[checkmk-commits] 4658 FIX Fixed permissions in BI packs using rules from other packs

15 May 2017

Module: check_mk
Branch: master
Commit: 28463b4498455b8796394dafaae1c5fac8f9077b
URL:   
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=28463b4498455b…

Author: Simon Betz &lt;si(a)mathias-kettner.de&gt;
Date:   Mon May 15 11:45:01 2017 +0200

4658 FIX Fixed permissions in BI packs using rules from other packs

Change-Id: I272bcc753b6d287f5f9e063bc3c2915f3aed7874

---

 .werks/4658            | 13 +++++++++++++
 web/plugins/wato/bi.py | 19 +++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/.werks/4658 b/.werks/4658
new file mode 100644
index 0000000..193c8a9
--- /dev/null
+++ b/.werks/4658
@@ -0,0 +1,13 @@
+Title: Fixed permissions in BI packs using rules from other packs
+Level: 1
+Component: bi
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.5.0i1
+Date: 1494836173
+
+If users use rules with node rules from other BI packs for which they have
+no permissions, these parent rules could be damaged by editing them. Now they
+get an error message and editing is not allowed any more.
diff --git a/web/plugins/wato/bi.py b/web/plugins/wato/bi.py
index 295fa6a..b9c1c75 100644
--- a/web/plugins/wato/bi.py
+++ b/web/plugins/wato/bi.py
@@ -1490,6 +1490,7 @@ class ModeBIEditRule(ModeBI):
 
 
     def page(self):
+        self._may_use_rules_from_packs()
         if self._new:
             cloneid = html.var("clone")
             if cloneid:
@@ -1518,6 +1519,24 @@ class ModeBIEditRule(ModeBI):
         html.end_form()
 
 
+    def _may_use_rules_from_packs(self):
+        rules_without_permissions = {}
+        for node in self._pack["rules"][self._ruleid]["nodes"]:
+            node_type, node_content = node
+            node_name = node_content[0]
+            pack      = self.pack_containing_rule(node_name)
+            if node_type == 'call' and not self.may_use_rules_in_pack(pack):
+               packid = (pack['id'], pack['title'])
+               rules_without_permissions.setdefault(packid, [])
+               rules_without_permissions[packid].append(node_name)
+
+        if rules_without_permissions:
+            message = ", ".join([_("in BI rules %s used in pack
'%s'") % \
+                                 (", ".join([ "'%s'" % ruleid
for ruleid in ruleids]), title)
+                                 for (nodeid, title), ruleids in
rules_without_permissions.items()])
+            raise MKAuthException(_("You have no permission for changes %s.") %
message)
+
+
     def valuespec(self):
         elements = [
             ( "id",


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[checkmk-commits] 4658 FIX Fixed permissions in BI packs using rules from other packs