Module: check_mk
Branch: master
Commit: 4e1387c341f8cfb3e4b4f667a9ea38f516d369ac
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4e1387c341f8cf…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jun 4 09:10:29 2012 +0200
FIX: Added missing permission check when an admin defined a view for other users
---
web/htdocs/views.py | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/web/htdocs/views.py b/web/htdocs/views.py
index e9fe53e..5c33613 100644
--- a/web/htdocs/views.py
+++ b/web/htdocs/views.py
@@ -280,6 +280,11 @@ def available_views():
# 2. views of special users allowed to globally override builtin views
for (u, n), view in html.multisite_views.items():
if n not in views and view["public"] and config.user_may(u, "force_views"):
+ # Honor original permissions for the current user
+ permname = "view.%s" % n
+ if config.permission_exists(permname) \
+ and not config.may(permname):
+ continue
views[n] = view
# 3. Builtin views, if allowed.
@@ -293,8 +298,7 @@ def available_views():
if n not in views and view["public"] and config.user_may(u, "publish_views"):
# Is there a builtin view with the same name? If yes, honor permissions.
permname = "view.%s" % n
- if (u, n) in html.multisite_views \
- and config.permission_exists(permname) \
+ if config.permission_exists(permname) \
and not config.may(permname):
continue
views[n] = view
Module: check_mk
Branch: master
Commit: 9dd423b016bf26869eced8462fff222825c0dbab
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9dd423b016bf26…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Mon Jun 4 08:17:35 2012 +0200
fixed exception with custom views created by normal users
---
ChangeLog | 1 +
web/htdocs/config.py | 3 +++
web/htdocs/views.py | 5 ++++-
3 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 249d6f3..9fee8e1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,7 @@
option "B" again
* FIX: preselected "refresh" option did not reflect view settings
but was simply the first available option - usually 30.
+ * FIX: fixed exception with custom views created by normal users
WATO:
* FIX: Fixed "select all" button in hosts & folders for IE
diff --git a/web/htdocs/config.py b/web/htdocs/config.py
index d4381c1..6df6cb4 100644
--- a/web/htdocs/config.py
+++ b/web/htdocs/config.py
@@ -301,6 +301,9 @@ def need_permission(pname):
"then please ask you administrator to provide you with "
"the following permission: '<b>%s</b>'.") % perm["title"])
+def permission_exists(pname):
+ return pname in permissions_by_name
+
def get_role_permissions():
role_permissions = {}
# Loop all permissions
diff --git a/web/htdocs/views.py b/web/htdocs/views.py
index 8e35f9e..3d537b3 100644
--- a/web/htdocs/views.py
+++ b/web/htdocs/views.py
@@ -292,7 +292,10 @@ def available_views():
for (u, n), view in html.multisite_views.items():
if n not in views and view["public"] and config.user_may(u, "publish_views"):
# Is there a builtin view with the same name? If yes, honor permissions.
- if (u, n) in html.multisite_views and not config.may("view.%s" % n):
+ permname = "view.%s" % n
+ if (u, n) in html.multisite_views \
+ and config.permission_exists(permname) \
+ and not config.may(permname):
continue
views[n] = view
Module: check_mk
Branch: master
Commit: 88b83ec76ee3c19661c155f262f528bf37d844a6
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=88b83ec76ee3c1…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Sun Jun 3 20:37:15 2012 +0200
Updated bug entries #0762
---
.bugs/762 | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/.bugs/762 b/.bugs/762
new file mode 100644
index 0000000..6c8086d
--- /dev/null
+++ b/.bugs/762
@@ -0,0 +1,12 @@
+Title: Command form off at empty table, but that might change
+Component: multisite
+State: open
+Date: 2012-06-03 20:35:28
+Targetversion: future
+Class: nastiness
+
+If a view has no rows then the command form is deactivated.
+But as time goes by the view might have entries. The command
+form is not being activated automtically - nevertheless. Better
+solution: Always have it active. When it comes to executing
+give then a warning if not items for the commands are available.