Module: check_mk Branch: master Commit: 7936c43a12d711fdeb52f3ebe2da38a5e168374e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7936c43a12d711… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Tue Feb 21 16:24:10 2012 +0100 FIX: honor permissions for "bulk cleanup" and "bulk edit" --- .bugs/620 | 8 ++++++-- ChangeLog | 1 + web/htdocs/wato.py | 20 ++++++++++++++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/.bugs/620 b/.bugs/620 index 4635053..849a473 100644 --- a/.bugs/620 +++ b/.bugs/620 @@ -1,8 +1,12 @@ Title: Bulk edit berücksichtigt die Nutzer Rechte nicht Component: wato -State: open +Class: bug +State: done Date: 2012-01-18 10:30:06 Targetversion: 1.2.0 -Class: bug Ich kann Hosts auf die ich keine Rechte habe über die Bulk Edit Funktion bearbeiten. + +2012-02-21 16:23:38: changed state open -> done +Bulk edit und Bulk cleanup prüft jetzt die Rechte +korrekt. diff --git a/ChangeLog b/ChangeLog index 3ef1d85..d9dddd8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,7 @@ users not created via WATO will not be lost. * FIX: honor site disabling in replication module * FIX: honor write permissions on folder in "bulk delete" + * FIX: honor permissions for "bulk cleanup" and "bulk edit" Checks & Agents: * hpux_if: fix missing default parameter errors diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index d8617f5..cb30ba3 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -2412,8 +2412,18 @@ def mode_bulk_edit(phase): elif phase == "action": if html.check_transaction(): + config.need_permission("wato.edit_hosts") changed_attributes = collect_attributes() + if "contactgroups" in changed_attributes: + if True != check_folder_permissions(g_folder, "write", False): + raise MKAuthException(_("Sorry. In order to change the permissions of a host you need write " + "access to the folder it is contained in.")) + hostnames = get_hostnames_from_checkboxes() + # Check all permissions for doing any edit + for hostname in hostnames: + check_host_permissions(hostname) + for hostname in hostnames: host = g_folder[".hosts"][hostname] mark_affected_sites_dirty(g_folder, hostname) @@ -2468,8 +2478,18 @@ def mode_bulk_cleanup(phase): elif phase == "action": if html.check_transaction(): + config.need_permission("wato.edit_hosts") to_clean = bulk_collect_cleaned_attributes() + if "contactgroups" in to_clean: + if True != check_folder_permissions(g_folder, "write", False): + raise MKAuthException(_("Sorry. In order to change the permissions of a host you need write " + "access to the folder it is contained in.")) hostnames = get_hostnames_from_checkboxes() + + # Check all permissions for doing any edit + for hostname in hostnames: + check_host_permissions(hostname) + for hostname in hostnames: mark_affected_sites_dirty(g_folder, hostname) host = g_folder[".hosts"][hostname]