Module: check_mk
Branch: master
Commit: 807736b81b49fc45a7cd6df66de7e8383d12a47a
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=807736b81b49fc…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Jan 8 10:46:28 2014 +0100
Implemented role permissions for dashboards
Access to dashboards can now be controlled via role permissions. By
default all roles are permitted to acces all dashboards (like in
previous versions). You can now change access to the dashboards per
role.
---
.werks/429 | 11 +++++++++++
ChangeLog | 1 +
web/htdocs/dashboard.py | 20 ++++++++++++++++----
web/plugins/sidebar/shipped.py | 2 +-
4 files changed, 29 insertions(+), 5 deletions(-)
diff --git a/.werks/429 b/.werks/429
new file mode 100644
index 0000000..a9baccb
--- /dev/null
+++ b/.werks/429
@@ -0,0 +1,11 @@
+Title: Implemented role permissions for dashboards
+Level: 2
+Component: multisite
+Version: 1.2.5i1
+Date: 1389174300
+Class: feature
+
+Access to dashboards can now be controlled via role permissions. By
+default all roles are permitted to acces all dashboards (like in
+previous versions). You can now change access to the dashboards per
+role.
diff --git a/ChangeLog b/ChangeLog
index af1d911..3b1bad0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -83,6 +83,7 @@
* 0390 Added an icon selector to the view editor...
* 0391 Added sorter / filter for host/service service levels...
* 0247 New mkp package for web applications: iNag / nagstatus / nagios status.dat...
+ * 0429 Implemented role permissions for dashboards...
* 0302 FIX: Fixed highlight of choosen elements in foldertee/views snapin in
Chrome/IE
* 0239 FIX: Fixed incorrect html formatting when displaying host or service
comments...
* 0307 FIX: Increased performance of multisite GUI with a large userbase...
diff --git a/web/htdocs/dashboard.py b/web/htdocs/dashboard.py
index 9a8670e..34e1c77 100644
--- a/web/htdocs/dashboard.py
+++ b/web/htdocs/dashboard.py
@@ -61,10 +61,6 @@ def load_plugins():
if loaded_with_language == current_language:
return
- # Permissions are currently not being defined. That will be the
- # case as soon as dashboards become editable.
-
-
# Load plugins for dashboards. Currently these files
# just may add custom dashboards by adding to builtin_dashboards.
load_web_plugins("dashboard", globals())
@@ -80,6 +76,20 @@ def load_plugins():
global dashboards
dashboards = builtin_dashboards
+ # Declare permissions for all dashboards
+ config.declare_permission_section("dashboard", _("Dashboards"))
+ for name, dashboard in dashboards.items():
+ config.declare_permission("dashboard.%s" % name,
+ dashboard["title"],
+ dashboard.get("description", ''),
+ config.builtin_role_ids)
+
+def permitted_dashboards():
+ return [ (name, dashboard) for name, dashboard
+ in dashboards.items()
+ if config.may("dashboard.%s" % name)
+ ]
+
# HTML page handler for generating the (a) dashboard. The name
# of the dashboard to render is given in the HTML variable 'name'.
# This defaults to "main".
@@ -87,6 +97,8 @@ def page_dashboard():
name = html.var("name", "main")
if name not in dashboards:
raise MKGeneralException("No such dashboard:
'<b>%s</b>'" % name)
+ if not config.may("dashboard.%s" % name):
+ raise MKAuthException(_("You are not allowed to access this
dashboard."))
render_dashboard(name)
diff --git a/web/plugins/sidebar/shipped.py b/web/plugins/sidebar/shipped.py
index 89009e7..f7b047e 100644
--- a/web/plugins/sidebar/shipped.py
+++ b/web/plugins/sidebar/shipped.py
@@ -77,7 +77,7 @@ def views_by_topic():
# Add all the dashboards to the views list
s += [ (_('Dashboards'), d['title'] and d['title'] or d_name,
d_name)
for d_name, d
- in dashboard.dashboards.items()
+ in dashboard.permitted_dashboards()
]
s.sort()