Module: check_mk
Branch: master
Commit: 8fe01b8cb4b15d4718d1fde513126e782ca13fd1
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8fe01b8cb4b15d…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Tue Dec 17 11:30:25 2013 +0100
FIX Fix folder visibility in WATO for unpriviledged users
In WATO if you are an unpriviledged user you might have write access to some
lower subfolders but not to the upper folders. This is perfectly common,
because that way the monitoring administrator can delegate tasks for certain
classes of hosts to his collegues.
Previously, however, you couldn't navigate to the lower folders without
faking the URL. This has been fixed now. If you are located in a folder
without having permissions to it you won't see any hosts of that folder,
but still you see the subfolders and also can enter these.
Also this fix removes that buttons for actions on a folder if you do
not have write permissions to it.
---
.werks/346 | 21 +++++++++++++++++++++
ChangeLog | 1 +
web/htdocs/wato.css | 8 ++++++++
web/htdocs/wato.py | 46 +++++++++++++++++++++++++++++-----------------
4 files changed, 59 insertions(+), 17 deletions(-)
diff --git a/.werks/346 b/.werks/346
new file mode 100644
index 0000000..36cd5de
--- /dev/null
+++ b/.werks/346
@@ -0,0 +1,21 @@
+Title: Fix folder visibility in WATO for unpriviledged users
+Level: 2
+Component: wato
+Class: fix
+State: unknown
+Version: 1.2.5i1
+Date: 1387276017
+Targetversion: future
+
+In WATO if you are an unpriviledged user you might have write access to some
+lower subfolders but not to the upper folders. This is perfectly common,
+because that way the monitoring administrator can delegate tasks for certain
+classes of hosts to his collegues.
+
+Previously, however, you couldn't navigate to the lower folders without
+faking the URL. This has been fixed now. If you are located in a folder
+without having permissions to it you won't see any hosts of that folder,
+but still you see the subfolders and also can enter these.
+
+Also this fix removes that buttons for actions on a folder if you do
+not have write permissions to it.
diff --git a/ChangeLog b/ChangeLog
index e5792cf..9f59b6d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -79,6 +79,7 @@
* 0361 FIX: The page linked by "new rule" can now be bookmarked again
* 0341 FIX: Avoid rare exception in WATO when deleting a host...
* 0376 FIX: LDAP: Default configuration of attributes is reflected within WATO now
+ * 0346 FIX: Fix folder visibility in WATO for unpriviledged users...
Notifications:
* 0362 sms: now searching PATH for sendsms and smssend commands...
diff --git a/web/htdocs/wato.css b/web/htdocs/wato.css
index fb0550d..39eb26d 100644
--- a/web/htdocs/wato.css
+++ b/web/htdocs/wato.css
@@ -362,6 +362,7 @@ table.validationerror img {
position: absolute;
top: 28px;
right: 19px;
+ z-index: 500;
}
.wato div.floatfolder div.infos img {
@@ -422,6 +423,13 @@ table.validationerror img {
top: -2px;
}
+.wato img.authicon {
+ width: 28px;
+ height: 28px;
+ margin-right: 10px;
+ vertical-align: middle;
+}
+
.wato div.move_dialog {
padding:10px;
background-color: #45829D;
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 029eac2..4518ff6 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -827,6 +827,10 @@ def get_folder_aliaspath(folder, show_main = True):
# '----------------------------------------------------------------------'
def mode_folder(phase):
+ auth_message = check_folder_permissions(g_folder, "read", False)
+ auth_read = auth_message == True
+ auth_write = check_folder_permissions(g_folder, "write", False) == True
+
global g_folder
if phase == "title":
return g_folder["title"]
@@ -835,16 +839,17 @@ def mode_folder(phase):
global_buttons()
if config.may("wato.rulesets") or config.may("wato.seeall"):
html.context_button(_("Rulesets"),
make_link([("mode", "ruleeditor")]), "rulesets")
- html.context_button(_("Folder Properties"),
make_link_to([("mode", "editfolder")], g_folder), "edit")
- if not g_folder.get(".lock_subfolders") and
config.may("wato.manage_folders"):
+ if auth_read:
+ html.context_button(_("Folder Properties"),
make_link_to([("mode", "editfolder")], g_folder), "edit")
+ if not g_folder.get(".lock_subfolders") and
config.may("wato.manage_folders") and auth_write:
html.context_button(_("New folder"),
make_link([("mode", "newfolder")]), "newfolder")
- if not g_folder.get(".lock_hosts") and
config.may("wato.manage_hosts"):
+ if not g_folder.get(".lock_hosts") and
config.may("wato.manage_hosts") and auth_write:
html.context_button(_("New host"), make_link([("mode",
"newhost")]), "new")
html.context_button(_("New cluster"), make_link([("mode",
"newcluster")]), "new_cluster")
if config.may("wato.services"):
html.context_button(_("Bulk Inventory"),
make_link([("mode", "bulkinventory"), ("all",
"1")]),
"inventory")
- if not g_folder.get(".lock_hosts") and
config.may("wato.parentscan"):
+ if not g_folder.get(".lock_hosts") and
config.may("wato.parentscan") and auth_write:
html.context_button(_("Parent scan"), make_link([("mode",
"parentscan"), ("all", "1")]),
"parentscan")
search_button()
@@ -955,6 +960,9 @@ def mode_folder(phase):
else:
render_folder_path()
+ if not auth_read:
+ html.message('<img class=authicon
src="images/icon_autherr.png"> %s' % auth_message)
+
lock_messages = []
if g_folder.get(".lock_hosts"):
if g_folder[".lock_hosts"] == True:
@@ -982,7 +990,7 @@ def mode_folder(phase):
if True == check_folder_permissions(g_folder, "read", False):
have_something = show_hosts(g_folder) or have_something
- if not have_something:
+ if not have_something and auth_write:
menu_items = []
if not g_folder.get(".lock_hosts"):
menu_items.extend([
@@ -1098,7 +1106,7 @@ def check_folder_permissions(folder, how, exception=True, user =
None, users = N
if c in cgs:
return True
- reason = _("Sorry, you have no permissions to access the folder
<b>%s</b>. ") % folder["title"]
+ reason = _("Sorry, you have no permissions to the folder <b>%s</b>.
") % folder["title"]
if not cgs:
reason += _("The folder has no contact groups assigned to.")
else:
@@ -1107,6 +1115,7 @@ def check_folder_permissions(folder, how, exception=True, user =
None, users = N
reason += _("Your contact groups are <b>%s</b>.") %
", ".join(user_cgs)
else:
reason += _("But you are not a member of any contact group.")
+ reason += _("You may enter the folder as you might have permission on a
subfolders, though.")
if exception:
raise MKAuthException(reason)
@@ -1152,18 +1161,24 @@ def show_subfolders(folder):
html.write('<div class="floatfolder%s"
id="folder_%s"' % (
auth_read and " unlocked" or " locked",
entry['.name']))
- if auth_write:
- html.write(' onclick="wato_open_folder(event,
\'%s\');"' % enter_url)
+ html.write(' onclick="wato_open_folder(event,
\'%s\');"' % enter_url)
html.write('>')
# Only make folder openable when permitted to edit
- if auth_read:
- html.write(
- '<div class=hoverarea onmouseover="wato_toggle_folder(event,
this, true);" '
- 'onmouseout="wato_toggle_folder(event, this,
false)">'
- )
+ if not auth_read:
+ html.write('<img class="icon autherr"
src="images/icon_autherr.png" title="%s">' % \
+ (html.strip_tags(auth_message)))
+
+ if True: # auth_read:
+ if not auth_read:
+ html.write('<div class=hoverarea>')
+
+ else:
+ html.write(
+ '<div class=hoverarea
onmouseover="wato_toggle_folder(event, this, true);" '
+ 'onmouseout="wato_toggle_folder(event, this,
false)">'
+ )
- if auth_read:
html.icon_button(
edit_url,
_("Edit the properties of this folder"),
@@ -1200,9 +1215,6 @@ def show_subfolders(folder):
)
html.write('</div>')
- else:
- html.write('<img class="icon autherr"
src="images/icon_autherr.png" title="%s">' % \
- (html.strip_tags(auth_message)))
html.write('<div class=infos>')
# Show contact groups of the folder
effective = effective_attributes(None, entry)