<?php declare(strict_types = 0); /* ** Copyright (C) 2001-2025 Zabbix SIA ** ** This program is free software: you can redistribute it and/or modify it under the terms of ** the GNU Affero General Public License as published by the Free Software Foundation, version 3. ** ** This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; ** without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ** See the GNU Affero General Public License for more details. ** ** You should have received a copy of the GNU Affero General Public License along with this program. ** If not, see <https://www.gnu.org/licenses/>. **/ /** * A class designed to perform actions related to check access of roles. */ class CRoleHelper { public const UI_MONITORING_DASHBOARD = 'ui.monitoring.dashboard'; public const UI_MONITORING_PROBLEMS = 'ui.monitoring.problems'; public const UI_MONITORING_HOSTS = 'ui.monitoring.hosts'; public const UI_MONITORING_LATEST_DATA = 'ui.monitoring.latest_data'; public const UI_MONITORING_MAPS = 'ui.monitoring.maps'; public const UI_MONITORING_DISCOVERY = 'ui.monitoring.discovery'; public const UI_INVENTORY_OVERVIEW = 'ui.inventory.overview'; public const UI_INVENTORY_HOSTS = 'ui.inventory.hosts'; public const UI_REPORTS_SYSTEM_INFO = 'ui.reports.system_info'; public const UI_REPORTS_AVAILABILITY_REPORT = 'ui.reports.availability_report'; public const UI_REPORTS_TOP_TRIGGERS = 'ui.reports.top_triggers'; public const UI_REPORTS_AUDIT = 'ui.reports.audit'; public const UI_REPORTS_ACTION_LOG = 'ui.reports.action_log'; public const UI_REPORTS_NOTIFICATIONS = 'ui.reports.notifications'; public const UI_REPORTS_SCHEDULED_REPORTS = 'ui.reports.scheduled_reports'; public const UI_SERVICES_SERVICES = 'ui.services.services'; public const UI_SERVICES_SLA = 'ui.services.sla'; public const UI_SERVICES_SLA_REPORT = 'ui.services.sla_report'; public const UI_CONFIGURATION_TEMPLATE_GROUPS = 'ui.configuration.template_groups'; public const UI_CONFIGURATION_HOST_GROUPS = 'ui.configuration.host_groups'; public const UI_CONFIGURATION_TEMPLATES = 'ui.configuration.templates'; public const UI_CONFIGURATION_HOSTS = 'ui.configuration.hosts'; public const UI_CONFIGURATION_MAINTENANCE = 'ui.configuration.maintenance'; public const UI_CONFIGURATION_TRIGGER_ACTIONS = 'ui.configuration.trigger_actions'; public const UI_CONFIGURATION_SERVICE_ACTIONS = 'ui.configuration.service_actions'; public const UI_CONFIGURATION_DISCOVERY_ACTIONS = 'ui.configuration.discovery_actions'; public const UI_CONFIGURATION_AUTOREGISTRATION_ACTIONS = 'ui.configuration.autoregistration_actions'; public const UI_CONFIGURATION_INTERNAL_ACTIONS = 'ui.configuration.internal_actions'; public const UI_CONFIGURATION_EVENT_CORRELATION = 'ui.configuration.event_correlation'; public const UI_CONFIGURATION_DISCOVERY = 'ui.configuration.discovery'; public const UI_ADMINISTRATION_GENERAL = 'ui.administration.general'; public const UI_ADMINISTRATION_AUDIT_LOG = 'ui.administration.audit_log'; public const UI_ADMINISTRATION_HOUSEKEEPING = 'ui.administration.housekeeping'; public const UI_ADMINISTRATION_PROXY_GROUPS = 'ui.administration.proxy_groups'; public const UI_ADMINISTRATION_PROXIES = 'ui.administration.proxies'; public const UI_ADMINISTRATION_MACROS = 'ui.administration.macros'; public const UI_ADMINISTRATION_AUTHENTICATION = 'ui.administration.authentication'; public const UI_ADMINISTRATION_USER_GROUPS = 'ui.administration.user_groups'; public const UI_ADMINISTRATION_USER_ROLES = 'ui.administration.user_roles'; public const UI_ADMINISTRATION_USERS = 'ui.administration.users'; public const UI_ADMINISTRATION_API_TOKENS = 'ui.administration.api_tokens'; public const UI_ADMINISTRATION_MEDIA_TYPES = 'ui.administration.media_types'; public const UI_ADMINISTRATION_SCRIPTS = 'ui.administration.scripts'; public const UI_ADMINISTRATION_QUEUE = 'ui.administration.queue'; public const ACTIONS_EDIT_DASHBOARDS = 'actions.edit_dashboards'; public const ACTIONS_EDIT_MAPS = 'actions.edit_maps'; public const ACTIONS_EDIT_MAINTENANCE = 'actions.edit_maintenance'; public const ACTIONS_ADD_PROBLEM_COMMENTS = 'actions.add_problem_comments'; public const ACTIONS_CHANGE_SEVERITY = 'actions.change_severity'; public const ACTIONS_ACKNOWLEDGE_PROBLEMS = 'actions.acknowledge_problems'; public const ACTIONS_SUPPRESS_PROBLEMS = 'actions.suppress_problems'; public const ACTIONS_CLOSE_PROBLEMS = 'actions.close_problems'; public const ACTIONS_EXECUTE_SCRIPTS = 'actions.execute_scripts'; public const ACTIONS_MANAGE_API_TOKENS = 'actions.manage_api_tokens'; public const ACTIONS_MANAGE_SCHEDULED_REPORTS = 'actions.manage_scheduled_reports'; public const ACTIONS_MANAGE_SLA = 'actions.manage_sla'; public const ACTIONS_INVOKE_EXECUTE_NOW = 'actions.invoke_execute_now'; public const ACTIONS_CHANGE_PROBLEM_RANKING = 'actions.change_problem_ranking'; public const UI_SECTION_DASHBOARDS = 'ui.dashboards'; public const UI_SECTION_MONITORING = 'ui.monitoring'; public const UI_SECTION_SERVICES = 'ui.services'; public const UI_SECTION_INVENTORY = 'ui.inventory'; public const UI_SECTION_REPORTS = 'ui.reports'; public const UI_SECTION_DATA_COLLECTION = 'ui.data_collection'; public const UI_SECTION_ALERTS = 'ui.alerts'; public const UI_SECTION_USERS = 'ui.users'; public const UI_SECTION_ADMINISTRATION = 'ui.administration'; public const API_ANY_METHOD = '.*'; public const API_ANY_SERVICE = '*.'; public const SERVICES_ACCESS_NONE = 0; public const SERVICES_ACCESS_ALL = 1; public const SERVICES_ACCESS_LIST = 2; /** * Array for storing roles data (including rules) loaded from Role API object and converted to one format. The data * of specific role can be accessed in following way: self::roles[{role ID}]. * * @var array */ private static $roles = []; /** * Array for storing all API methods by user type. * * @var array */ private static $api_methods = []; /** * Array for storing all API methods with masks by user type. * * @var array */ private static $api_method_masks = []; /** * Checks the access of specific role to specific rule. * * @param string $rule_name Name of the rule to check access for. * @param string $roleid ID of the role where check of access is necessary to perform. * * @return bool Returns true if role have access to specified rule, false - otherwise. * * @throws Exception */ public static function checkAccess(string $rule_name, string $roleid): bool { self::loadRoleRules($roleid); if (!array_key_exists($rule_name, self::$roles[$roleid]['rules']) || $rule_name === 'api') { return false; } return self::$roles[$roleid]['rules'][$rule_name]; } /** * Gets list of API methods (with wildcards if that exists) that are considered allowed or denied (depending on * API access mode) for specific role. * * @param string $roleid Role ID. * * @return array Returns the array of API methods. * * @throws Exception */ public static function getRoleApiMethods(string $roleid): array { self::loadRoleRules($roleid); return self::$roles[$roleid]['rules']['api']; } /** * Loads once all rules of specified Role API objects by ID and converts rule data to one format. * * @param string $roleid Role ID. * * @throws Exception */ private static function loadRoleRules(string $roleid): void { if (array_key_exists($roleid, self::$roles)) { return; } if (!$roleid) { self::$roles[0] = [ 'type' => USER_TYPE_ZABBIX_USER, 'rules' => ['api' => []] ]; return; } $roles = API::Role()->get([ 'output' => ['roleid', 'name', 'type'], 'selectRules' => ['ui', 'ui.default_access', 'modules', 'modules.default_access', 'api.access', 'api.mode', 'api', 'actions', 'actions.default_access' ], 'roleids' => $roleid ]); if (!$roles) { throw new Exception(_('Specified role was not found.')); } $role = $roles[0]; $rules = [ 'ui.default_access' => (bool) $role['rules']['ui.default_access'], 'modules.default_access' => (bool) $role['rules']['modules.default_access'], 'api.access' => (bool) $role['rules']['api.access'], 'api.mode' => (bool) $role['rules']['api.mode'], 'api' => $role['rules']['api'], 'actions.default_access' => (bool) $role['rules']['actions.default_access'] ]; foreach ($role['rules']['ui'] as $rule) { $rules['ui.'.$rule['name']] = (bool) $rule['status']; } foreach ($role['rules']['modules'] as $module) { $rules['modules.module.'.$module['moduleid']] = (bool) $module['status']; } foreach ($role['rules']['actions'] as $rule) { $rules['actions.'.$rule['name']] = (bool) $rule['status']; } $role['type'] = (int) $role['type']; $role['rules'] = $rules; self::$roles[$roleid] = $role; } /** * Gets all available UI elements rules for specific user type. * * @param integer $user_type User type. * * @return array Returns the array of rule names for specified user type. */ public static function getUiElementsByUserType(int $user_type): array { $rules = [ self::UI_MONITORING_DASHBOARD, self::UI_MONITORING_PROBLEMS, self::UI_MONITORING_HOSTS, self::UI_MONITORING_LATEST_DATA, self::UI_MONITORING_MAPS, self::UI_SERVICES_SERVICES, self::UI_SERVICES_SLA_REPORT, self::UI_INVENTORY_OVERVIEW, self::UI_INVENTORY_HOSTS, self::UI_REPORTS_AVAILABILITY_REPORT, self::UI_REPORTS_TOP_TRIGGERS ]; if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $rules = array_merge($rules, [ self::UI_MONITORING_DISCOVERY, self::UI_SERVICES_SLA, self::UI_REPORTS_SCHEDULED_REPORTS, self::UI_REPORTS_NOTIFICATIONS, self::UI_CONFIGURATION_TEMPLATE_GROUPS, self::UI_CONFIGURATION_HOST_GROUPS, self::UI_CONFIGURATION_TEMPLATES, self::UI_CONFIGURATION_HOSTS, self::UI_CONFIGURATION_MAINTENANCE, self::UI_CONFIGURATION_DISCOVERY, self::UI_CONFIGURATION_TRIGGER_ACTIONS, self::UI_CONFIGURATION_SERVICE_ACTIONS, self::UI_CONFIGURATION_DISCOVERY_ACTIONS, self::UI_CONFIGURATION_AUTOREGISTRATION_ACTIONS, self::UI_CONFIGURATION_INTERNAL_ACTIONS ]); } if ($user_type === USER_TYPE_SUPER_ADMIN) { $rules = array_merge($rules, [ self::UI_REPORTS_SYSTEM_INFO, self::UI_REPORTS_AUDIT, self::UI_REPORTS_ACTION_LOG, self::UI_CONFIGURATION_EVENT_CORRELATION, self::UI_ADMINISTRATION_MEDIA_TYPES, self::UI_ADMINISTRATION_SCRIPTS, self::UI_ADMINISTRATION_USER_GROUPS, self::UI_ADMINISTRATION_USER_ROLES, self::UI_ADMINISTRATION_USERS, self::UI_ADMINISTRATION_API_TOKENS, self::UI_ADMINISTRATION_AUTHENTICATION, self::UI_ADMINISTRATION_GENERAL, self::UI_ADMINISTRATION_AUDIT_LOG, self::UI_ADMINISTRATION_HOUSEKEEPING, self::UI_ADMINISTRATION_PROXY_GROUPS, self::UI_ADMINISTRATION_PROXIES, self::UI_ADMINISTRATION_MACROS, self::UI_ADMINISTRATION_QUEUE ]); } return $rules; } /** * Gets all available actions rules for specific user type. * * @param integer $user_type User type. * * @return array Returns the array of rule names for specified user type. */ public static function getActionsByUserType(int $user_type): array { $rules = [ self::ACTIONS_EDIT_DASHBOARDS, self::ACTIONS_EDIT_MAPS, self::ACTIONS_ACKNOWLEDGE_PROBLEMS, self::ACTIONS_SUPPRESS_PROBLEMS, self::ACTIONS_CLOSE_PROBLEMS, self::ACTIONS_CHANGE_SEVERITY, self::ACTIONS_ADD_PROBLEM_COMMENTS, self::ACTIONS_EXECUTE_SCRIPTS, self::ACTIONS_MANAGE_API_TOKENS ]; if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $rules[] = self::ACTIONS_EDIT_MAINTENANCE; $rules[] = self::ACTIONS_MANAGE_SCHEDULED_REPORTS; $rules[] = self::ACTIONS_MANAGE_SLA; } $rules = array_merge($rules, [self::ACTIONS_INVOKE_EXECUTE_NOW, self::ACTIONS_CHANGE_PROBLEM_RANKING]); return $rules; } /** * Gets labels of all available UI sections for specific user type in order as it need to display in UI. * * @param integer $user_type User type. * * @return array Returns the array where key of each element is UI section name and value is UI section label. */ public static function getUiSectionsLabels(int $user_type): array { $sections = [ self::UI_SECTION_DASHBOARDS => _('Dashboards'), self::UI_SECTION_MONITORING => _('Monitoring'), self::UI_SECTION_SERVICES => _('Services'), self::UI_SECTION_INVENTORY => _('Inventory'), self::UI_SECTION_REPORTS => _('Reports') ]; if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $sections += [ self::UI_SECTION_DATA_COLLECTION => _('Data collection'), self::UI_SECTION_ALERTS => _('Alerts') ]; } if ($user_type === USER_TYPE_SUPER_ADMIN) { $sections += [ self::UI_SECTION_USERS => _('Users'), self::UI_SECTION_ADMINISTRATION => _('Administration') ]; } return $sections; } /** * Gets labels of all available rules for specific UI section and user type in order as it need to display in UI. * * @param string $ui_section_name UI section name. * @param integer $user_type User type. * * @return array Returns the array where key of each element is rule name and value is rule label. */ public static function getUiSectionRulesLabels(string $ui_section_name, int $user_type): array { switch ($ui_section_name) { case self::UI_SECTION_DASHBOARDS: return [ self::UI_MONITORING_DASHBOARD => 'Dashboards' ]; case self::UI_SECTION_MONITORING: $labels = [ self::UI_MONITORING_PROBLEMS => _('Problems'), self::UI_MONITORING_HOSTS => _('Hosts'), self::UI_MONITORING_LATEST_DATA => _('Latest data'), self::UI_MONITORING_MAPS => _('Maps') ]; if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $labels += [self::UI_MONITORING_DISCOVERY => _('Discovery')]; } return $labels; case self::UI_SECTION_SERVICES: $labels = [self::UI_SERVICES_SERVICES => _('Services')]; if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $labels += [self::UI_SERVICES_SLA => _('SLA')]; } $labels += [self::UI_SERVICES_SLA_REPORT => _('SLA report')]; return $labels; case self::UI_SECTION_INVENTORY: return [ self::UI_INVENTORY_OVERVIEW => _('Overview'), self::UI_INVENTORY_HOSTS => _('Hosts') ]; case self::UI_SECTION_REPORTS: $labels = []; if ($user_type === USER_TYPE_SUPER_ADMIN) { $labels += [self::UI_REPORTS_SYSTEM_INFO => _('System information')]; } if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $labels += [ self::UI_REPORTS_SCHEDULED_REPORTS => _('Scheduled reports') ]; } $labels += [ self::UI_REPORTS_AVAILABILITY_REPORT => _('Availability report'), self::UI_REPORTS_TOP_TRIGGERS => _('Top 100 triggers') ]; if ($user_type === USER_TYPE_SUPER_ADMIN) { $labels += [ self::UI_REPORTS_AUDIT => _('Audit log'), self::UI_REPORTS_ACTION_LOG => _('Action log') ]; } if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $labels += [ self::UI_REPORTS_NOTIFICATIONS => _('Notifications') ]; } return $labels; case self::UI_SECTION_DATA_COLLECTION: $labels = []; if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $labels = [ self::UI_CONFIGURATION_TEMPLATE_GROUPS => _('Template groups'), self::UI_CONFIGURATION_HOST_GROUPS => _('Host groups'), self::UI_CONFIGURATION_TEMPLATES => _('Templates'), self::UI_CONFIGURATION_HOSTS => _('Hosts'), self::UI_CONFIGURATION_MAINTENANCE => _('Maintenance') ]; } if ($user_type === USER_TYPE_SUPER_ADMIN) { $labels += [self::UI_CONFIGURATION_EVENT_CORRELATION => _('Event correlation')]; } if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $labels += [self::UI_CONFIGURATION_DISCOVERY => _('Discovery')]; } return $labels; case self::UI_SECTION_ALERTS: $labels = []; if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $labels += [ self::UI_CONFIGURATION_TRIGGER_ACTIONS => _('Trigger actions'), self::UI_CONFIGURATION_SERVICE_ACTIONS => _('Service actions'), self::UI_CONFIGURATION_DISCOVERY_ACTIONS => _('Discovery actions'), self::UI_CONFIGURATION_AUTOREGISTRATION_ACTIONS => _('Autoregistration actions'), self::UI_CONFIGURATION_INTERNAL_ACTIONS => _('Internal actions') ]; } if ($user_type === USER_TYPE_SUPER_ADMIN) { $labels += [ self::UI_ADMINISTRATION_MEDIA_TYPES => _('Media types'), self::UI_ADMINISTRATION_SCRIPTS => _('Scripts') ]; } return $labels; case self::UI_SECTION_USERS: $labels = []; if ($user_type === USER_TYPE_SUPER_ADMIN) { $labels = [ self::UI_ADMINISTRATION_USER_GROUPS => _('User groups'), self::UI_ADMINISTRATION_USER_ROLES => _('User roles'), self::UI_ADMINISTRATION_USERS => _('Users'), self::UI_ADMINISTRATION_API_TOKENS => _('API tokens'), self::UI_ADMINISTRATION_AUTHENTICATION => _('Authentication') ]; } return $labels; case self::UI_SECTION_ADMINISTRATION: $labels = []; if ($user_type === USER_TYPE_SUPER_ADMIN) { $labels = [ self::UI_ADMINISTRATION_GENERAL => _('General'), self::UI_ADMINISTRATION_AUDIT_LOG => _('Audit log'), self::UI_ADMINISTRATION_HOUSEKEEPING => _('Housekeeping'), self::UI_ADMINISTRATION_PROXY_GROUPS => _('Proxy groups'), self::UI_ADMINISTRATION_PROXIES => _('Proxies'), self::UI_ADMINISTRATION_MACROS => _('Macros'), self::UI_ADMINISTRATION_QUEUE => _('Queue') ]; } return $labels; default: return []; } } /** * Gets labels of all available actions rules for specific user type in order as it need to display on user roles * page. * * @param integer $user_type User type. * * @return array Returns the array where key of each element is rule name and value is rule label. */ public static function getActionsLabels(int $user_type): array { $labels = [ self::ACTIONS_EDIT_DASHBOARDS => _('Create and edit dashboards'), self::ACTIONS_EDIT_MAPS => _('Create and edit maps') ]; if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $labels += [self::ACTIONS_EDIT_MAINTENANCE => _('Create and edit maintenance')]; } $labels += [ self::ACTIONS_ADD_PROBLEM_COMMENTS => _('Add problem comments'), self::ACTIONS_CHANGE_SEVERITY => _('Change severity'), self::ACTIONS_ACKNOWLEDGE_PROBLEMS => _('Acknowledge problems'), self::ACTIONS_SUPPRESS_PROBLEMS => _('Suppress problems'), self::ACTIONS_CLOSE_PROBLEMS => _('Close problems'), self::ACTIONS_EXECUTE_SCRIPTS => _('Execute scripts'), self::ACTIONS_MANAGE_API_TOKENS => _('Manage API tokens') ]; if ($user_type === USER_TYPE_ZABBIX_ADMIN || $user_type === USER_TYPE_SUPER_ADMIN) { $labels += [ self::ACTIONS_MANAGE_SCHEDULED_REPORTS => _('Manage scheduled reports'), self::ACTIONS_MANAGE_SLA => _('Manage SLA') ]; } $labels += [ self::ACTIONS_INVOKE_EXECUTE_NOW => _('Invoke "Execute now" on read-only hosts'), self::ACTIONS_CHANGE_PROBLEM_RANKING => _('Change problem ranking') ]; return $labels; } /** * Returns a list of all API methods by user type or API methods available only for the given user type. * * @param int|null $user_type * * @return array */ public static function getApiMethods(?int $user_type = null): array { if (!self::$api_methods) { self::loadApiMethods(); } return ($user_type !== null) ? self::$api_methods[$user_type] : self::$api_methods; } /** * Returns a list of API methods with masks for the given user type. * * @param int|null $user_type * * @return array */ public static function getApiMethodMasks(?int $user_type = null): array { if (!self::$api_method_masks) { self::loadApiMethods(); } return ($user_type !== null) ? self::$api_method_masks[$user_type] : self::$api_method_masks; } /** * Returns a list of API methods for each method mask for the given user type. * * @param int $user_type * * @return array */ public static function getApiMaskMethods(int $user_type): array { $api_methods = self::getApiMethods($user_type); $result = [ZBX_ROLE_RULE_API_WILDCARD => $api_methods, ZBX_ROLE_RULE_API_WILDCARD_ALIAS => $api_methods]; foreach ($api_methods as $api_method) { [$service, $method] = explode('.', $api_method, 2); $result[$service.self::API_ANY_METHOD][] = $api_method; $result[self::API_ANY_SERVICE.$method][] = $api_method; } return $result; } /** * Collects all API methods for all user types. */ private static function loadApiMethods(): void { $api_methods = [ USER_TYPE_ZABBIX_USER => [], USER_TYPE_ZABBIX_ADMIN => [], USER_TYPE_SUPER_ADMIN => [] ]; $api_method_masks = $api_methods; foreach (CApiServiceFactory::API_SERVICES as $service => $class_name) { foreach (constant($class_name.'::ACCESS_RULES') as $method => $rules) { if (array_key_exists('min_user_type', $rules)) { switch ($rules['min_user_type']) { case USER_TYPE_ZABBIX_USER: $api_methods[USER_TYPE_ZABBIX_USER][] = $service.'.'.$method; $api_method_masks[USER_TYPE_ZABBIX_USER][$service.self::API_ANY_METHOD] = true; $api_method_masks[USER_TYPE_ZABBIX_USER][self::API_ANY_SERVICE.$method] = true; // break; is not missing here case USER_TYPE_ZABBIX_ADMIN: $api_methods[USER_TYPE_ZABBIX_ADMIN][] = $service.'.'.$method; $api_method_masks[USER_TYPE_ZABBIX_ADMIN][$service.self::API_ANY_METHOD] = true; $api_method_masks[USER_TYPE_ZABBIX_ADMIN][self::API_ANY_SERVICE.$method] = true; // break; is not missing here case USER_TYPE_SUPER_ADMIN: $api_methods[USER_TYPE_SUPER_ADMIN][] = $service.'.'.$method; $api_method_masks[USER_TYPE_SUPER_ADMIN][$service.self::API_ANY_METHOD] = true; $api_method_masks[USER_TYPE_SUPER_ADMIN][self::API_ANY_SERVICE.$method] = true; } } } } foreach ($api_method_masks as $user_type => $masks) { $api_method_masks[$user_type] = array_merge([ZBX_ROLE_RULE_API_WILDCARD, ZBX_ROLE_RULE_API_WILDCARD_ALIAS], array_keys($masks) ); } self::$api_methods = $api_methods; self::$api_method_masks = $api_method_masks; } }