Observium_CE/html/includes/actions/role_entity_add.inc.php

<?php
/**
 * Observium
 *
 *   This file is part of Observium.
 *
 * @package    observium
 * @subpackage web
 * @copyright  (C) 2006-2013 Adam Armstrong, (C) 2013-2022 Observium Limited
 *
 */

if ($_SESSION['userlevel'] == 10 && request_token_valid($vars)) { // Only valid forms from level 10 users

  if (isset($vars['entity_id'])) {
    // use entity_id
  } elseif (isset($vars[$vars['entity_type'] . '_entity_id'])) {
    // use type_entity_id
    $vars['entity_id'] = $vars[$vars['entity_type'] . '_entity_id'];
  }

  if (!is_array($vars['entity_id'])) {
    $vars['entity_id'] = [ $vars['entity_id'] ];
  }

  $changed = 0;
  foreach ($vars['entity_id'] as $entity_id) {
    if (get_entity_by_id_cache($vars['entity_type'], $entity_id)) { // Skip not exist entities
      if (!dbExist('roles_entity_permissions', '`role_id` = ? AND `entity_type` = ? AND `entity_id` = ?',
                   [ $vars['role_id'], $vars['entity_type'], $entity_id ])) {

        if (!in_array($vars['access'], [ 'ro', 'rw' ])) {
          $vars['access'] = 'ro';
        }

        dbInsert([ 'entity_id' => $entity_id, 'entity_type' => $vars['entity_type'], 'role_id' => $vars['role_id'], 'access' => $vars['access'] ],
                 'roles_entity_permissions');
        $changed++;
      }
    } else {
      print_error('Error: Invalid Entity.');
    }
  }

  // Reset permissions cache
  if ($changed) { set_cache_clear('wui'); }
  unset($changed);
}

// EOF