[checkmk-commits] Centralized snapin permission name computation

7 Sep 2018

Module: check_mk
Branch: master
Commit: 8131da5e87db953cda04cf7cfe4afdac549fcaf8
URL:   
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8131da5e87db95…

Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt;
Date:   Thu Aug 23 14:30:15 2018 +0200

Centralized snapin permission name computation

CMK-855

Change-Id: I50ac7825c0686db83d5cff44a16eb71174c4a713

---

 cmk/gui/plugins/sidebar/utils.py | 11 +++++++++++
 cmk/gui/sidebar.py               | 23 +++++++++++++----------
 2 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/cmk/gui/plugins/sidebar/utils.py b/cmk/gui/plugins/sidebar/utils.py
index ed9d618..2150483 100644
--- a/cmk/gui/plugins/sidebar/utils.py
+++ b/cmk/gui/plugins/sidebar/utils.py
@@ -48,6 +48,12 @@ class SidebarSnapin(object):
 
     @classmethod
     @abc.abstractmethod
+    def type_name(cls):
+        raise NotImplementedError()
+
+
+    @classmethod
+    @abc.abstractmethod
     def title(cls):
         raise NotImplementedError()
 
@@ -74,6 +80,11 @@ class SidebarSnapin(object):
 
 
     @classmethod
+    def permission_name(cls):
+        return "sidesnap.%s" % cls.type_name()
+
+
+    @classmethod
     def allowed_roles(cls):
         return [ "admin", "user", "guest" ]
 
diff --git a/cmk/gui/sidebar.py b/cmk/gui/sidebar.py
index 3945402..d4f19f4 100644
--- a/cmk/gui/sidebar.py
+++ b/cmk/gui/sidebar.py
@@ -356,13 +356,17 @@ class UserSidebarConfig(object):
         user_config["snapins"] =
self._transform_legacy_tuples(user_config["snapins"])
         user_config["snapins"] =
self._transform_legacy_off_state(user_config["snapins"])
 
-        # Remove entries the user is not allowed for and silently skip
-        # configured but not existing snapins
+        # Remove not existing (e.g. legacy) snapins
         user_config["snapins"] = [ e for e in user_config["snapins"]
-                                   if e["snapin_type_id"] in snapin_registry
-                                      and self._user.may("sidesnap." +
e["snapin_type_id"])]
+                                   if e["snapin_type_id"] in snapin_registry ]
 
-        return self._from_config(user_config)
+        user_config = self._from_config(user_config)
+
+        # Remove entries the user is not allowed for
+        user_config["snapins"] = [ e for e in user_config["snapins"]
+                                   if config.user.may(e.snapin_type.permission_name()) ]
+
+        return user_config
 
 
     def _transform_legacy_list_config(self, user_config):
@@ -478,8 +482,7 @@ def page_side():
     html.open_div(class_="scroll" if config.sidebar_show_scrollbar else None,
id_="side_content")
     for snapin in user_config.snapins:
         name = snapin.snapin_type.type_name()
-        if not name in snapin_registry or not config.user.may("sidesnap." +
name):
-            continue
+
         # Performs the initial rendering and might return an optional refresh url,
         # when the snapin contents are refreshed from an external source
         refresh_url = render_snapin(name, snapin.visible)
@@ -602,9 +605,9 @@ def ajax_snapin():
 
     snapin_code = []
     for snapname in snapnames:
-        if not config.user.may("sidesnap." + snapname):
-            continue
         snapin_class = snapin_registry.get(snapname)
+        if not config.user.may(snapin_class.permission_name()):
+            continue
         snapin = snapin_class()
 
         # When restart snapins are about to be refreshed, only render
@@ -710,7 +713,7 @@ def page_add_snapin():
         snapin = snapin_class()
         if name in used_snapins:
             continue
-        if not config.user.may("sidesnap." + name):
+        if not config.user.may(snapin_class.permission_name()):
             continue # not allowed for this user
 
         description = snapin.description()


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[checkmk-commits] Centralized snapin permission name computation