dashboards visible to the user
Message-ID: <5a7d7a93.E8FLVLGrzDzZiokW%lm(a)mathias-kettner.de>
User-Agent: Heirloom mailx 12.5 6/20/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Module: check_mk
Branch: master
Commit: 8e3740c710372a977fd5a328ee1e31fd98d79be5
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8e3740c710372a…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Thu Feb 8 17:22:33 2018 +0100
5724 FIX View/Dashboard list: Link titles only for views/dashboards visible to the user
Previously also overriden views/dashboards were linked.
Change-Id: If60b507acabd5dc4bc211e2f663893b3d49628da
---
.werks/5724 | 10 ++++++++++
web/htdocs/visuals.py | 18 +++++++++++++++++-
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/.werks/5724 b/.werks/5724
new file mode 100644
index 0000000..0de4a50
--- /dev/null
+++ b/.werks/5724
@@ -0,0 +1,10 @@
+Title: View/Dashboard list: Link titles only for views/dashboards visible to the user
+Level: 1
+Component: multisite
+Compatible: compat
+Edition: cre
+Version: 1.5.0i3
+Date: 1518116400
+Class: fix
+
+Previously also overriden views/dashboards were linked.
diff --git a/web/htdocs/visuals.py b/web/htdocs/visuals.py
index 587cd52..9d9730f 100644
--- a/web/htdocs/visuals.py
+++ b/web/htdocs/visuals.py
@@ -452,7 +452,7 @@ def page_list(what, title, visuals, custom_columns = None,
# Title
table.cell(_('Title'))
title = _u(visual['title'])
- if not visual["hidden"] and (owner == config.user.id or
visual["public"]):
+ if _visual_can_be_linked(what, visual_name, visuals, visual, owner):
html.a(title, href="%s.py?%s=%s" % (what_s,
visual_types[what]['ident_attr'], visual_name))
else:
html.write_text(title)
@@ -478,6 +478,22 @@ def page_list(what, title, visuals, custom_columns = None,
html.footer()
+
+def _visual_can_be_linked(what, visual_name, all_visuals, visual, owner):
+ if visual["hidden"]:
+ return False # don't link to hidden visuals
+
+ if owner == config.user.id:
+ return True
+
+ # Is this the visual which would be shown to the user in case the user
+ # requests a visual with the current name?
+ user_visuals = available(what, all_visuals)
+ if user_visuals.get(visual_name) != visual:
+ return False
+
+ return visual["public"]
+
#.
# .--Create Visual-------------------------------------------------------.
# | ____ _ __ ___ _ |