[checkmk-commits] 4683 New permission: Clear audit log

Module: check_mk Branch: master Commit: 929e2500544b22f67251f3c8429a65f127ac1405 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=929e2500544b22… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue May 16 09:45:20 2017 +0200 4683 New permission: Clear audit log With this new permission you can configure read only access to the audit log to users. Change-Id: I78918d04269c802baac8ac539671fdaf9ccb394b --- .werks/4683 | 11 +++++++++++ web/htdocs/wato.py | 14 +++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/.werks/4683 b/.werks/4683 new file mode 100644 index 0000000..9963af2 --- /dev/null +++ b/.werks/4683 @@ -0,0 +1,11 @@ +Title: New permission: Clear audit log +Level: 1 +Component: wato +Compatible: compat +Edition: cre +Version: 1.5.0i1 +Date: 1494920680 +Class: feature + +With this new permission you can configure read only access to the audit log to +users. diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index 558eb5b..e762ec4 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -4853,7 +4853,8 @@ class ModeAuditLog(WatoMode): def buttons(self): changelog_button() home_button() - if self._log_exists() and config.user.may("wato.auditlog") and config.user.may("wato.edit"): + if self._log_exists() and config.user.may("wato.clear_auditlog") \ + and config.user.may("wato.auditlog") and config.user.may("wato.edit"): html.context_button(_("Download"), html.makeactionuri([("_action", "csv")]), "download") if config.user.may("wato.edit"): @@ -4868,6 +4869,7 @@ class ModeAuditLog(WatoMode): def action(self): if html.var("_action") == "clear": config.user.need_permission("wato.auditlog") + config.user.need_permission("wato.clear_auditlog") config.user.need_permission("wato.edit") return self._clear_audit_log_after_confirm() @@ -17382,12 +17384,18 @@ def load_plugins(force): config.declare_permission("wato.auditlog", _("Audit Log"), - _("Access to the historic audit log. A user with write " - "access can delete the audit log. " + _("Access to the historic audit log. " "The currently pending changes can be seen by all users " "with access to WATO."), [ "admin", ]) + config.declare_permission("wato.clear_auditlog", + _("Clear audit Log"), + _("Clear the entries of the audit log. To be able to clear the audit log " + "a user needs the generic WATO permission \"Make changes, perform actions\", " + "the \"View audit log\" and this permission."), + [ "admin", ]) + config.declare_permission("wato.hosts", _("Host management"), _("Access to the management of hosts and folders. This "