Final updates to fix user perms for ipv4/ipv6 and mac search

html/includes/table/address-search.inc.php

@@ -1,11 +1,18 @@
 <?php
 
-$where = 1;
 $param = array();
 
+if (is_admin() === FALSE && is_read() === FALSE) {
+    $perms_sql .= " LEFT JOIN `devices_perms` AS `DP` ON `D`.`device_id` = `DP`.`device_id`";
+    $where .= " AND `DP`.`user_id`=?";
+    $param[] = array($_SESSION['user_id']);
+}
+
 list($address,$prefix) = explode("/", $_POST['address']);
 if ($_POST['search_type'] == 'ipv4') {
-    $sql = " FROM `ipv4_addresses` AS A, `ports` AS I, `devices` AS D, `ipv4_networks` AS N WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv4_network_id = A.ipv4_network_id ";
+    $sql = " FROM `ipv4_addresses` AS A, `ports` AS I, `ipv4_networks` AS N, `devices` AS D";
+    $sql .= $perms_sql;
+    $sql .= " WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv4_network_id = A.ipv4_network_id $where ";
     if (!empty($address)) {
         $sql .= " AND ipv4_address LIKE '%".$address."%'";
     }
@@ -14,16 +21,19 @@
         $param[] = array($prefix);
     }
 } elseif ($_POST['search_type'] == 'ipv6') {
-    $sql = " FROM `ipv6_addresses` AS A, `ports` AS I, `devices` AS D, `ipv6_networks` AS N WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv6_network_id = A.ipv6_network_id ";
+    $sql = " FROM `ipv6_addresses` AS A, `ports` AS I, `ipv6_networks` AS N, `devices` AS D";
+    $sql .= $perms_sql;
+    $sql .= " WHERE I.port_id = A.port_id AND I.device_id = D.device_id AND N.ipv6_network_id = A.ipv6_network_id $where ";
     if (!empty($address)) {
         $sql .= " AND (ipv6_address LIKE '%".$address."%' OR ipv6_compressed LIKE '%".$address."%')";
     }
     if (!empty($prefix)) {
         $sql .= " AND ipv6_prefixlen = '$prefix'";
     }
 } elseif ($_POST['search_type'] == 'mac') {
-    $sql = " FROM `ports` AS I, `devices` AS D WHERE I.device_id = D.device_id AND `ifPhysAddress` LIKE '%?%' ";
-    $param[] = array("%".str_replace(array(':', ' ', '-', '.', '0x'),'',mres($_POST['address']))."%");
+    $sql = " FROM `ports` AS I, `devices` AS D";
+    $sql .= $perms_sql;
+    $sql .= " WHERE I.device_id = D.device_id AND `ifPhysAddress` LIKE '%".str_replace(array(':', ' ', '-', '.', '0x'),'',mres($_POST['address']))."%' $where ";
 }
 if (is_numeric($_POST['device_id'])) {
     $sql  .= " AND I.device_id = ?";

html/pages/search/ipv4.inc.php

@@ -26,7 +26,18 @@
                 "<select name=\"device_id\" id=\"device_id\" class=\"form-control input-sm\">"+
                 "<option value=\"\">All Devices</option>"+
 <?php
-foreach (dbFetchRows("SELECT `device_id`,`hostname` FROM `devices` GROUP BY `hostname` ORDER BY `hostname`") as $data) {
+
+$sql = "SELECT `devices`.`device_id`,`hostname` FROM `devices`";
+
+if (is_admin() === FALSE && is_read() === FALSE) {
+    $sql .= " LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`";
+    $where .= " WHERE `DP`.`user_id`=?";
+    $param[] = $_SESSION['user_id'];
+}
+
+$sql .= " $where GROUP BY `hostname` ORDER BY `hostname`";
+
+foreach (dbFetchRows($sql,$param) as $data) {
     echo('"<option value=\"'.$data['device_id'].'\""+');
     if ($data['device_id'] == $_POST['device_id']) {
         echo('" selected "+');

html/pages/search/ipv6.inc.php

@@ -25,7 +25,18 @@
                 "<select name=\"device_id\" id=\"device_id\" class=\"form-control input-sm\">"+
                 "<option value=\"\">All Devices</option>"+
 <?php
-foreach (dbFetchRows("SELECT `device_id`,`hostname` FROM `devices` GROUP BY `hostname` ORDER BY `hostname`") as $data) {
+
+$sql = "SELECT `devices`.`device_id`,`hostname` FROM `devices`";
+
+if (is_admin() === FALSE && is_read() === FALSE) {
+    $sql .= " LEFT JOIN `devices_perms` AS `DP` ON `devices`.`device_id` = `DP`.`device_id`";
+    $where .= " WHERE `DP`.`user_id`=?";
+    $param[] = $_SESSION['user_id'];
+}
+
+$sql .= " $where GROUP BY `hostname` ORDER BY `hostname`";
+
+foreach (dbFetchRows($sql,$param) as $data) {
     echo('"<option value=\"'.$data['device_id'].'\""+');
     if ($data['device_id'] == $_POST['device_id']) {
         echo('" selected"+');