Module: check_mk
Branch: master
Commit: 7eea087784568224bc0a2464126fba4d2aed59c4
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7eea0877845682…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Jul 14 09:56:08 2017 +0200
4993 FIX Fixed visibility of events for users with limited access to events
When a user is not permitted to see all events and can only see the events
of the host he/she is a contact for and maybe also events not related to
a host existing in the monitoring core the tactical overview snapin counted
the numbers of open events not correctly.
The event list view was filtering wrong in case a user has the "see all"
permission and not the "see unrelated" permission.
Change-Id: I475a6adfcf8501feafc9f0c2064de477cefe9203
---
.werks/4993 | 17 +++++++++++++++++
web/plugins/sidebar/shipped.py | 8 ++++++++
web/plugins/views/mkeventd.py | 2 +-
3 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/.werks/4993 b/.werks/4993
new file mode 100644
index 0000000..d01ad31
--- /dev/null
+++ b/.werks/4993
@@ -0,0 +1,17 @@
+Title: Fixed visibility of events for users with limited access to events
+Level: 1
+Component: ec
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.5.0i1
+Date: 1500018808
+
+When a user is not permitted to see all events and can only see the events
+of the host he/she is a contact for and maybe also events not related to
+a host existing in the monitoring core the tactical overview snapin counted
+the numbers of open events not correctly.
+
+The event list view was filtering wrong in case a user has the "see all"
+permission and not the "see unrelated" permission.
diff --git a/web/plugins/sidebar/shipped.py b/web/plugins/sidebar/shipped.py
index c0e7d2c..d069b6c 100644
--- a/web/plugins/sidebar/shipped.py
+++ b/web/plugins/sidebar/shipped.py
@@ -613,6 +613,13 @@ def get_tactical_overview_data(extra_filter_headers):
"Filter: host_custom_variable_names < _REALNAME\n" + \
extra_filter_headers
+ # In case the user is not allowed to see unrelated events
+ ec_filters = ""
+ if not config.user.may("mkeventd.seeall") and not
config.user.may("mkeventd.seeunrelated"):
+ ec_filters = "Filter: event_contact_groups != \n" \
+ + "Filter: host_name != \n" \
+ + "Or: 2\n"
+
event_query = (
# "Events" column
"GET eventconsoleevents\n"
@@ -630,6 +637,7 @@ def get_tactical_overview_data(extra_filter_headers):
"Stats: event_state != 0\n"
"Stats: event_host_in_downtime != 1\n"
"StatsAnd: 3\n"
+ + ec_filters
)
try:
diff --git a/web/plugins/views/mkeventd.py b/web/plugins/views/mkeventd.py
index 32d7497..99c5420 100644
--- a/web/plugins/views/mkeventd.py
+++ b/web/plugins/views/mkeventd.py
@@ -57,7 +57,7 @@ def query_ec_table(datasource, columns, add_columns, query, only_sites,
limit, t
_ec_filter_host_information_of_not_permitted_hosts(rows)
- if not config.user.may("mkeventd.seeunrelated"):
+ if not config.user.may("mkeventd.seeall") and not
config.user.may("mkeventd.seeunrelated"):
# user is not allowed to see all events returned by the core
rows = [ r for r in rows if r["event_contact_groups"] != [] or
r["host_name"] != "" ]