Module: check_mk
Branch: master
Commit: aecb93f0698ae2d36ec83f972245697ec77e9e4e
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=aecb93f0698ae2…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jul 16 16:43:42 2012 +0200
Added new role/permission matrix page in WATO to compare permissions of roles
---
ChangeLog | 2 +
web/htdocs/wato.py | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 61 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index e15e120..5de0409 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,8 @@
WATO:
* Added permission to control the "clone host" feature in WATO
+ * Added new role/permission matrix page in WATO to compare
+ permissions of roles
* FIX: remove line about number of rules in rule set overview
(that garbled the logical layout)
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 3e79453..712568e 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -8071,6 +8071,7 @@ def mode_roles(phase):
elif phase == "buttons":
global_buttons()
+ html.context_button(_("Matrix"), make_link([("mode",
"role_matrix")]), "matrix")
return
roles = load_roles()
@@ -8172,7 +8173,6 @@ def mode_roles(phase):
# - number of users with this role
html.write("</table>")
-
def mode_edit_role(phase):
id = html.var("edit")
@@ -8372,6 +8372,63 @@ def rename_user_role(id, new_id):
user["roles"].append(new_id)
save_users(users)
+def mode_role_matrix(phase):
+ if phase == "title":
+ return _("Role & Permission Matrix")
+
+ elif phase == "buttons":
+ global_buttons()
+ return
+
+ elif phase == "action":
+ return
+
+ # Show table of builtin and user defined roles, sorted by alias
+ roles = load_roles()
+ role_list = roles.items()
+ role_list.sort(cmp = lambda a,b: cmp((a[1]["alias"],a[0]),
(b[1]["alias"],b[0])))
+
+ html.write("<table class=data>")
+ html.write("<tr class=dualheader><th></th>")
+ num_roles = 1
+ for id, role in role_list:
+ html.write('<th>%s</th>' % role['alias'])
+ num_roles += 1
+ html.write("</tr>\n")
+
+ # Loop all permission sections, but sorted plz
+ odd = "even"
+ for section, (prio, section_title) in sorted(config.permission_sections.iteritems(),
+ key = lambda x: x[1][0], reverse =
True):
+
+ html.write('<tr>')
+ html.write('<th colspan=%d>%s</th>' % (num_roles,
section_title))
+ html.write('</tr>')
+
+ # Loop all permissions
+ for perm in config.permissions_by_order:
+ pname = perm["name"]
+ this_section = pname.split(".")[0]
+ if section != this_section:
+ continue # Skip permissions of other sections
+
+ odd = odd == "odd" and "even" or "odd"
+
+ html.write('<tr class="data %s0">' % odd)
+ html.write('<td class=title>%s</td>' %
perm["title"])
+
+ for id, role in role_list:
+ base_on_id = role.get('basedon', id)
+ pvalue = role["permissions"].get(pname)
+ if pvalue is None:
+ pvalue = base_on_id in perm["defaults"]
+
+ html.write('<td>%s</td>' % (pvalue and 'X' or
''))
+
+ html.write('</tr>')
+
+ html.write("</table>")
+
#.
# .-Host-Tags------------------------------------------------------------.
# | _ _ _ _____ |
@@ -11368,6 +11425,7 @@ modes = {
"users" : (["users"], mode_users),
"edit_user" : (["users"], mode_edit_user),
"roles" : (["users"], mode_roles),
+ "role_matrix" : (["users"], mode_role_matrix),
"edit_role" : (["users"], mode_edit_role),
"hosttags" : (["hosttags"], mode_hosttags),
"edit_hosttag" : (["hosttags"], mode_edit_hosttag),