21 Feb
2017
21 Feb
'17
3 p.m.
Module: check_mk
Branch: master
Commit: d433cd8c82553927060f053dfb604e9fef43d8ed
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d433cd8c825539…
Author: Sven Panne <sp(a)mathias-kettner.de>
Date: Tue Feb 21 11:35:51 2017 +0100
Fixed permissions for event console events/history.
Change-Id: If3ae8365e6cdda1c302c927e8f170ff195487f9e
---
livestatus/src/TableEventConsole.cc | 53 +++++++++++++++++++++++++++++--------
livestatus/src/TableEventConsole.h | 5 ++++
2 files changed, 47 insertions(+), 11 deletions(-)
diff --git a/livestatus/src/TableEventConsole.cc b/livestatus/src/TableEventConsole.cc
index 172ece1..82db1c0 100644
--- a/livestatus/src/TableEventConsole.cc
+++ b/livestatus/src/TableEventConsole.cc
@@ -112,25 +112,56 @@ void TableEventConsole::answerQuery(Query *query) {
}
}
-// TODO(sp) Remove evil casts below.
bool TableEventConsole::isAuthorizedForEvent(contact *ctc, void *data) {
- if (MonitoringCore::Host *hst = static_cast<Row *>(data)->_host) {
- return _core->host_has_contact(
- hst, reinterpret_cast<MonitoringCore::Contact *>(ctc));
+ // TODO(sp) Remove evil casts below.
+ auto c = reinterpret_cast<MonitoringCore::Contact *>(ctc);
+ auto r = static_cast<Row *>(data);
+ // NOTE: Further filtering in the GUI for mkeventd.seeunrelated permission
+ bool result = true;
+ auto precedence = static_pointer_cast<StringEventConsoleColumn>(
+ column("event_contact_groups_precedence"))
+ ->getValue(data);
+ if (precedence == "rule") {
+ isAuthorizedForEventViaContactGroups(c, r, result) ||
+ isAuthorizedForEventViaHost(c, r, result);
+ Error(_core->loggerLivestatus()) << "RULE " << result
<< " " << ctc;
+ } else if (precedence == "host") {
+ isAuthorizedForEventViaHost(c, r, result) ||
+ isAuthorizedForEventViaContactGroups(c, r, result);
+ Error(_core->loggerLivestatus()) << "HOST " << result
<< " " << ctc;
+ } else {
+ Error(_core->loggerLivestatus()) << "unknown precedence '"
<< precedence
+ << "' in table " <<
name();
+ result = false;
}
+ return result;
+}
+bool TableEventConsole::isAuthorizedForEventViaContactGroups(
+ MonitoringCore::Contact *ctc, Row *row, bool &result) {
auto col = static_pointer_cast<ListEventConsoleColumn>(
column("event_contact_groups"));
- if (col->isNone(data)) {
- return true;
+ if (col->isNone(row)) {
+ Error(_core->loggerLivestatus()) <<
"isAuthorizedForEventViaContactGroups 1";
+ return false;
}
-
- for (const auto &name : col->getValue(data)) {
+ for (const auto &name : col->getValue(row)) {
if (_core->is_contact_member_of_contactgroup(
- _core->find_contactgroup(name),
- reinterpret_cast<MonitoringCore::Contact *>(ctc))) {
- return true;
+ _core->find_contactgroup(name), ctc)) {
+ Error(_core->loggerLivestatus()) <<
"isAuthorizedForEventViaContactGroups 2";
+ return (result = true, true);
}
}
+ Error(_core->loggerLivestatus()) <<
"isAuthorizedForEventViaContactGroups 3";
+ return (result = false, true);
+}
+
+bool TableEventConsole::isAuthorizedForEventViaHost(
+ MonitoringCore::Contact *ctc, Row *row, bool &result) {
+ if (MonitoringCore::Host *hst = row->_host) {
+ Error(_core->loggerLivestatus()) << "isAuthorizedForEventViaHost
1";
+ return (result = _core->host_has_contact(hst, ctc), true);
+ }
+ Error(_core->loggerLivestatus()) << "isAuthorizedForEventViaHost
2";
return false;
}
diff --git a/livestatus/src/TableEventConsole.h b/livestatus/src/TableEventConsole.h
index c9c6dac..0948157 100644
--- a/livestatus/src/TableEventConsole.h
+++ b/livestatus/src/TableEventConsole.h
@@ -197,6 +197,11 @@ protected:
private:
MonitoringCore *_core;
+
+ bool isAuthorizedForEventViaContactGroups(MonitoringCore::Contact *ctc,
+ Row *row, bool &result);
+ bool isAuthorizedForEventViaHost(MonitoringCore::Contact *ctc, Row *row,
+ bool &result);
};
#endif // TableEventConsole_h