Fixing #111 - Weathermap permissions

Cacti · Mar 22, 2023 · 8ffe823 · 8ffe823
1 parent f005cf4
commit 8ffe823
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,8 +18,10 @@ IMPORTANT NOTE: This version only works on CACTI 1.x++!
 * issue#87: WeatherMap Sort Order not respected on Top Tab
 * issue#89: Allow more Graphs types to be searched for
 * issue#90: Error: You have an error in your SQL syntax, Mysql 8.0 Weathermap 1.0
+* issue#111: Weathermap permissions management errors
 * feature#97: Auto-set the boost setting instead of making it a discrete user setting
 
+
 --- 1.0 Beta 4 ---
 * issue#64: Map Properties-Map Size-Unable to display entire map
 * issue#74: Weathermap Editor Issues

diff --git a/weathermap-cacti-plugin-mgmt.php b/weathermap-cacti-plugin-mgmt.php
@@ -1663,6 +1663,12 @@ function perms_get_records(&$total_rows, $rows = 30, $apply_limits = true) {
 			}
 		}
 
+		if (get_request_var('type') == -1) {
+			$sql_params[] = get_request_var('id');
+		}
+
+		$sql_params[] = get_request_var('id');
+
 		if (get_request_var('type') == -1 || get_request_var('type') == 1) {
 			$sql_where2   = 'AND (name LIKE ? OR description LIKE ?)';
 
@@ -1683,8 +1689,15 @@ function perms_get_records(&$total_rows, $rows = 30, $apply_limits = true) {
 				$sql_where1  .= ' AND id != ?';
 				$sql_params[] = $template_user;
 			}
+
 		}
 
+		if (get_request_var('type') == -1) {
+			$sql_params[] = get_request_var('id');
+		}
+
+		$sql_params[] = get_request_var('id');
+
 		if (get_request_var('type') == -1 || get_request_var('type') == 1) {
 			$sql_params[] = get_request_var('id');
 		}
@@ -1701,15 +1714,15 @@ function perms_get_records(&$total_rows, $rows = 30, $apply_limits = true) {
 				UNION ALL
 				SELECT id, username AS name, full_name AS description, 'user' AS type, wa.mapid AS allowed, realm
 				FROM user_auth AS ua
-				$join JOIN weathermap_auth AS wa
+				$join JOIN (SELECT * FROM weathermap_auth WHERE mapid = ?) AS wa
 				ON ua.id = wa.userid
 				AND ua.enabled = 'on'
 				WHERE (wa.mapid = ? OR (wa.mapid IS NULL AND ua.enabled = 'on'))
 				$sql_where1
 				UNION ALL
 				SELECT id, name, description, 'group' AS type, wa.mapid AS allowed, 'N/A' AS realm
 				FROM user_auth_group AS uag
-				$join JOIN weathermap_auth AS wa
+				$join JOIN (SELECT * FROM weathermap_auth WHERE mapid = ?) AS wa
 				ON uag.id = -wa.userid
 				AND uag.enabled = 'on'
 				WHERE (wa.mapid = ? OR (wa.mapid IS NULL AND uag.enabled = 'on'))
@@ -1722,15 +1735,15 @@ function perms_get_records(&$total_rows, $rows = 30, $apply_limits = true) {
 			FROM (
 				SELECT COUNT(*) AS `rows`
 				FROM user_auth AS ua
-				$join JOIN weathermap_auth AS wa
+				$join JOIN (SELECT * FROM weathermap_auth WHERE mapid = ?) AS wa
 				ON ua.id = wa.userid
 				AND ua.enabled = 'on'
 				WHERE (wa.mapid = ? OR (wa.mapid IS NULL AND ua.enabled = 'on'))
 				$sql_where1
 				UNION ALL
 				SELECT COUNT(*) AS `rows`
 				FROM user_auth_group AS uag
-				$join JOIN weathermap_auth AS wa
+				$join JOIN (SELECT * FROM weathermap_auth WHERE mapid = ?)  AS wa
 				ON uag.id = -wa.userid
 				AND uag.enabled = 'on'
 				WHERE (wa.mapid = ? OR (wa.mapid IS NULL AND uag.enabled = 'on'))
@@ -1744,7 +1757,7 @@ function perms_get_records(&$total_rows, $rows = 30, $apply_limits = true) {
 				UNION ALL
 				SELECT id, username AS name, full_name AS description, 'user' AS type, wa.mapid AS allowed, realm
 				FROM user_auth AS ua
-				$join JOIN weathermap_auth AS wa
+				$join JOIN (SELECT * FROM weathermap_auth WHERE mapid = ?) AS wa
 				ON ua.id = wa.userid
 				AND ua.enabled = 'on'
 				WHERE (wa.mapid = ? OR (wa.mapid IS NULL AND ua.enabled = 'on'))
@@ -1755,7 +1768,7 @@ function perms_get_records(&$total_rows, $rows = 30, $apply_limits = true) {
 
 		$total_rows = db_fetch_cell_prepared("SELECT COUNT(*) + 1
 			FROM user_auth AS ua
-			$join JOIN weathermap_auth AS wa
+			$join JOIN (SELECT * FROM weathermap_auth WHERE mapid = ?) AS wa
 			ON ua.id = wa.userid
 			AND ua.enabled = 'on'
 			WHERE (wa.mapid = ? OR (wa.mapid IS NULL AND ua.enabled = 'on'))
@@ -1768,7 +1781,7 @@ function perms_get_records(&$total_rows, $rows = 30, $apply_limits = true) {
 				UNION ALL
 				SELECT id, name, description, 'group' AS type, wa.mapid AS allowed, 'N/A' AS realm
 				FROM user_auth_group AS uag
-				$join JOIN weathermap_auth AS wa
+				$join JOIN (SELECT * FROM weathermap_auth WHERE mapid = ?) AS wa
 				ON uag.id = -wa.userid
 				AND uag.enabled = 'on'
 				WHERE (wa.mapid = ? OR (wa.mapid IS NULL AND uag.enabled = 'on'))
@@ -1779,7 +1792,7 @@ function perms_get_records(&$total_rows, $rows = 30, $apply_limits = true) {
 
 		$total_rows = db_fetch_cell_prepared("SELECT COUNT(*) + 1
 			FROM user_auth_group AS uag
-			$join JOIN weathermap_auth AS wa
+			$join JOIN (SELECT * FROM weathermap_auth WHERE mapid = ?) AS wa
 			ON uag.id = -wa.userid
 			AND uag.enabled = 'on'
 			WHERE (wa.mapid = ? OR (wa.mapid IS NULL AND uag.enabled = 'on'))