[checkmk-commits] Check_MK Git: check_mk: #2181 Admins can now delete views/dashboards/ reports created by other users

Module: check_mk Branch: master Commit: 51a61249f3a6c82d2e2283a8b6bd37bebd1c4ac5 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=51a61249f3a6c8… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Apr 21 13:51:12 2015 +0200 #2181 Admins can now delete views/dashboards/reports created by other users --- .werks/2181 | 9 +++++++++ ChangeLog | 2 ++ web/htdocs/default_permissions.py | 7 ++++++- web/htdocs/visuals.py | 23 +++++++++++++++-------- 4 files changed, 32 insertions(+), 9 deletions(-) diff --git a/.werks/2181 b/.werks/2181 new file mode 100644 index 0000000..b1e4371 --- /dev/null +++ b/.werks/2181 @@ -0,0 +1,9 @@ +Title: Admins can now delete views/dashboards/reports created by other users +Level: 1 +Component: multisite +Compatible: compat +Version: 1.2.7i1 +Date: 1429617043 +Class: feature + + diff --git a/ChangeLog b/ChangeLog index 10eceb9..a06b707 100644 --- a/ChangeLog +++ b/ChangeLog @@ -354,6 +354,7 @@ * 2175 Added icon uploader, unified icon selection... * 2200 New filter for (de-)selecting preliminary notifications to "check-mk-notify"... * 2209 New filter for selecting hosts/services in/out of their service period + * 2181 Admins can now delete views/dashboards/reports created by other users * 1781 FIX: Fix broken grouping by host/service group in availability * 1783 FIX: Finish the view "History of Scheduled Downtimes"... * 1206 FIX: Hostname not longer shown as column in host views @@ -460,6 +461,7 @@ * 1662 notification plugin spectrum: finalized script. now able to handle host notications * 1213 New Notification macros $SERVICEFORURL$ and $HOSTFORURL$... * 2041 Notification Spooler can now handle incoming and outgoing persistent TCP connections... + NOTE: Please refer to the migration notes! * 2135 Allow to filter notification contacts based on values of custom macros... * 1235 Added notification plugin for Braintower SMS Gateways... * 2188 Rule based notification now allow match for notification comment... diff --git a/web/htdocs/default_permissions.py b/web/htdocs/default_permissions.py index edf0e01..865c5a2 100644 --- a/web/htdocs/default_permissions.py +++ b/web/htdocs/default_permissions.py @@ -151,7 +151,7 @@ def declare_visual_permissions(what, what_plural): config.declare_permission("general.publish_" + what, _("Publish %s") % what_plural, - _("Make %s visible and usable for other users") % what_plural, + _("Make %s visible and usable for other users.") % what_plural, [ "admin", "user" ]) config.declare_permission("general.see_user_" + what, @@ -163,3 +163,8 @@ def declare_visual_permissions(what, what_plural): _("Modify builtin %s") % what_plural, _("Make own published %s override builtin %s for all users.") % (what_plural, what_plural), [ "admin" ]) + + config.declare_permission("general.delete_foreign_" + what, + _("Delete foreign %s") % what_plural, + _("Allows to delete %s created by other users.") % what_plural, + [ "admin" ]) diff --git a/web/htdocs/visuals.py b/web/htdocs/visuals.py index e9cdbd6..08290cb 100644 --- a/web/htdocs/visuals.py +++ b/web/htdocs/visuals.py @@ -268,7 +268,12 @@ def page_list(what, title, visuals, custom_columns = [], # Deletion of visuals delname = html.var("_delete") if delname and html.transaction_valid(): - deltitle = visuals[(config.user_id, delname)]['title'] + if config.may('general.delete_foreign_%s' % what): + user_id = html.var('_user_id', config.user_id) + else: + user_id = config.user_id + + deltitle = visuals[(user_id, delname)]['title'] try: if check_deletable_handler: @@ -276,7 +281,7 @@ def page_list(what, title, visuals, custom_columns = [], c = html.confirm(_("Please confirm the deletion of \"%s\".") % deltitle) if c: - del visuals[(config.user_id, delname)] + del visuals[(user_id, delname)] save(what, visuals) html.reload_sidebar() elif c == False: @@ -313,10 +318,6 @@ def page_list(what, title, visuals, custom_columns = [], # Actions table.cell(_('Actions'), css = 'buttons visuals') - # Edit - if owner == config.user_id: - html.icon_button("edit_%s.py?load_name=%s" % (what_s, visual_name), _("Edit"), "edit") - # Clone / Customize buttontext = _("Create a customized copy of this") backurl = html.urlencode(html.makeuri([])) @@ -325,9 +326,15 @@ def page_list(what, title, visuals, custom_columns = [], html.icon_button(clone_url, buttontext, "clone") # Delete + if owner and (owner == config.user_id or config.may('general.delete_foreign_%s' % what)): + add_vars = [('_delete', visual_name)] + if owner != config.user_id: + add_vars.append(('_user_id', owner)) + html.icon_button(html.makeactionuri(add_vars), _("Delete!"), "delete") + + # Edit if owner == config.user_id: - html.icon_button(html.makeactionuri([('_delete', visual_name)]), - _("Delete!"), "delete") + html.icon_button("edit_%s.py?load_name=%s" % (what_s, visual_name), _("Edit"), "edit") # Custom buttons - visual specific if render_custom_buttons: