Module: check_mk
Branch: master
Commit: 4e1387c341f8cfb3e4b4f667a9ea38f516d369ac
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4e1387c341f8cf…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jun 4 09:10:29 2012 +0200
FIX: Added missing permission check when an admin defined a view for other users
---
web/htdocs/views.py | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/web/htdocs/views.py b/web/htdocs/views.py
index e9fe53e..5c33613 100644
--- a/web/htdocs/views.py
+++ b/web/htdocs/views.py
@@ -280,6 +280,11 @@ def available_views():
# 2. views of special users allowed to globally override builtin views
for (u, n), view in html.multisite_views.items():
if n not in views and view["public"] and config.user_may(u,
"force_views"):
+ # Honor original permissions for the current user
+ permname = "view.%s" % n
+ if config.permission_exists(permname) \
+ and not config.may(permname):
+ continue
views[n] = view
# 3. Builtin views, if allowed.
@@ -293,8 +298,7 @@ def available_views():
if n not in views and view["public"] and config.user_may(u,
"publish_views"):
# Is there a builtin view with the same name? If yes, honor permissions.
permname = "view.%s" % n
- if (u, n) in html.multisite_views \
- and config.permission_exists(permname) \
+ if config.permission_exists(permname) \
and not config.may(permname):
continue
views[n] = view