|
|
|
$( document ).ready(function() {
|
|
|
|
$('[id^=checkbox-id_inc]').change(function(){
|
|
if($(this).parent().parent().hasClass('checkselected')){
|
|
$(this).parent().parent().removeClass('checkselected');
|
|
}
|
|
else{
|
|
$(this).parent().parent().addClass('checkselected');
|
|
}
|
|
});
|
|
|
|
$('[id^=checkbox-all_action]').change(function(){
|
|
if ($("#checkbox-all_action").prop("checked")) {
|
|
$('[id^=checkbox-id_inc]').parent().parent().addClass('checkselected');
|
|
$('[name^=id_inc]').prop("checked", true);
|
|
}
|
|
else{
|
|
$('[id^=checkbox-id_inc]').parent().parent().removeClass('checkselected');
|
|
$('[name^=id_inc]').prop("checked", false);
|
|
}
|
|
});
|
|
|
|
});
|
|
|
|
</script>
|
|
|
|
<?php
|
|
|
|
// Pandora FMS - http://pandorafms.com
|
|
// ==================================================
|
|
// Copyright (c) 2005-2011 Artica Soluciones Tecnologicas
|
|
// Please see http://pandorafms.org for full contribution list
|
|
// This program is free software; you can redistribute it and/or
|
|
// modify it under the terms of the GNU General Public License
|
|
// as published by the Free Software Foundation for version 2.
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
global $config;
|
|
require_once 'include/functions_incidents.php';
|
|
|
|
check_login();
|
|
|
|
$incident_r = check_acl($config['id_user'], 0, 'IR');
|
|
$incident_w = check_acl($config['id_user'], 0, 'IW');
|
|
$incident_m = check_acl($config['id_user'], 0, 'IM');
|
|
$access = ($incident_r == true) ? 'IR' : (($incident_w == true) ? 'IW' : (($incident_m == true) ? 'IM' : 'IR'));
|
|
|
|
if (!$incident_r && !$incident_w && !$incident_m) {
|
|
db_pandora_audit('ACL Violation', 'Trying to access incident viewer');
|
|
include 'general/noaccess.php';
|
|
exit;
|
|
}
|
|
|
|
// Header
|
|
ui_print_page_header(
|
|
__('Incident management'),
|
|
'images/book_edit.png',
|
|
false,
|
|
'',
|
|
false,
|
|
''
|
|
);
|
|
|
|
// Take input parameters
|
|
// Offset adjustment
|
|
if (isset($_GET['offset'])) {
|
|
$offset = get_parameter('offset');
|
|
} else {
|
|
$offset = 0;
|
|
}
|
|
|
|
// Check action. Try to get author and group
|
|
$action = get_parameter('action');
|
|
|
|
if ($action == 'mass') {
|
|
$id_inc = get_parameter('id_inc', []);
|
|
$delete_btn = get_parameter('delete_btn', -1);
|
|
$own_btn = get_parameter('own_btn', -1);
|
|
|
|
foreach ($id_inc as $incident) {
|
|
if (check_acl($config['id_user'], incidents_get_group($incident), 'IM') || incidents_get_author($incident) == $config['id_user'] || incidents_get_owner($incident) == $config['id_user']) {
|
|
continue;
|
|
}
|
|
|
|
db_pandora_audit('ACL Forbidden', 'Mass-update or deletion of incident');
|
|
include 'general/noaccess.php';
|
|
exit;
|
|
}
|
|
|
|
if ($delete_btn != -1) {
|
|
$result = incidents_delete_incident($id_inc);
|
|
ui_print_result_message(
|
|
$result,
|
|
__('Successfully deleted'),
|
|
__('Could not be deleted')
|
|
);
|
|
}
|
|
|
|
if ($own_btn != -1) {
|
|
$result = incidents_process_chown($id_inc, $config['id_user']);
|
|
ui_print_result_message(
|
|
$result,
|
|
__('Successfully reclaimed ownership'),
|
|
__('Could not reclame ownership')
|
|
);
|
|
}
|
|
} else if ($action == 'update') {
|
|
$id_inc = get_parameter('id_inc', 0);
|
|
$author = incidents_get_author($id_inc);
|
|
$owner = incidents_get_owner($id_inc);
|
|
$grupo = incidents_get_group($id_inc);
|
|
|
|
if ($author != $config['id_user'] && $owner != $config['id_user'] && !check_acl($config['id_user'], $grupo, 'IM')) {
|
|
// Only admins (manage incident) or owners/creators can modify incidents
|
|
db_pandora_audit('ACL Forbidden', 'Update incident #'.$id_inc, $author);
|
|
include 'general/noaccess.php';
|
|
exit;
|
|
}
|
|
|
|
$titulo = get_parameter('titulo');
|
|
$titulo = io_safe_input(strip_tags(io_safe_output($titulo)));
|
|
$descripcion = get_parameter('descripcion');
|
|
$origen = get_parameter('origen_form');
|
|
$prioridad = get_parameter('prioridad_form', 0);
|
|
$estado = get_parameter('estado_form', 0);
|
|
$grupo = get_parameter('grupo_form', 1);
|
|
$usuario = get_parameter('usuario_form', $config['id_user']);
|
|
$id_agent = get_parameter('id_agent');
|
|
|
|
$sql = sprintf(
|
|
"UPDATE tincidencia
|
|
SET titulo = '%s', origen = '%s', estado = %d, id_grupo = %d, id_usuario = '%s', prioridad = %d, descripcion = '%s', id_lastupdate = '%s', id_agent = %d
|
|
WHERE id_incidencia = %d",
|
|
$titulo,
|
|
$origen,
|
|
$estado,
|
|
$grupo,
|
|
$usuario,
|
|
$prioridad,
|
|
$descripcion,
|
|
$config['id_user'],
|
|
$id_agent,
|
|
$id_inc
|
|
);
|
|
$result = db_process_sql($sql);
|
|
|
|
if ($result !== false) {
|
|
db_pandora_audit('Incident updated', 'User '.$config['id_user'].' updated incident #'.$id_inc);
|
|
}
|
|
|
|
ui_print_result_message(
|
|
$result,
|
|
__('Successfully updated'),
|
|
__('Could not be updated')
|
|
);
|
|
} else if ($action == 'insert') {
|
|
// Create incident
|
|
$grupo = get_parameter('grupo_form', 1);
|
|
|
|
if (!check_acl($config['id_user'], $grupo, 'IW')) {
|
|
db_pandora_audit('ACL Forbidden', 'User '.$config['id_user'].' tried to update incident');
|
|
include 'general/noaccess.php';
|
|
exit;
|
|
}
|
|
|
|
// Read input variables
|
|
$titulo = get_parameter('titulo');
|
|
$titulo = io_safe_input(strip_tags(io_safe_output($titulo)));
|
|
$descripcion = get_parameter('descripcion');
|
|
$origen = get_parameter('origen_form');
|
|
$prioridad = get_parameter('prioridad_form');
|
|
$id_creator = $config['id_user'];
|
|
$estado = get_parameter('estado_form');
|
|
$usuario = get_parameter('usuario_form', '');
|
|
$id_agent = get_parameter('id_agent');
|
|
|
|
$sql = sprintf(
|
|
"INSERT INTO tincidencia
|
|
(inicio, actualizacion, titulo, descripcion, id_usuario, origen, estado, prioridad, id_grupo, id_creator, id_agent, id_agente_modulo)
|
|
VALUES
|
|
(NOW(), NOW(), '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, 0)",
|
|
$titulo,
|
|
$descripcion,
|
|
$usuario,
|
|
$origen,
|
|
$estado,
|
|
$prioridad,
|
|
$grupo,
|
|
$config['id_user'],
|
|
$id_agent
|
|
);
|
|
$id_inc = db_process_sql($sql, 'insert_id');
|
|
|
|
if ($id_inc === false) {
|
|
ui_print_error_message(__('Error creating incident'));
|
|
} else {
|
|
ui_print_success_message(__('Incident created'));
|
|
db_pandora_audit('Incident created', 'User '.$config['id_user'].' created incident #'.$id_inc);
|
|
}
|
|
}
|
|
|
|
// Search
|
|
$filter = '';
|
|
|
|
$texto = (string) get_parameter('texto', '');
|
|
if ($texto != '') {
|
|
$filter .= sprintf(" AND (titulo LIKE '%%%s%%' OR descripcion LIKE '%%%s%%')", $texto, $texto);
|
|
}
|
|
|
|
$usuario = (string) get_parameter('usuario', '');
|
|
if ($usuario != '') {
|
|
$filter .= sprintf(" AND id_usuario = '%s'", $usuario);
|
|
}
|
|
|
|
$estado = (int) get_parameter('estado', -1);
|
|
if ($estado >= 0) {
|
|
// -1 = All
|
|
$filter .= sprintf(' AND estado = %d', $estado);
|
|
}
|
|
|
|
$grupo = (int) get_parameter('grupo', 0);
|
|
if ($grupo > 0) {
|
|
$filter .= sprintf(' AND id_grupo = %d', $grupo);
|
|
if (check_acl($config['id_user'], $grupo, 'IM') == 0) {
|
|
db_pandora_audit('ACL Forbidden', 'User tried to read incidents from group without access');
|
|
include 'general/noaccess.php';
|
|
exit;
|
|
}
|
|
}
|
|
|
|
$prioridad = (int) get_parameter('prioridad', -1);
|
|
if ($prioridad != -1) {
|
|
// -1 = All
|
|
$filter .= sprintf(' AND prioridad = %d', $prioridad);
|
|
}
|
|
|
|
$agent_search = (int) get_parameter('agent_search');
|
|
if ($agent_search != 0) {
|
|
$filter .= sprintf(' AND id_agent = %d', $agent_search);
|
|
}
|
|
|
|
$offset = (int) get_parameter('offset', 0);
|
|
$groups = users_get_groups($config['id_user'], 'IR');
|
|
|
|
// Select incidencts where the user has access to ($groups from
|
|
// get_user_groups), array_keys for the id, implode to pass to SQL
|
|
switch ($config['dbtype']) {
|
|
case 'mysql':
|
|
$sql = 'SELECT * FROM tincidencia WHERE
|
|
id_grupo IN ('.implode(',', array_keys($groups)).')'.$filter.'
|
|
ORDER BY actualizacion DESC LIMIT '.$offset.','.$config['block_size'];
|
|
$count_sql = 'SELECT count(*) FROM tincidencia WHERE
|
|
id_grupo IN ('.implode(',', array_keys($groups)).')'.$filter.'
|
|
ORDER BY actualizacion DESC';
|
|
$total_sql = 'SELECT count(*) FROM tincidencia WHERE
|
|
id_grupo IN ('.implode(',', array_keys($groups)).')
|
|
ORDER BY actualizacion DESC';
|
|
break;
|
|
|
|
case 'postgresql':
|
|
case 'oracle':
|
|
$set = [];
|
|
$set['limit'] = $config['block_size'];
|
|
$set['offset'] = $offset;
|
|
$sql = 'SELECT * FROM tincidencia WHERE
|
|
id_grupo IN ('.implode(',', array_keys($groups)).')'.$filter.'
|
|
ORDER BY actualizacion DESC';
|
|
$sql = oracle_recode_query($sql, $set);
|
|
$count_sql = 'SELECT count(*) FROM tincidencia WHERE
|
|
id_grupo IN ('.implode(',', array_keys($groups)).')'.$filter;
|
|
$total_sql = 'SELECT count(*) FROM tincidencia WHERE
|
|
id_grupo IN ('.implode(',', array_keys($groups)).')';
|
|
break;
|
|
}
|
|
|
|
$result = db_get_all_rows_sql($sql);
|
|
$count = db_get_value_sql($count_sql);
|
|
$count_total = db_get_value_sql($total_sql);
|
|
|
|
if (empty($result)) {
|
|
$result = [];
|
|
$count = 0;
|
|
}
|
|
|
|
if ($count_total >= 1) {
|
|
echo '<form name="visualizacion" method="post" action="index.php?sec=workspace&sec2=operation/incidents/incident">';
|
|
|
|
echo '<table class="databox filters" cellpadding="4" cellspacing="4" width="100%"><tr>
|
|
<td valign="middle"><h3>'.__('Filter').'</h3>';
|
|
|
|
$fields = incidents_get_status();
|
|
echo '<b>'.__('Incidents:').'</b>'.' ';
|
|
html_print_select($fields, 'estado', $estado, 'javascript:this.form.submit();', __('All incidents'), -1, false, false, false, 'w155');
|
|
|
|
// Legend
|
|
echo '</td><td valign="middle"><noscript>';
|
|
html_print_submit_button(__('Show'), 'submit-estado', false, ['class' => 'sub']);
|
|
|
|
echo '</noscript></td><td rowspan="7" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Status').'</h3>';
|
|
foreach (incidents_get_status() as $id => $str) {
|
|
incidents_print_status_img($id);
|
|
echo ' - '.$str.'<br />';
|
|
}
|
|
|
|
echo '</td><td rowspan="7" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Priority').'</h3>';
|
|
foreach (incidents_get_priorities() as $id => $str) {
|
|
incidents_print_priority_img($id);
|
|
echo ' - '.$str.'<br />';
|
|
}
|
|
|
|
echo '</td></tr><tr><td>';
|
|
|
|
$fields = incidents_get_priorities();
|
|
|
|
echo '<b>'.__('Priorities:').'</b>'.' ';
|
|
html_print_select($fields, 'prioridad', $prioridad, 'javascript:this.form.submit();', __('All priorities'), -1, false, false, false, 'w155');
|
|
|
|
echo '</td></tr><tr><td>';
|
|
|
|
echo '<b>'.__('Users:').'</b>'.' ';
|
|
html_print_select(users_get_info(), 'usuario', $usuario, 'javascript:this.form.submit();', __('All users'), '', false, false, false, 'w155');
|
|
|
|
echo '</td></tr><tr><td>';
|
|
|
|
$agents_incidents = agents_get_agents(false, ['id_agente', 'nombre']);
|
|
|
|
if ($agents_incidents === false) {
|
|
$agents_incidents = [];
|
|
}
|
|
|
|
$result_agent_incidents = [];
|
|
foreach ($agents_incidents as $agent_incident) {
|
|
$result_agent_incidents[$agent_incident['id_agente']] = $agent_incident['nombre'];
|
|
}
|
|
|
|
echo '<b>'.__('Agents:').'</b>'.' ';
|
|
html_print_select(
|
|
$result_agent_incidents,
|
|
'agent_search',
|
|
$agent_search,
|
|
'javascript:this.form.submit();',
|
|
__('All agents'),
|
|
'',
|
|
false,
|
|
false,
|
|
false,
|
|
'w155'
|
|
);
|
|
|
|
echo '</td></tr><tr><td colspan=3>';
|
|
|
|
echo '<b>'.__('Groups:').'</b>'.' ';
|
|
html_print_select_groups($config['id_user'], 'IR', true, 'grupo', $grupo, 'javascript:this.form.submit();', '', '', false, false, false, 'w155');
|
|
|
|
// echo " ";
|
|
echo '</td></tr><tr><td colspan=3>';
|
|
|
|
echo '<b>'.__('Free text:').'</b>'.ui_print_help_tip(
|
|
__('Search by incident name or description, list matches.'),
|
|
true
|
|
).' ';
|
|
html_print_input_text('texto', $texto, '', 45);
|
|
echo ' ';
|
|
html_print_input_image('submit', 'images/zoom.png', __('Search'), 'padding:0;', false, ['alt' => __('Search')]);
|
|
|
|
echo '</td></tr></table>';
|
|
echo '</form>';
|
|
}
|
|
|
|
if ($count_total < 1) {
|
|
include_once $config['homedir'].'/general/firts_task/incidents.php';
|
|
} else {
|
|
// TOTAL incidents
|
|
$url = 'index.php?sec=workspace&sec2=operation/incidents/incident';
|
|
|
|
$estado = -1;
|
|
|
|
// add form filter values for group, priority, state, and search fields: user and text
|
|
if ($grupo != -1) {
|
|
$url .= '&grupo='.$grupo;
|
|
}
|
|
|
|
if ($prioridad != -1) {
|
|
$url .= '&prioridad='.$prioridad;
|
|
}
|
|
|
|
if ($estado != -1) {
|
|
$url .= '&estado='.$estado;
|
|
}
|
|
|
|
if ($usuario != '') {
|
|
$url .= '&usuario='.$usuario;
|
|
}
|
|
|
|
if ($texto != '') {
|
|
$url .= '&texto='.$texto;
|
|
}
|
|
|
|
// Show pagination
|
|
ui_pagination($count, $url, $offset, 0, false);
|
|
// ($count + $offset) it's real count of incidents because it's use LIMIT $offset in query.
|
|
echo '<br />';
|
|
|
|
// Show headers
|
|
$table->width = '100%';
|
|
$table->class = 'databox data';
|
|
$table->cellpadding = 4;
|
|
$table->cellspacing = 4;
|
|
$table->head = [];
|
|
$table->data = [];
|
|
$table->size = [];
|
|
$table->align = [];
|
|
|
|
$table->head[0] = __('ID');
|
|
$table->head[1] = __('Status');
|
|
$table->head[2] = __('Incident');
|
|
$table->head[3] = __('Priority');
|
|
$table->head[4] = __('Group');
|
|
$table->head[5] = __('Updated');
|
|
$table->head[6] = __('Source');
|
|
$table->head[7] = __('Owner');
|
|
$table->head[8] = __('Action').html_print_checkbox('all_action', 0, false, true, false);
|
|
|
|
$table->size[0] = 43;
|
|
$table->size[7] = 50;
|
|
|
|
$table->align[1] = 'left';
|
|
$table->align[3] = 'left';
|
|
$table->align[4] = 'left';
|
|
$table->align[8] = 'left';
|
|
|
|
$rowPair = true;
|
|
$iterator = 0;
|
|
foreach ($result as $row) {
|
|
if ($rowPair) {
|
|
$table->rowclass[$iterator] = 'rowPair';
|
|
} else {
|
|
$table->rowclass[$iterator] = 'rowOdd';
|
|
}
|
|
|
|
$rowPair = !$rowPair;
|
|
$iterator++;
|
|
|
|
$data = [];
|
|
|
|
$data[0] = '<a href="index.php?sec=workspace&sec2=operation/incidents/incident_detail&id='.$row['id_incidencia'].'">'.$row['id_incidencia'].'</a>';
|
|
$attach = incidents_get_attach($row['id_incidencia']);
|
|
|
|
if (!empty($attach)) {
|
|
$data[0] .= ' '.html_print_image('images/attachment.png', true, ['style' => 'align:middle;']);
|
|
}
|
|
|
|
$data[1] = incidents_print_status_img($row['estado'], true);
|
|
$data[2] = '<a href="index.php?sec=workspace&sec2=operation/incidents/incident_detail&id='.$row['id_incidencia'].'">'.ui_print_truncate_text(io_safe_output($row['titulo']), 'item_title').'</a>';
|
|
$data[3] = incidents_print_priority_img($row['prioridad'], true);
|
|
$data[4] = ui_print_group_icon($row['id_grupo'], true);
|
|
$data[5] = ui_print_timestamp($row['actualizacion'], true);
|
|
$data[6] = $row['origen'];
|
|
if (empty($row['id_usuario'])) {
|
|
$data[7] = 'SYSTEM';
|
|
} else {
|
|
$data[7] = ui_print_username($row['id_usuario'], true);
|
|
}
|
|
|
|
if (check_acl($config['id_user'], $row['id_grupo'], 'IM') || $config['id_user'] == $row['id_usuario'] || $config['id_user'] == $row['id_creator']) {
|
|
$data[8] = html_print_checkbox('id_inc[]', $row['id_incidencia'], false, true);
|
|
} else {
|
|
$data[8] = '';
|
|
}
|
|
|
|
array_push($table->data, $data);
|
|
}
|
|
|
|
echo '<form method="post" action="'.$url.'&action=mass" style="margin-bottom: 0px;">';
|
|
html_print_table($table);
|
|
echo '<div style="text-align:right; float:right;">';
|
|
if (check_acl($config['id_user'], 0, 'IW')) {
|
|
html_print_submit_button(__('Delete incidents'), 'delete_btn', false, 'class="sub delete" style="margin-right: 5px;"');
|
|
}
|
|
|
|
if (check_acl($config['id_user'], 0, 'IM')) {
|
|
html_print_submit_button(__('Become owner'), 'own_btn', false, 'class="sub upd"');
|
|
}
|
|
|
|
echo '</div>';
|
|
echo '</form>';
|
|
unset($table);
|
|
if (check_acl($config['id_user'], 0, 'IW')) {
|
|
echo '<div style="text-align:right; float:right; padding-right: 5px;">';
|
|
echo '<form method="post" action="index.php?sec=workspace&sec2=operation/incidents/incident_detail&insert_form=1">';
|
|
html_print_submit_button(__('Create incident'), 'crt', false, 'class="sub next"');
|
|
echo '</form>';
|
|
echo '</div>';
|
|
}
|
|
}
|
|
|
|
|
|
echo '<div style="clear:both"> </div>';
|