Module: check_mk
Branch: master
Commit: 37d1ad17af3b5776fc577b58113095fd71494fcb
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=37d1ad17af3b57…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Dec 5 16:47:13 2011 +0100
NagVis permissions are now written when enabled via multisite option
"wato_write_nagvis_auth"
---
web/htdocs/config.py | 2 +
web/htdocs/wato.py | 22 ++++++++-----
web/plugins/wato/nagvis_auth.py | 65 +++++++++++++++++++++++++++++++++++++++
3 files changed, 81 insertions(+), 8 deletions(-)
diff --git a/web/htdocs/config.py b/web/htdocs/config.py
index 392ce4e..efb81ee 100644
--- a/web/htdocs/config.py
+++ b/web/htdocs/config.py
@@ -563,6 +563,8 @@ wato_max_snapshots = 50
wato_num_hostspecs = 12
wato_num_itemspecs = 15
+wato_write_nagvis_auth = False
+
# ____ ___
# | __ )_ _|
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index ffab9ae..933ab78 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -857,11 +857,17 @@ def check_host_permissions(hostname, exception=True):
return reason
-def check_folder_permissions(folder, how, exception=True):
- if config.may("wato.all_folders"):
- return True
- if how == "read" and config.may("wato.see_all_folders"):
- return True
+def check_folder_permissions(folder, how, exception=True, user = None):
+ if not user:
+ if config.may("wato.all_folders"):
+ return True
+ if how == "read" and config.may("wato.see_all_folders"):
+ return True
+ else:
+ if config.user_may(user, "wato.all_folders"):
+ return True
+ if how == "read" and config.user_may(user,
"wato.see_all_folders"):
+ return True
# Get contact groups of that folder
effective = effective_attributes(None, folder)
@@ -7610,7 +7616,7 @@ def save_users(profiles):
# Call the users_saved hook
try:
- call_hook_users_saved()
+ call_hook_users_saved(users)
except Exception, e:
if config.debug:
raise
@@ -9862,9 +9868,9 @@ def call_hook_activate_changes():
call_hooks("activate-changes", collect_hosts(g_root_folder))
# This hook is executed when the save_users() function is called
-def call_hook_users_saved():
+def call_hook_users_saved(users):
if hook_registered('users-saved'):
- call_hooks("users-saved")
+ call_hooks("users-saved", users)
#.
diff --git a/web/plugins/wato/nagvis_auth.py b/web/plugins/wato/nagvis_auth.py
new file mode 100644
index 0000000..a3bf39b
--- /dev/null
+++ b/web/plugins/wato/nagvis_auth.py
@@ -0,0 +1,65 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2010 mk(a)mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at
http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# ails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+# Generate the permissions file for the multisite authorization module
+def generate_auth_file(users):
+ import json
+
+ auth_file = '%s/etc/nagvis/auth.multisite' % defaults.omd_root
+
+ #
+ # 0. Data gathering - populate g_target_maps list
+ #
+ process_tree(api.get_folder_tree())
+
+ #
+ # 1. Write out the user permissions file
+ #
+ nagvis_users = {}
+
+ for username, user in users.items():
+ if not username in nagvis_users:
+ nagvis_users[username] = { 'permissions': [] }
+
+ if 'language' in user:
+ nagvis_users[username]['language'] = user['language']
+
+ #if user_may(username, ''):
+
+ # WATO folder relatived permissions
+ for mapname, wato_folder in g_target_maps.iteritems():
+ if check_folder_permissions(wato_folder, 'read', False, user =
username):
+ nagvis_users[username]['permissions'].append(('Map',
'view', mapname))
+
+ if check_folder_permissions(wato_folder, 'write', False, user =
username):
+ nagvis_users[username]['permissions'].append(('Map',
'edit', mapname))
+
+ file(auth_file, 'w').write(json.dumps(nagvis_users))
+
+# Only register this hook when configured to do so
+# This works only in OMD for the moment
+if config.wato_write_nagvis_auth and defaults.omd_root:
+ api.register_hook('users-saved', generate_auth_file)