Module: check_mk
Branch: master
Commit: d4d5859ac294d76b8a33dadb4c3294fa98058095
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d4d5859ac294d7…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Thu Dec 22 11:34:06 2011 +0100
Implemented a new inclusion based API for using multisite permissions in other addons
---
ChangeLog | 3 +-
web/htdocs/config.py | 10 ++++
web/plugins/wato/auth.py | 133 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 145 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 0ebfcfc..d4d94dc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,10 +19,11 @@
* Bulk inventory: Remove leading pipe signs in progress bar on main
folder inventory
* NagVis auhtorization file generation is also executed on activate_changes
+ * Implemented a new inclusion based API for using multisite permissions
+ in other addons
* FIX: Calling activate_changes hook also in distributed WATO setups
* FIX: Fixed javascript errors when doing replication in distributed
wato environments when not having the sidebar open
- * FIX: Broken WATO hooks lead to empty htpasswd file
1.1.13i1:
Multisite:
diff --git a/web/htdocs/config.py b/web/htdocs/config.py
index 9b9314a..347bb04 100644
--- a/web/htdocs/config.py
+++ b/web/htdocs/config.py
@@ -366,6 +366,16 @@ def need_permission(pname):
"then please ask you administrator to provide you with "
"the following permission: '<b>%s</b>'.") % perm["title"])
+def get_role_permissions():
+ role_permissions = {}
+ for perm in permissions_by_order:
+ for role in perm['defaults']:
+ if not role in role_permissions:
+ role_permissions[role] = [ perm['name'] ]
+ else:
+ role_permissions[role].append(perm['name'])
+ return role_permissions
+
# -------------------------------------------------------------------
# ____ _ _
diff --git a/web/plugins/wato/auth.py b/web/plugins/wato/auth.py
new file mode 100644
index 0000000..229a08d
--- /dev/null
+++ b/web/plugins/wato/auth.py
@@ -0,0 +1,133 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2012 mk(a)mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# ails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+# Creates a includable file for the needed programming languages.
+# It can be used to use the multisite permissions in other addons
+# for checking permissions.
+#
+# This declares the following API:
+#
+# users_with_role(<ROLE_NAME>)
+# Returns an array of usernames
+#
+# user_roles(<USER_NAME>)
+# Returns an array of rolenames of the user
+#
+# user_permissions(<USER_NAME>)
+# Returns an array of all permissions of the user
+#
+# may(<USER_NAME>, <PERMISSION>)
+# Returns true/false wether or not the user is permitted
+
+g_auth_base_dir = defaults.var_dir + '/wato/auth'
+
+def parse_php(data, lvl = 1):
+ s = ''
+ if isinstance(data, tuple) or isinstance(data, list):
+ s += 'array(\n'
+ for item in data:
+ s += ' ' * lvl + parse_php(item, lvl + 1) + ',\n'
+ s += ' ' * (lvl - 1) + ')'
+ elif isinstance(data, dict):
+ s += 'array(\n'
+ for key, val in data.iteritems():
+ s += ' ' * lvl + parse_php(key, lvl + 1) + ' => ' + parse_php(val, lvl + 1) + ',\n'
+ s += ' ' * (lvl - 1) + ')'
+ elif isinstance(data, str) or isinstance(data, unicode):
+ s += '"%s"' % data
+ elif isinstance(data, bool):
+ s += data and 'true' or 'false'
+ else:
+ s += data
+
+ return s
+
+
+def create_php_file(users, role_permissions):
+ file(g_auth_base_dir + '/auth.php', 'w').write('''
+<?php
+$mk_users = %s;
+$mk_roles = %s;
+
+function user_roles($username) {
+ global $mk_users;
+ if(!isset($mk_users[$username]))
+ return array();
+ else
+ return $mk_users[$username]['roles'];
+}
+
+function user_permissions($username) {
+ global $mk_roles;
+ $permissions = array();
+
+ foreach(user_roles($username) AS $role)
+ $permissions = array_merge($permissions, $mk_roles[$role]);
+
+ // Make the array uniq
+ array_flip($permissions);
+ array_flip($permissions);
+
+ return $permissions;
+}
+
+function users_with_role($want_role) {
+ global $mk_users, $mk_roles;
+ $result = array();
+ foreach($mk_users AS $username => $user) {
+ foreach($user['roles'] AS $role) {
+ if($want_role == $role) {
+ $result[] = $username;
+ }
+ }
+ }
+ return $result;
+}
+
+function may($username, $need_permission) {
+ global $mk_roles;
+ foreach(user_roles($username) AS $role) {
+ foreach($mk_roles[$role] AS $permission) {
+ if($need_permission == $permission) {
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
+?>
+''' % (parse_php(users), parse_php(role_permissions)))
+
+def create_auth_file(users):
+ if not os.path.exists(g_auth_base_dir):
+ os.mkdir(g_auth_base_dir)
+
+ create_php_file(users, config.get_role_permissions())
+
+api.register_hook('users-saved', create_auth_file)
+api.register_hook('roles-saved', lambda x: create_auth_file(load_users()))
+api.register_hook('activate-changes', lambda x: create_auth_file(load_users()))
Module: check_mk
Branch: master
Commit: 26c05cc18fb2456f03e03ef3de9edbc33b953a0f
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=26c05cc18fb245…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Thu Dec 22 11:21:14 2011 +0100
Updated bug entries #0524
---
.bugs/524 | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/.bugs/524 b/.bugs/524
new file mode 100644
index 0000000..d51e765
--- /dev/null
+++ b/.bugs/524
@@ -0,0 +1,10 @@
+Title: Update docu about styles for Multisite
+Component: docu
+State: open
+Date: 2011-12-22 11:20:25
+Targetversion: 1.2.0
+Class: todo
+
+The Stylesheets have been splitted into parts. Update the
+documentation and make a table of all stylesheets and when
+they are loaded.