[checkmk-commits] Check_MK Git: check_mk: NagVis permissions are now written when enabled via multisite option " wato_write_nagvis_auth"

Module: check_mk Branch: master Commit: 37d1ad17af3b5776fc577b58113095fd71494fcb URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=37d1ad17af3b57… Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt; Date: Mon Dec 5 16:47:13 2011 +0100 NagVis permissions are now written when enabled via multisite option "wato_write_nagvis_auth" --- web/htdocs/config.py | 2 + web/htdocs/wato.py | 22 ++++++++----- web/plugins/wato/nagvis_auth.py | 65 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+), 8 deletions(-) diff --git a/web/htdocs/config.py b/web/htdocs/config.py index 392ce4e..efb81ee 100644 --- a/web/htdocs/config.py +++ b/web/htdocs/config.py @@ -563,6 +563,8 @@ wato_max_snapshots = 50 wato_num_hostspecs = 12 wato_num_itemspecs = 15 +wato_write_nagvis_auth = False + # ____ ___ # | __ )_ _| diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index ffab9ae..933ab78 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -857,11 +857,17 @@ def check_host_permissions(hostname, exception=True): return reason -def check_folder_permissions(folder, how, exception=True): - if config.may("wato.all_folders"): - return True - if how == "read" and config.may("wato.see_all_folders"): - return True +def check_folder_permissions(folder, how, exception=True, user = None): + if not user: + if config.may("wato.all_folders"): + return True + if how == "read" and config.may("wato.see_all_folders"): + return True + else: + if config.user_may(user, "wato.all_folders"): + return True + if how == "read" and config.user_may(user, "wato.see_all_folders"): + return True # Get contact groups of that folder effective = effective_attributes(None, folder) @@ -7610,7 +7616,7 @@ def save_users(profiles): # Call the users_saved hook try: - call_hook_users_saved() + call_hook_users_saved(users) except Exception, e: if config.debug: raise @@ -9862,9 +9868,9 @@ def call_hook_activate_changes(): call_hooks("activate-changes", collect_hosts(g_root_folder)) # This hook is executed when the save_users() function is called -def call_hook_users_saved(): +def call_hook_users_saved(users): if hook_registered('users-saved'): - call_hooks("users-saved") + call_hooks("users-saved", users) #. diff --git a/web/plugins/wato/nagvis_auth.py b/web/plugins/wato/nagvis_auth.py new file mode 100644 index 0000000..a3bf39b --- /dev/null +++ b/web/plugins/wato/nagvis_auth.py @@ -0,0 +1,65 @@ +#!/usr/bin/python +# -*- encoding: utf-8; py-indent-offset: 4 -*- +# +------------------------------------------------------------------+ +# | ____ _ _ __ __ _ __ | +# | / ___| |__ ___ ___| | __ | \/ | |/ / | +# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / | +# | | |___| | | | __/ (__| < | | | | . \ | +# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ | +# | | +# | Copyright Mathias Kettner 2010 mk(a)mathias-kettner.de | +# +------------------------------------------------------------------+ +# +# This file is part of Check_MK. +# The official homepage is at http://mathias-kettner.de/check_mk. +# +# check_mk is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation in version 2. check_mk is distributed +# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with- +# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more de- +# ails. You should have received a copy of the GNU General Public +# License along with GNU Make; see the file COPYING. If not, write +# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +# Boston, MA 02110-1301 USA. + +# Generate the permissions file for the multisite authorization module +def generate_auth_file(users): + import json + + auth_file = '%s/etc/nagvis/auth.multisite' % defaults.omd_root + + # + # 0. Data gathering - populate g_target_maps list + # + process_tree(api.get_folder_tree()) + + # + # 1. Write out the user permissions file + # + nagvis_users = {} + + for username, user in users.items(): + if not username in nagvis_users: + nagvis_users[username] = { 'permissions': [] } + + if 'language' in user: + nagvis_users[username]['language'] = user['language'] + + #if user_may(username, ''): + + # WATO folder relatived permissions + for mapname, wato_folder in g_target_maps.iteritems(): + if check_folder_permissions(wato_folder, 'read', False, user = username): + nagvis_users[username]['permissions'].append(('Map', 'view', mapname)) + + if check_folder_permissions(wato_folder, 'write', False, user = username): + nagvis_users[username]['permissions'].append(('Map', 'edit', mapname)) + + file(auth_file, 'w').write(json.dumps(nagvis_users)) + +# Only register this hook when configured to do so +# This works only in OMD for the moment +if config.wato_write_nagvis_auth and defaults.omd_root: + api.register_hook('users-saved', generate_auth_file)