<?php declare(strict_types = 0);
/*
** Copyright (C) 2001-2025 Zabbix SIA
**
** This program is free software: you can redistribute it and/or modify it under the terms of
** the GNU Affero General Public License as published by the Free Software Foundation, version 3.
**
** This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
** without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
** See the GNU Affero General Public License for more details.
**
** You should have received a copy of the GNU Affero General Public License along with this program.
** If not, see <https://www.gnu.org/licenses/>.
**/
/**
* A class designed to perform actions related to check access of roles.
*/
class CRoleHelper {
public const UI_MONITORING_DASHBOARD = 'ui.monitoring.dashboard';
public const UI_MONITORING_PROBLEMS = 'ui.monitoring.problems';
public const UI_MONITORING_HOSTS = 'ui.monitoring.hosts';
public const UI_MONITORING_LATEST_DATA = 'ui.monitoring.latest_data';
public const UI_MONITORING_MAPS = 'ui.monitoring.maps';
public const UI_MONITORING_DISCOVERY = 'ui.monitoring.discovery';
public const UI_INVENTORY_OVERVIEW = 'ui.inventory.overview';
public const UI_INVENTORY_HOSTS = 'ui.inventory.hosts';
public const UI_REPORTS_SYSTEM_INFO = 'ui.reports.system_info';
public const UI_REPORTS_AVAILABILITY_REPORT = 'ui.reports.availability_report';
public const UI_REPORTS_TOP_TRIGGERS = 'ui.reports.top_triggers';
public const UI_REPORTS_AUDIT = 'ui.reports.audit';
public const UI_REPORTS_ACTION_LOG = 'ui.reports.action_log';
public const UI_REPORTS_NOTIFICATIONS = 'ui.reports.notifications';
public const UI_REPORTS_SCHEDULED_REPORTS = 'ui.reports.scheduled_reports';
public const UI_SERVICES_SERVICES = 'ui.services.services';
public const UI_SERVICES_SLA = 'ui.services.sla';
public const UI_SERVICES_SLA_REPORT = 'ui.services.sla_report';
public const UI_CONFIGURATION_TEMPLATE_GROUPS = 'ui.configuration.template_groups';
public const UI_CONFIGURATION_HOST_GROUPS = 'ui.configuration.host_groups';
public const UI_CONFIGURATION_TEMPLATES = 'ui.configuration.templates';
public const UI_CONFIGURATION_HOSTS = 'ui.configuration.hosts';
public const UI_CONFIGURATION_MAINTENANCE = 'ui.configuration.maintenance';
public const UI_CONFIGURATION_TRIGGER_ACTIONS = 'ui.configuration.trigger_actions';
public const UI_CONFIGURATION_SERVICE_ACTIONS = 'ui.configuration.service_actions';
public const UI_CONFIGURATION_DISCOVERY_ACTIONS = 'ui.configuration.discovery_actions';
public const UI_CONFIGURATION_AUTOREGISTRATION_ACTIONS = 'ui.configuration.autoregistration_actions';
public const UI_CONFIGURATION_INTERNAL_ACTIONS = 'ui.configuration.internal_actions';
public const UI_CONFIGURATION_EVENT_CORRELATION = 'ui.configuration.event_correlation';
public const UI_CONFIGURATION_DISCOVERY = 'ui.configuration.discovery';
public const UI_ADMINISTRATION_GENERAL = 'ui.administration.general';
public const UI_ADMINISTRATION_AUDIT_LOG = 'ui.administration.audit_log';
public const UI_ADMINISTRATION_HOUSEKEEPING = 'ui.administration.housekeeping';
public const UI_ADMINISTRATION_PROXY_GROUPS = 'ui.administration.proxy_groups';
public const UI_ADMINISTRATION_PROXIES = 'ui.administration.proxies';
public const UI_ADMINISTRATION_MACROS = 'ui.administration.macros';
public const UI_ADMINISTRATION_AUTHENTICATION = 'ui.administration.authentication';
public const UI_ADMINISTRATION_USER_GROUPS = 'ui.administration.user_groups';
public const UI_ADMINISTRATION_USER_ROLES = 'ui.administration.user_roles';
public const UI_ADMINISTRATION_USERS = 'ui.administration.users';
public const UI_ADMINISTRATION_API_TOKENS = 'ui.administration.api_tokens';
public const UI_ADMINISTRATION_MEDIA_TYPES = 'ui.administration.media_types';
public const UI_ADMINISTRATION_SCRIPTS = 'ui.administration.scripts';
public const UI_ADMINISTRATION_QUEUE = 'ui.administration.queue';
public const ACTIONS_EDIT_DASHBOARDS = 'actions.edit_dashboards';
public const ACTIONS_EDIT_MAPS = 'actions.edit_maps';
public const ACTIONS_EDIT_MAINTENANCE = 'actions.edit_maintenance';
public const ACTIONS_ADD_PROBLEM_COMMENTS = 'actions.add_problem_comments';
public const ACTIONS_CHANGE_SEVERITY = 'actions.change_severity';
public const ACTIONS_ACKNOWLEDGE_PROBLEMS = 'actions.acknowledge_problems';
public const ACTIONS_SUPPRESS_PROBLEMS = 'actions.suppress_problems';
public const ACTIONS_CLOSE_PROBLEMS = 'actions.close_problems';
public const ACTIONS_EXECUTE_SCRIPTS = 'actions.execute_scripts';
public const ACTIONS_MANAGE_API_TOKENS = 'actions.manage_api_tokens';
public const ACTIONS_MANAGE_SCHEDULED_REPORTS = 'actions.manage_scheduled_reports';
public const ACTIONS_MANAGE_SLA = 'actions.manage_sla';
public const ACTIONS_INVOKE_EXECUTE_NOW = 'actions.invoke_execute_now';
public const ACTIONS_CHANGE_PROBLEM_RANKING = 'actions.change_problem_ranking';
public const UI_SECTION_DASHBOARDS = 'ui.dashboards';
public const UI_SECTION_MONITORING = 'ui.monitoring';
public const UI_SECTION_SERVICES = 'ui.services';
public const UI_SECTION_INVENTORY = 'ui.inventory';
public const UI_SECTION_REPORTS = 'ui.reports';
public const UI_SECTION_DATA_COLLECTION = 'ui.data_collection';
public const UI_SECTION_ALERTS = 'ui.alerts';
public const UI_SECTION_USERS = 'ui.users';
public const UI_SECTION_ADMINISTRATION = 'ui.administration';
public const API_ANY_METHOD = '.*';
public const API_ANY_SERVICE = '*.';
public const SERVICES_ACCESS_NONE = 0;
public const SERVICES_ACCESS_ALL = 1;
public const SERVICES_ACCESS_LIST = 2;
/**
* Array for storing roles data (including rules) loaded from Role API object and converted to one format. The data
* of specific role can be accessed in following way: self::roles[{role ID}].
*
* @var array
*/
private static $roles = [];
/**
* Array for storing all API methods by user type.
*
* @var array
*/
private static $api_methods = [];
/**
* Array for storing all API methods with masks by user type.
*
* @var array
*/
private static $api_method_masks = [];
/**
* Checks the access of specific role to specific rule.
*
* @param string $rule_name Name of the rule to check access for.
* @param string $roleid ID of the role where check of access is necessary to perform.
*
* @return bool Returns true if role have access to specified rule, false - otherwise.
*
* @throws Exception
*/
public static function checkAccess(string $rule_name, string $roleid): bool {
self::loadRoleRules($roleid);
if (!array_key_exists($rule_name, self::$roles[$roleid]['rules']) || $rule_name === 'api') {
return false;
}
return self::$roles[$roleid]['rules'][$rule_name];
}
/**
* Gets list of API methods (with wildcards if that exists) that are considered allowed or denied (depending on
* API access mode) for specific role.
*
* @param string $roleid Role ID.
*
* @return array Returns the array of API methods.
*
* @throws Exception
*/
public static function getRoleApiMethods(string $roleid): array {
self::loadRoleRules($roleid);
return self::$roles[$roleid]['rules']['api'];
}
/**
* Loads once all rules of specified Role API objects by ID and converts rule data to one format.
*
* @param string $roleid Role ID.
*
* @throws Exception
*/
private static function loadRoleRules(string $roleid): void {
if (array_key_exists($roleid, self::$roles)) {
return;
}
if (!$roleid) {
self::$roles[0] = [
'type' => USER_TYPE_ZABBIX_USER,
'rules' => ['api' => []]
];
return;
}
$roles = API::Role()->get([
'output' => ['roleid', 'name', 'type'],
'selectRules' => ['ui', 'ui.default_access', 'modules', 'modules.default_access', 'api.access', 'api.mode',
'api', 'actions', 'actions.default_access'
],
'roleids' => $roleid
]);
if (!$roles) {
throw new Exception(_('Specified role was not found.'));
}
$role = $roles[0];
$rules = [
'ui.default_access' => (bool) $role['rules']['ui.default_access'],
'modules.default_access' => (bool) $role['rules']['modules.default_access'],
'api.access' => (bool) $role['rules']['api.access'],
'api.mode' => (bool) $role['rules']['api.mode'],
'api' => $role['rules']['api'],
'actions.default_access' => (bool) $role['rules']['actions.default_access']
];
foreach ($role['rules']['ui'] as $rule) {
$rules['ui.'.$rule['name']] = (bool) $rule['status'];
}
foreach ($role['rules']['modules'] as $module) {
$rules['modules.module.'.$module['moduleid']] = (bool) $module['status'];
}
foreach ($role['rules']['actions'] as $rule) {
$rules['actions.'.$rule['name']] = (bool) $rule['status'];
}
$role['type'] = (int) $role['type'];
$role['rules'] = $rules;
self::$roles[$roleid] = $role;
}
/**
* Gets all available UI elements rules for specific user type.
*
* @param integer $user_type User type.
*
* @return array Returns the array of rule names for specified user type.
*/
public static function getUiElementsByUserType(int $user_type): array {
$rules = [
self::UI_MONITORING_DASHBOARD,
self::UI_MONITORING_PROBLEMS,
self::UI_MONITORING_HOSTS,
self::UI_MONITORING_LATEST_DATA,
self::UI_MONITORING_MAPS,
self::UI_SERVICES_SERVICES,
self::UI_SERVICES_SLA_REPORT,
self::UI_INVENTORY_OVERVIEW,
self::UI_INVENTORY_HOSTS,
self::UI_REPORTS_AVAILABILITY_REPORT,
self::UI_REPORTS_TOP_TRIGGERS
];
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$rules = array_merge($rules, [
self::UI_MONITORING_DISCOVERY,
self::UI_SERVICES_SLA,
self::UI_REPORTS_SCHEDULED_REPORTS,
self::UI_REPORTS_NOTIFICATIONS,
self::UI_CONFIGURATION_TEMPLATE_GROUPS,
self::UI_CONFIGURATION_HOST_GROUPS,
self::UI_CONFIGURATION_TEMPLATES,
self::UI_CONFIGURATION_HOSTS,
self::UI_CONFIGURATION_MAINTENANCE,
self::UI_CONFIGURATION_DISCOVERY,
self::UI_CONFIGURATION_TRIGGER_ACTIONS,
self::UI_CONFIGURATION_SERVICE_ACTIONS,
self::UI_CONFIGURATION_DISCOVERY_ACTIONS,
self::UI_CONFIGURATION_AUTOREGISTRATION_ACTIONS,
self::UI_CONFIGURATION_INTERNAL_ACTIONS
]);
}
if ($user_type === USER_TYPE_SUPER_ADMIN) {
$rules = array_merge($rules, [
self::UI_REPORTS_SYSTEM_INFO,
self::UI_REPORTS_AUDIT,
self::UI_REPORTS_ACTION_LOG,
self::UI_CONFIGURATION_EVENT_CORRELATION,
self::UI_ADMINISTRATION_MEDIA_TYPES,
self::UI_ADMINISTRATION_SCRIPTS,
self::UI_ADMINISTRATION_USER_GROUPS,
self::UI_ADMINISTRATION_USER_ROLES,
self::UI_ADMINISTRATION_USERS,
self::UI_ADMINISTRATION_API_TOKENS,
self::UI_ADMINISTRATION_AUTHENTICATION,
self::UI_ADMINISTRATION_GENERAL,
self::UI_ADMINISTRATION_AUDIT_LOG,
self::UI_ADMINISTRATION_HOUSEKEEPING,
self::UI_ADMINISTRATION_PROXY_GROUPS,
self::UI_ADMINISTRATION_PROXIES,
self::UI_ADMINISTRATION_MACROS,
self::UI_ADMINISTRATION_QUEUE
]);
}
return $rules;
}
/**
* Gets all available actions rules for specific user type.
*
* @param integer $user_type User type.
*
* @return array Returns the array of rule names for specified user type.
*/
public static function getActionsByUserType(int $user_type): array {
$rules = [
self::ACTIONS_EDIT_DASHBOARDS, self::ACTIONS_EDIT_MAPS, self::ACTIONS_ACKNOWLEDGE_PROBLEMS,
self::ACTIONS_SUPPRESS_PROBLEMS, self::ACTIONS_CLOSE_PROBLEMS, self::ACTIONS_CHANGE_SEVERITY,
self::ACTIONS_ADD_PROBLEM_COMMENTS, self::ACTIONS_EXECUTE_SCRIPTS, self::ACTIONS_MANAGE_API_TOKENS
];
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$rules[] = self::ACTIONS_EDIT_MAINTENANCE;
$rules[] = self::ACTIONS_MANAGE_SCHEDULED_REPORTS;
$rules[] = self::ACTIONS_MANAGE_SLA;
}
$rules = array_merge($rules, [self::ACTIONS_INVOKE_EXECUTE_NOW, self::ACTIONS_CHANGE_PROBLEM_RANKING]);
return $rules;
}
/**
* Gets labels of all available UI sections for specific user type in order as it need to display in UI.
*
* @param integer $user_type User type.
*
* @return array Returns the array where key of each element is UI section name and value is UI section label.
*/
public static function getUiSectionsLabels(int $user_type): array {
$sections = [
self::UI_SECTION_DASHBOARDS => _('Dashboards'),
self::UI_SECTION_MONITORING => _('Monitoring'),
self::UI_SECTION_SERVICES => _('Services'),
self::UI_SECTION_INVENTORY => _('Inventory'),
self::UI_SECTION_REPORTS => _('Reports')
];
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$sections += [
self::UI_SECTION_DATA_COLLECTION => _('Data collection'),
self::UI_SECTION_ALERTS => _('Alerts')
];
}
if ($user_type === USER_TYPE_SUPER_ADMIN) {
$sections += [
self::UI_SECTION_USERS => _('Users'),
self::UI_SECTION_ADMINISTRATION => _('Administration')
];
}
return $sections;
}
/**
* Gets labels of all available rules for specific UI section and user type in order as it need to display in UI.
*
* @param string $ui_section_name UI section name.
* @param integer $user_type User type.
*
* @return array Returns the array where key of each element is rule name and value is rule label.
*/
public static function getUiSectionRulesLabels(string $ui_section_name, int $user_type): array {
switch ($ui_section_name) {
case self::UI_SECTION_DASHBOARDS:
return [
self::UI_MONITORING_DASHBOARD => 'Dashboards'
];
case self::UI_SECTION_MONITORING:
$labels = [
self::UI_MONITORING_PROBLEMS => _('Problems'),
self::UI_MONITORING_HOSTS => _('Hosts'),
self::UI_MONITORING_LATEST_DATA => _('Latest data'),
self::UI_MONITORING_MAPS => _('Maps')
];
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [self::UI_MONITORING_DISCOVERY => _('Discovery')];
}
return $labels;
case self::UI_SECTION_SERVICES:
$labels = [self::UI_SERVICES_SERVICES => _('Services')];
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [self::UI_SERVICES_SLA => _('SLA')];
}
$labels += [self::UI_SERVICES_SLA_REPORT => _('SLA report')];
return $labels;
case self::UI_SECTION_INVENTORY:
return [
self::UI_INVENTORY_OVERVIEW => _('Overview'),
self::UI_INVENTORY_HOSTS => _('Hosts')
];
case self::UI_SECTION_REPORTS:
$labels = [];
if ($user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [self::UI_REPORTS_SYSTEM_INFO => _('System information')];
}
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [
self::UI_REPORTS_SCHEDULED_REPORTS => _('Scheduled reports')
];
}
$labels += [
self::UI_REPORTS_AVAILABILITY_REPORT => _('Availability report'),
self::UI_REPORTS_TOP_TRIGGERS => _('Top 100 triggers')
];
if ($user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [
self::UI_REPORTS_AUDIT => _('Audit log'),
self::UI_REPORTS_ACTION_LOG => _('Action log')
];
}
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [
self::UI_REPORTS_NOTIFICATIONS => _('Notifications')
];
}
return $labels;
case self::UI_SECTION_DATA_COLLECTION:
$labels = [];
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$labels = [
self::UI_CONFIGURATION_TEMPLATE_GROUPS => _('Template groups'),
self::UI_CONFIGURATION_HOST_GROUPS => _('Host groups'),
self::UI_CONFIGURATION_TEMPLATES => _('Templates'),
self::UI_CONFIGURATION_HOSTS => _('Hosts'),
self::UI_CONFIGURATION_MAINTENANCE => _('Maintenance')
];
}
if ($user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [self::UI_CONFIGURATION_EVENT_CORRELATION => _('Event correlation')];
}
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [self::UI_CONFIGURATION_DISCOVERY => _('Discovery')];
}
return $labels;
case self::UI_SECTION_ALERTS:
$labels = [];
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [
self::UI_CONFIGURATION_TRIGGER_ACTIONS => _('Trigger actions'),
self::UI_CONFIGURATION_SERVICE_ACTIONS => _('Service actions'),
self::UI_CONFIGURATION_DISCOVERY_ACTIONS => _('Discovery actions'),
self::UI_CONFIGURATION_AUTOREGISTRATION_ACTIONS => _('Autoregistration actions'),
self::UI_CONFIGURATION_INTERNAL_ACTIONS => _('Internal actions')
];
}
if ($user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [
self::UI_ADMINISTRATION_MEDIA_TYPES => _('Media types'),
self::UI_ADMINISTRATION_SCRIPTS => _('Scripts')
];
}
return $labels;
case self::UI_SECTION_USERS:
$labels = [];
if ($user_type === USER_TYPE_SUPER_ADMIN) {
$labels = [
self::UI_ADMINISTRATION_USER_GROUPS => _('User groups'),
self::UI_ADMINISTRATION_USER_ROLES => _('User roles'),
self::UI_ADMINISTRATION_USERS => _('Users'),
self::UI_ADMINISTRATION_API_TOKENS => _('API tokens'),
self::UI_ADMINISTRATION_AUTHENTICATION => _('Authentication')
];
}
return $labels;
case self::UI_SECTION_ADMINISTRATION:
$labels = [];
if ($user_type === USER_TYPE_SUPER_ADMIN) {
$labels = [
self::UI_ADMINISTRATION_GENERAL => _('General'),
self::UI_ADMINISTRATION_AUDIT_LOG => _('Audit log'),
self::UI_ADMINISTRATION_HOUSEKEEPING => _('Housekeeping'),
self::UI_ADMINISTRATION_PROXY_GROUPS => _('Proxy groups'),
self::UI_ADMINISTRATION_PROXIES => _('Proxies'),
self::UI_ADMINISTRATION_MACROS => _('Macros'),
self::UI_ADMINISTRATION_QUEUE => _('Queue')
];
}
return $labels;
default:
return [];
}
}
/**
* Gets labels of all available actions rules for specific user type in order as it need to display on user roles
* page.
*
* @param integer $user_type User type.
*
* @return array Returns the array where key of each element is rule name and value is rule label.
*/
public static function getActionsLabels(int $user_type): array {
$labels = [
self::ACTIONS_EDIT_DASHBOARDS => _('Create and edit dashboards'),
self::ACTIONS_EDIT_MAPS => _('Create and edit maps')
];
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [self::ACTIONS_EDIT_MAINTENANCE => _('Create and edit maintenance')];
}
$labels += [
self::ACTIONS_ADD_PROBLEM_COMMENTS => _('Add problem comments'),
self::ACTIONS_CHANGE_SEVERITY => _('Change severity'),
self::ACTIONS_ACKNOWLEDGE_PROBLEMS => _('Acknowledge problems'),
self::ACTIONS_SUPPRESS_PROBLEMS => _('Suppress problems'),
self::ACTIONS_CLOSE_PROBLEMS => _('Close problems'),
self::ACTIONS_EXECUTE_SCRIPTS => _('Execute scripts'),
self::ACTIONS_MANAGE_API_TOKENS => _('Manage API tokens')
];
if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) {
$labels += [
self::ACTIONS_MANAGE_SCHEDULED_REPORTS => _('Manage scheduled reports'),
self::ACTIONS_MANAGE_SLA => _('Manage SLA')
];
}
$labels += [
self::ACTIONS_INVOKE_EXECUTE_NOW => _('Invoke "Execute now" on read-only hosts'),
self::ACTIONS_CHANGE_PROBLEM_RANKING => _('Change problem ranking')
];
return $labels;
}
/**
* Returns a list of all API methods by user type or API methods available only for the given user type.
*
* @param int|null $user_type
*
* @return array
*/
public static function getApiMethods(?int $user_type = null): array {
if (!self::$api_methods) {
self::loadApiMethods();
}
return ($user_type !== null) ? self::$api_methods[$user_type] : self::$api_methods;
}
/**
* Returns a list of API methods with masks for the given user type.
*
* @param int|null $user_type
*
* @return array
*/
public static function getApiMethodMasks(?int $user_type = null): array {
if (!self::$api_method_masks) {
self::loadApiMethods();
}
return ($user_type !== null) ? self::$api_method_masks[$user_type] : self::$api_method_masks;
}
/**
* Returns a list of API methods for each method mask for the given user type.
*
* @param int $user_type
*
* @return array
*/
public static function getApiMaskMethods(int $user_type): array {
$api_methods = self::getApiMethods($user_type);
$result = [ZBX_ROLE_RULE_API_WILDCARD => $api_methods, ZBX_ROLE_RULE_API_WILDCARD_ALIAS => $api_methods];
foreach ($api_methods as $api_method) {
[$service, $method] = explode('.', $api_method, 2);
$result[$service.self::API_ANY_METHOD][] = $api_method;
$result[self::API_ANY_SERVICE.$method][] = $api_method;
}
return $result;
}
/**
* Collects all API methods for all user types.
*/
private static function loadApiMethods(): void {
$api_methods = [
USER_TYPE_ZABBIX_USER => [],
USER_TYPE_ZABBIX_ADMIN => [],
USER_TYPE_SUPER_ADMIN => []
];
$api_method_masks = $api_methods;
foreach (CApiServiceFactory::API_SERVICES as $service => $class_name) {
foreach (constant($class_name.'::ACCESS_RULES') as $method => $rules) {
if (array_key_exists('min_user_type', $rules)) {
switch ($rules['min_user_type']) {
case USER_TYPE_ZABBIX_USER:
$api_methods[USER_TYPE_ZABBIX_USER][] = $service.'.'.$method;
$api_method_masks[USER_TYPE_ZABBIX_USER][$service.self::API_ANY_METHOD] = true;
$api_method_masks[USER_TYPE_ZABBIX_USER][self::API_ANY_SERVICE.$method] = true;
// break; is not missing here
case USER_TYPE_ZABBIX_ADMIN:
$api_methods[USER_TYPE_ZABBIX_ADMIN][] = $service.'.'.$method;
$api_method_masks[USER_TYPE_ZABBIX_ADMIN][$service.self::API_ANY_METHOD] = true;
$api_method_masks[USER_TYPE_ZABBIX_ADMIN][self::API_ANY_SERVICE.$method] = true;
// break; is not missing here
case USER_TYPE_SUPER_ADMIN:
$api_methods[USER_TYPE_SUPER_ADMIN][] = $service.'.'.$method;
$api_method_masks[USER_TYPE_SUPER_ADMIN][$service.self::API_ANY_METHOD] = true;
$api_method_masks[USER_TYPE_SUPER_ADMIN][self::API_ANY_SERVICE.$method] = true;
}
}
}
}
foreach ($api_method_masks as $user_type => $masks) {
$api_method_masks[$user_type] = array_merge([ZBX_ROLE_RULE_API_WILDCARD, ZBX_ROLE_RULE_API_WILDCARD_ALIAS],
array_keys($masks)
);
}
self::$api_methods = $api_methods;
self::$api_method_masks = $api_method_masks;
}
}