[checkmk-commits] Check_MK Git: check_mk: FIX: Added missing permission check when an admin defined a view for other users

Module: check_mk Branch: master Commit: 4e1387c341f8cfb3e4b4f667a9ea38f516d369ac URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4e1387c341f8cf… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Jun 4 09:10:29 2012 +0200 FIX: Added missing permission check when an admin defined a view for other users --- web/htdocs/views.py | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/web/htdocs/views.py b/web/htdocs/views.py index e9fe53e..5c33613 100644 --- a/web/htdocs/views.py +++ b/web/htdocs/views.py @@ -280,6 +280,11 @@ def available_views(): # 2. views of special users allowed to globally override builtin views for (u, n), view in html.multisite_views.items(): if n not in views and view["public"] and config.user_may(u, "force_views"): + # Honor original permissions for the current user + permname = "view.%s" % n + if config.permission_exists(permname) \ + and not config.may(permname): + continue views[n] = view # 3. Builtin views, if allowed. @@ -293,8 +298,7 @@ def available_views(): if n not in views and view["public"] and config.user_may(u, "publish_views"): # Is there a builtin view with the same name? If yes, honor permissions. permname = "view.%s" % n - if (u, n) in html.multisite_views \ - and config.permission_exists(permname) \ + if config.permission_exists(permname) \ and not config.may(permname): continue views[n] = view