Module: check_mk
Branch: master
Commit: d339dd4ab3fc89f617fed21052934e740db7578e
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d339dd4ab3fc89…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Dec 4 09:04:05 2018 +0100
Revert "Additional permission function cleanups"
This reverts commit 0f1c9ba4a0eeba93b70d57e42665c085f64e0eb8.
---
cmk/gui/config.py | 41 ++++++++++++++++++++++++++++++-----
cmk/gui/pagetypes.py | 11 +++-------
cmk/gui/permissions.py | 31 --------------------------
cmk/gui/visuals.py | 7 +++---
tests/unit/cmk/gui/test_gui_config.py | 4 ++--
5 files changed, 44 insertions(+), 50 deletions(-)
diff --git a/cmk/gui/config.py b/cmk/gui/config.py
index 9f35fea..176b6cb 100644
--- a/cmk/gui/config.py
+++ b/cmk/gui/config.py
@@ -75,7 +75,8 @@ config_dir = cmk.paths.var_dir + "/web"
# Stores the initial configuration values
default_config = {}
-# TODO: Clean this up
+# Global table of available permissions. Plugins may add their own
+# permissions by calling declare_permission()
permission_declaration_functions = []
# Constants for BI
@@ -318,9 +319,37 @@ def tag_group_title(tag):
# | Declarations of permissions and roles |
# '----------------------------------------------------------------------'
+
+# Kept for compatibility with pre 1.6 GUI plugins
+def declare_permission(name, title, description, defaults):
+ if isinstance(name, unicode):
+ name = name.encode("utf-8")
+
+ section_name, permission_name = name.split(".", 1)
+
+ cls = type(
+ "LegacyPermission%s%s" % (section_name.title(),
permission_name.title()),
+ (permissions.Permission,), {
+ "_section_name": section_name,
+ "section": property(lambda s:
permissions.permission_section_registry[s._section_name]),
+ "permission_name": permission_name,
+ "name": name,
+ "title": title,
+ "description": description,
+ "defaults": defaults,
+ })
+ permissions.permission_registry.register(cls)
+
+
# Kept for compatibility with pre 1.6 GUI plugins
-declare_permission = permissions.declare_permission
-declare_permission_section = permissions.declare_permission_section
+def declare_permission_section(name, title, prio=50, do_sort=False):
+ cls = type("LegacyPermissionSection%s" % name.title(),
(permissions.PermissionSection,), {
+ "name": name,
+ "title": title,
+ "sort_index": prio,
+ "do_sort": do_sort,
+ })
+ permissions.permission_section_registry.register(cls)
# Some module have a non-fixed list of permissions. For example for
@@ -329,19 +358,21 @@ declare_permission_section = permissions.declare_permission_section
# that purpose module can register functions. These functions should
# just call declare_permission(). They are being called in the correct
# situations.
-# TODO: Clean this up
def declare_dynamic_permissions(func):
permission_declaration_functions.append(func)
# This function needs to be called by all code that needs access
# to possible dynamic permissions
-# TODO: Clean this up
def load_dynamic_permissions():
for func in permission_declaration_functions:
func()
+def permission_exists(pname):
+ return pname in permissions.permission_registry
+
+
def get_role_permissions():
"""Returns the set of permissions for all roles"""
role_permissions = {}
diff --git a/cmk/gui/pagetypes.py b/cmk/gui/pagetypes.py
index b1bef71..cd655c6 100644
--- a/cmk/gui/pagetypes.py
+++ b/cmk/gui/pagetypes.py
@@ -57,12 +57,7 @@ from cmk.gui.valuespec import (
from cmk.gui.i18n import _u, _
from cmk.gui.globals import html
-from cmk.gui.exceptions import (
- MKUserError,
- MKGeneralException,
- MKAuthException,
-)
-from cmk.gui.permissions import permission_registry
+from cmk.gui.exceptions import MKUserError, MKGeneralException, MKAuthException
# .--Base----------------------------------------------------------------.
# | ____ |
@@ -504,7 +499,7 @@ class Overridable(Base):
# TODO: Wie is die Semantik hier genau? Umsetzung vervollständigen!
def may_see(self):
perm_name = "%s.%s" % (self.type_name(), self.name())
- if perm_name in permission_registry and not config.user.may(perm_name):
+ if config.permission_exists(perm_name) and not config.user.may(perm_name):
return False
# if self.owner() == "" and not config.user.may(perm_name):
@@ -793,7 +788,7 @@ class Overridable(Base):
@classmethod
def declare_permission(cls, page):
permname = "%s.%s" % (cls.type_name(), page.name())
- if page.is_public() and permname not in permission_registry:
+ if page.is_public() and not config.permission_exists(permname):
config.declare_permission(permname, page.title(), page.description(),
['admin', 'user',
'guest'])
diff --git a/cmk/gui/permissions.py b/cmk/gui/permissions.py
index 3caca95..f1630b6 100644
--- a/cmk/gui/permissions.py
+++ b/cmk/gui/permissions.py
@@ -150,34 +150,3 @@ class PermissionRegistry(cmk.plugin_registry.ClassRegistry):
permission_registry = PermissionRegistry()
-
-
-# Kept for compatibility with pre 1.6 GUI plugins
-def declare_permission_section(name, title, prio=50, do_sort=False):
- cls = type("LegacyPermissionSection%s" % name.title(),
(PermissionSection,), {
- "name": name,
- "title": title,
- "sort_index": prio,
- "do_sort": do_sort,
- })
- permission_section_registry.register(cls)
-
-
-# Kept for compatibility with pre 1.6 GUI plugins
-def declare_permission(name, title, description, defaults):
- if isinstance(name, unicode):
- name = name.encode("utf-8")
-
- section_name, permission_name = name.split(".", 1)
-
- cls = type(
- "LegacyPermission%s%s" % (section_name.title(),
permission_name.title()), (Permission,), {
- "_section_name": section_name,
- "section": property(lambda s:
permission_section_registry[s._section_name]),
- "permission_name": permission_name,
- "name": name,
- "title": title,
- "description": description,
- "defaults": defaults,
- })
- permission_registry.register(cls)
diff --git a/cmk/gui/visuals.py b/cmk/gui/visuals.py
index 1246f15..2db1310 100644
--- a/cmk/gui/visuals.py
+++ b/cmk/gui/visuals.py
@@ -66,7 +66,6 @@ from cmk.gui.plugins.visuals.utils import ( # pylint:
disable=unused-import
FilterTristate, FilterUnicodeFilter, FilterSite,
)
from cmk.gui.plugins.visuals.utils import _infos as infos
-from cmk.gui.permissions import permission_registry
if not cmk.is_raw_edition():
import cmk.gui.cee.plugins.visuals
@@ -266,7 +265,7 @@ def load_visuals_of_a_user(what, builtin_visuals, skip_func, lock,
path, user):
def declare_visual_permission(what, name, visual):
permname = "%s.%s" % (what[:-1], name)
- if visual["public"] and permname not in permission_registry:
+ if visual["public"] and not config.permission_exists(permname):
config.declare_permission(permname, visual["title"],
visual["description"],
['admin', 'user', 'guest'])
@@ -319,7 +318,7 @@ def available(what, all_visuals):
u, "general.force_" + what):
# Honor original permissions for the current user
permname = "%s.%s" % (permprefix, n)
- if permname in permission_registry \
+ if config.permission_exists(permname) \
and not config.user.may(permname):
continue
visuals[n] = visual
@@ -338,7 +337,7 @@ def available(what, all_visuals):
u, "general.publish_" + what):
# Is there a builtin visual with the same name? If yes, honor
permissions.
permname = "%s.%s" % (permprefix, n)
- if permname in permission_registry \
+ if config.permission_exists(permname) \
and not config.user.may(permname):
continue
visuals[n] = visual
diff --git a/tests/unit/cmk/gui/test_gui_config.py
b/tests/unit/cmk/gui/test_gui_config.py
index 1e68c71b..318e884 100644
--- a/tests/unit/cmk/gui/test_gui_config.py
+++ b/tests/unit/cmk/gui/test_gui_config.py
@@ -2480,9 +2480,9 @@ def test_declare_permission(monkeypatch):
assert "bla" in permissions.permission_section_registry
monkeypatch.setattr(permissions, "permission_registry",
permissions.PermissionRegistry())
- assert "bla.blub" not in permissions.permission_registry
+ assert not config.permission_exists("bla.blub")
config.declare_permission("bla.blub", u"bla perm",
u"descrrrrr", ["admin"])
- assert "bla.blub" in permissions.permission_registry
+ assert config.permission_exists("bla.blub")
permission = permissions.permission_registry["bla.blub"]()
assert permission.section ==
permissions.permission_section_registry["bla"]