[checkmk-commits] 4506 FIX User without permission to host could see host information when permitted for "all events"

Module: check_mk Branch: master Commit: a008a379ebcb1cd07808cae3d908ae45814793c3 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a008a379ebcb1c… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Mar 20 12:06:23 2017 +0100 4506 FIX User without permission to host could see host information when permitted for "all events" When a user has the permission "see all events", he can see events for hosts that the user is not permitted to in the status GUI. This is the default for regular users. These users could access the event detail page and see information about the host, like the state of the services, even when they were not permitted to see data about this host in the status page. Whe the user is allowed to customize his views, he could easily add more host related columns to see even more information about that host. Change-Id: I8b8a546967424956609235379ba5c4044c7c16c4 --- .bugs/2462 | 7 ++++-- .werks/4506 | 17 +++++++++++++++ web/htdocs/config.py | 4 ++++ web/plugins/views/mkeventd.py | 50 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 76 insertions(+), 2 deletions(-) diff --git a/.bugs/2462 b/.bugs/2462 index 1372250..28624b4 100644 --- a/.bugs/2462 +++ b/.bugs/2462 @@ -1,9 +1,9 @@ Title: EC: User without permission to host can view host information Component: multisite -State: open +Class: bug +State: done Date: 2016-07-22 18:02:26 Targetversion: 1.2.8 -Class: bug When viewing an event of a host which the user is not permitted to see while the user has "see all events permission", the user sees the @@ -21,3 +21,6 @@ the monitoring data of that host. This needs to be filtered either in the core (then we need the AuthUser header and the info that the user has "see all" permission) or in web/plugins/views/mkeventd.py query_ec_table(). + +2017-03-20 12:03:26: changed state open -> done +Has been fixed now diff --git a/.werks/4506 b/.werks/4506 new file mode 100644 index 0000000..3b4b119 --- /dev/null +++ b/.werks/4506 @@ -0,0 +1,17 @@ +Title: User without permission to host could see host information when permitted for "all events" +Level: 1 +Component: ec +Compatible: compat +Edition: cre +Version: 1.5.0i1 +Date: 1490007809 +Class: fix + +When a user has the permission "see all events", he can see events for hosts that the user is not +permitted to in the status GUI. This is the default for regular users. + +These users could access the event detail page and see information about the host, like the state +of the services, even when they were not permitted to see data about this host in the status page. + +Whe the user is allowed to customize his views, he could easily add more host related columns to +see even more information about that host. diff --git a/web/htdocs/config.py b/web/htdocs/config.py index 3b625cd..e9f87b5 100644 --- a/web/htdocs/config.py +++ b/web/htdocs/config.py @@ -411,6 +411,10 @@ class LoggedInUser(object): return self.get_attribute("language", get_language(default)) + def contact_groups(self): + return self.get_attribute("contactgroups", []) + + def load_stars(self): return set(self.load_file("favorites", [])) diff --git a/web/plugins/views/mkeventd.py b/web/plugins/views/mkeventd.py index 2921683..4340c21 100644 --- a/web/plugins/views/mkeventd.py +++ b/web/plugins/views/mkeventd.py @@ -53,12 +53,62 @@ def query_ec_table(datasource, columns, add_columns, query, only_sites, limit, t rows = query_data(datasource, columns, add_columns, query, only_sites, limit, tablename=tablename) + if not rows: + return rows + + _ec_filter_host_information_of_not_permitted_hosts(rows) + if config.user.may("mkeventd.seeunrelated"): return rows # user is allowed to see all events returned by the core return [ r for r in rows if r["event_contact_groups"] != [] or r["host_name"] != "" ] +# Handle the case where a user is allowed to see all events (-> events for hosts he +# is not permitted for). In this case the user should be allowed to see the event +# information, but not the host related information. +# +# To realize this, whe filter all data from the host_* columns from the response. +# See Gitbug #2462 for some more information. +# +# This should be handled in the core, but the core does not know anything about +# the "mkeventd.seeall" permissions. So it is simply not possible to do this on +# core level at the moment. +def _ec_filter_host_information_of_not_permitted_hosts(rows): + if not config.user.may("mkeventd.seeall"): + return + + user_groups = set(config.user.contact_groups()) + + def is_contact(row): + return bool(user_groups.intersection(row["host_contact_groups"])) + + if rows: + remove_keys = [ c for c in rows[0].keys() if c.startswith("host_") ] + else: + remove_keys = [] + + for row in rows: + if row["host_name"] == "": + continue # This is an "unrelated host", don't treat it here + + if is_contact(row): + continue # The user may see these host information + + # Now remove the host information. This can sadly not apply the cores + # default values for the different columns. We try our best to clean up + for key in remove_keys: + if type(row[key]) == list: + row[key] = [] + elif type(row[key]) == int: + row[key] = 0 + elif type(row[key]) == float: + row[key] = 0.0 + elif type(row[key]) == str: + row[key] = "" + elif type(row[key]) == unicode: + row[key] = u"" + # Declare datasource only if the event console is activated. We do # not want to irritate users that do not know anything about the EC.