Module: check_mk
Branch: master
Commit: 9652e803814a7d8387592e788ddb59360deaa1d2
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9652e803814a7d…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jan 29 17:32:03 2018 +0100
5661 Publish views (and dashboard): Only own contact groups are selectable for users
Views and also dashboards can be published to members of contact groups. Earlier versions
allowed even normal users to select any configured contact group to publish these things
to.
We have changed this now for normal monitoring users. They can now only select contact
groups
which they are a member of. If you need the old behaviour back, you can enable the
permission
"Publish views to foreign contact groups" for them.
Administators have this permission by default and can still publish views/dashboards to
the
members of any contact group.
Change-Id: I3fc589285dd9452fc4b16b2d127d9a8d58308943
---
.werks/5661 | 18 ++++++++++++++++++
web/htdocs/default_permissions.py | 5 +++++
web/htdocs/userdb.py | 10 ++++++----
web/htdocs/visuals.py | 9 +++++++--
4 files changed, 36 insertions(+), 6 deletions(-)
diff --git a/.werks/5661 b/.werks/5661
new file mode 100644
index 0000000..82bbf1b
--- /dev/null
+++ b/.werks/5661
@@ -0,0 +1,18 @@
+Title: Publish views (and dashboard): Only own contact groups are selectable for users
+Level: 1
+Component: multisite
+Compatible: compat
+Edition: cre
+Version: 1.5.0i3
+Date: 1517243324
+Class: feature
+
+Views and also dashboards can be published to members of contact groups. Earlier
versions
+allowed even normal users to select any configured contact group to publish these things
to.
+
+We have changed this now for normal monitoring users. They can now only select contact
groups
+which they are a member of. If you need the old behaviour back, you can enable the
permission
+"Publish views to foreign contact groups" for them.
+
+Administators have this permission by default and can still publish views/dashboards to
the
+members of any contact group.
diff --git a/web/htdocs/default_permissions.py b/web/htdocs/default_permissions.py
index 4152535..6cfac31 100644
--- a/web/htdocs/default_permissions.py
+++ b/web/htdocs/default_permissions.py
@@ -180,6 +180,11 @@ def declare_visual_permissions(what, what_plural):
_("Make %s visible and usable for other users.") % what_plural,
[ "admin", "user" ])
+ config.declare_permission("general.publish_" + what +
"_to_foreign_groups",
+ _("Publish %s to foreign contact groups") % what_plural,
+ _("Make %s visible and usable for users of contact groups the publishing
user is not a member of.") % what_plural,
+ [ "admin" ])
+
config.declare_permission("general.see_user_" + what,
_("See user %s") % what_plural,
_("Is needed for seeing %s that other users have created.") %
what_plural,
diff --git a/web/htdocs/userdb.py b/web/htdocs/userdb.py
index 49ed4c3..4b122e9 100644
--- a/web/htdocs/userdb.py
+++ b/web/htdocs/userdb.py
@@ -1030,15 +1030,17 @@ def load_group_information():
class GroupChoice(DualListChoice):
- def __init__(self, what, **kwargs):
+ def __init__(self, what, with_foreign_groups=True, **kwargs):
DualListChoice.__init__(self, **kwargs)
self.what = what
- self._choices = lambda: self.load_groups()
+ self._choices = lambda: self.load_groups(with_foreign_groups)
- def load_groups(self):
+
+ def load_groups(self, with_foreign_groups):
all_groups = load_group_information()
this_group = all_groups.get(self.what, {})
- return [ (k, t['alias'] and t['alias'] or k) for (k, t) in
this_group.items() ]
+ return [ (k, t['alias'] and t['alias'] or k) for (k, t) in
this_group.items()
+ if with_foreign_groups or k in config.user.contact_groups() ]
#.
diff --git a/web/htdocs/visuals.py b/web/htdocs/visuals.py
index 3fbf38e..af877f7 100644
--- a/web/htdocs/visuals.py
+++ b/web/htdocs/visuals.py
@@ -730,7 +730,11 @@ def page_edit_visual(what, all_visuals, custom_field_handler = None,
)),
]
if config.user.may("general.publish_" + what):
- visibility_elements.append(('public',
PublishTo(type_title=visual_type["title"])))
+ with_foreign_groups = config.user.may("general.publish_" + what +
"_to_foreign_groups")
+ visibility_elements.append(('public', PublishTo(
+ type_title=visual_type["title"],
+ with_foreign_groups=with_foreign_groups,
+ )))
vs_general = Dictionary(
title = _("General Properties"),
@@ -880,12 +884,13 @@ def page_edit_visual(what, all_visuals, custom_field_handler =
None,
class PublishTo(CascadingDropdown):
- def __init__(self, type_title=None, **kwargs):
+ def __init__(self, type_title=None, with_foreign_groups=True, **kwargs):
super(PublishTo, self).__init__(
choices = [
(True, _("Publish to all users")),
("contact_groups", _("Publish to members of contact
groups"), userdb.GroupChoice(
"contact",
+ with_foreign_groups=with_foreign_groups,
title = _("Publish to members of contact groups"),
rows = 5,
size = 40,