No "Montage Review" for restricted monitors

Forum for questions and support relating to the 1.30.x releases only.
Locked
jogo
Posts: 46
Joined: Thu Aug 03, 2017 3:00 pm

No "Montage Review" for restricted monitors

Post by jogo »

When I restrict the monitors for a user, I cannot use "Montage Review", possibly due to a minor sql syntax error.

This is how it looks like when clicking "Montage Review":

Code: Select all

SQL-ERR 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'AND Id IN (6,2,5,4,12,8,11,15,14) order by Sequence asc' at line 1', statement was 'select * from Monitors AND Id IN (6,2,5,4,12,8,11,15,14) order by Sequence asc '
When I have some spartime, I'll have a look at it myself.

Zoneminder: 1.30.4
OS: Debian 9
rockedge
Posts: 1173
Joined: Fri Apr 04, 2014 1:46 pm
Location: Connecticut,USA

Re: No "Montage Review" for restricted monitors

Post by rockedge »

I think this is a permissions conflict. I have in the past modified the php in /usr/share/zoneminder/www/skins/classic/views/montage.php around line 21 to add an "AND" to the if statement to clarify more detailed (or less) which users can view the montage streams or not.

viewtopic.php?p=100570#p100570
jogo
Posts: 46
Joined: Thu Aug 03, 2017 3:00 pm

Re: No "Montage Review" for restricted monitors

Post by jogo »

Thanks, I'll check that with my setup asap.
rockedge
Posts: 1173
Joined: Fri Apr 04, 2014 1:46 pm
Location: Connecticut,USA

Re: No "Montage Review" for restricted monitors

Post by rockedge »

let us know how you make out. :)
jogo
Posts: 46
Joined: Thu Aug 03, 2017 3:00 pm

Re: No "Montage Review" for restricted monitors

Post by jogo »

It seems that the error is related to a missing WHERE clause. Instead of

Code: Select all

select *  from Monitors  AND Id IN (6,3,5,4,8,16,14) order by Sequence asc
it probably should have been

Code: Select all

select *  from Monitors  WHERE Id IN (6,3,5,4,8,16,14) order by Sequence asc
in montagereview.php.

I added a small patch around line 150 in montagereview.php

Code: Select all

if ( !empty($user['MonitorIds']) )
{
#   Patch jogo: 2017-08-13
    $monitorsSql   .= ' WHERE 1=1 ';
#   End of patch
    $eventsSql   .= ' AND M.Id IN ('.$user['MonitorIds'].')';
    $monitorsSql .= ' AND Id IN ('.$user['MonitorIds'].')';
    $frameSql    .= ' AND E.MonitorId IN ('.$user['MonitorIds'].')';
}
I could have replaced the AND by WHERE, but I wanted an extra line. Initially the view hang, but after a restart of zoneminder and apache, it worked as expected. I think restarting apache would have sufficed.

Let's see, where the next bug shows up, where the db server complains about too many where clauses, :mrgreen: ...
rockedge
Posts: 1173
Joined: Fri Apr 04, 2014 1:46 pm
Location: Connecticut,USA

Re: No "Montage Review" for restricted monitors

Post by rockedge »

your patch works so far okay on my test system(s). Nice! :D
Alec
Posts: 52
Joined: Thu Aug 17, 2017 3:55 am

Re: No "Montage Review" for restricted monitors

Post by Alec »

Let me apologize in advance: I am not a programmer of any sort.

$monitorsSql seems to be initially defined by the if statement starting at line 103. The query generated by the else clause of this statement does not include WHERE; would this be the place to add the patch? So as not to break the Groups functionality?

I very much appreciate your helping me understand the cause of the problem I was having with added Users not being able to use MontageReview!

Thanks.
DFU
jogo
Posts: 46
Joined: Thu Aug 03, 2017 3:00 pm

Re: No "Montage Review" for restricted monitors

Post by jogo »

There are several places where one take care of the problem. Basically one needs to deal with the situation that there are possibly several conditions, but there can be only a single WHERE at the beginning. The WHERE 1=1 is essentially a do nothing that allows for the correct sql syntax. I didn't see a WHERE before the patch, but I do not know what the intentions of the authors are or will be. One could clean up the structure of the code and document it a bit. I chose the location in the vicinity of the first error line when there is no WHERE.
Locked