Module: check_mk
Branch: master
Commit: 6415d9a7df43c61e565996d64d3a3a0f1e87662c
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=6415d9a7df43c6…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Wed Feb 4 15:46:08 2015 +0100
#1935 WATO Web-API: Reduced number configurable role permissions
The WATO Web-API now has only one permission left (use API at all).
The permission itself has been moved to <i>WATO -> Access to Web-API</i>.
---
.werks/1935 | 10 +++++++++
ChangeLog | 1 +
web/htdocs/webapi.py | 46 ++++++------------------------------------
web/plugins/webapi/webapi.py | 40 ------------------------------------
4 files changed, 17 insertions(+), 80 deletions(-)
diff --git a/.werks/1935 b/.werks/1935
new file mode 100644
index 0000000..1d3c0de
--- /dev/null
+++ b/.werks/1935
@@ -0,0 +1,10 @@
+Title: WATO Web-API: Reduced number configurable role permissions
+Level: 1
+Component: wato
+Compatible: compat
+Version: 1.2.7i1
+Date: 1423060960
+Class: feature
+
+The WATO Web-API now has only one permission left (use API at all).
+The permission itself has been moved to <i>WATO -> Access to Web-API</i>.
diff --git a/ChangeLog b/ChangeLog
index 7a8e64d..6a5c58e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -184,6 +184,7 @@
* 1674 ibm_svc_license / other license checks: now able to configure limits...
NOTE: Please refer to the migration notes!
* 1934 WATO Web-API: Documentation is finally available...
+ * 1935 WATO Web-API: Reduced number configurable role permissions...
* 1761 FIX: Ruleset search is now consistent for host & serviceparameters and
manual checks
* 1765 FIX: Fixed bug when generating nagvis backends while having sites with
livestatus proxy configured...
* 1789 FIX: Fix preview of passive checks in WATO list of services
diff --git a/web/htdocs/webapi.py b/web/htdocs/webapi.py
index 96e53aa..9d74ec5 100644
--- a/web/htdocs/webapi.py
+++ b/web/htdocs/webapi.py
@@ -50,36 +50,12 @@ def load_plugins():
# are loaded).
loaded_with_language = current_language
- config.declare_permission("webapi.api_allowed", _("API
accessible"),
- _("This permissions specifies if
the role "\
- "is able to use web API
functions at all"),
+ config.declare_permission("wato.api_allowed", _("Access to
Web-API"),
+ _("This permissions specifies if
the role "\
+ "is able to use Web-API
functions. It is only available "\
+ "for automation users."),
config.builtin_role_ids)
- # Declare permissions for all api actions
- config.declare_permission_section("webapi", _("Web API"), do_sort
= True)
- for name, settings in api_actions.items():
- full_description = "%s<br>API function
<tt>{site}/check_mk/webapi.py?action=%s</tt>" %
(settings.get("description",""), name)
- example_request = settings.get("example_request")
- if example_request:
- full_description += "<br>"
- if example_request[0]:
- full_description += "<br>Optional GET
parameters<br><table>"
- for entry in example_request[0]:
- full_description +=
"<tr><td><tt>%s</tt></td><td>%s</td></tr>"
% entry
- full_description += "</table>"
- if example_request[1]:
- full_description += "<br>Example request ( Json formatted
POST parameter <tt>request=</tt> ):<br>"
- try:
- import json
- full_description += "<pre>%s</pre>" %
json.dumps(example_request[1], sort_keys = True, indent = 2)
- except:
- full_description += "<pre>%s</pre>" %
pprint.pformat(example_request[1])
-
- config.declare_permission("webapi.%s" % name,
- settings["title"],
- full_description,
- config.builtin_role_ids)
-
g_api = None
def page_api():
@@ -89,14 +65,13 @@ def page_api():
if not config.user.get("automation_secret"):
raise MKAuthException("The WATO API is only available for automation
users")
- config.need_permission("webapi.api_allowed")
+ config.need_permission("wato.use")
+ config.need_permission("wato.api_allowed")
action = html.var('action')
if action not in api_actions:
raise MKUserError(None, "Unknown API action %s" %
html.attrencode(action))
- config.need_permission("webapi.%s" % action)
-
# Create API instance
g_api = API()
@@ -128,19 +103,10 @@ def page_api():
if api_actions[action].get("locking", True):
g_api.lock_wato()
- if html.var("debug_webapi"):
- if api_actions[action]["example_request"]:
- example_request = api_actions[action]["example_request"]
- for entry, description in example_request[0]:
- key, value = entry.split("=")
- html.set_var(key, value)
- request_object = example_request[1]
action_response = api_actions[action]["handler"](request_object)
response = { "result_code": 0, "result": action_response }
except Exception, e:
- #import traceback
-
#html.debug(traceback.format_exc().replace("\n","<br>"))
response = { "result_code": 1, "result": str(e) }
output_format = html.var("output_format", "json")
diff --git a/web/plugins/webapi/webapi.py b/web/plugins/webapi/webapi.py
index ce38c60..7a447d6 100644
--- a/web/plugins/webapi/webapi.py
+++ b/web/plugins/webapi/webapi.py
@@ -46,18 +46,6 @@ def action_add_host(request):
api_actions["add_host"] = {
"handler" : action_add_host,
- "title" : _("Add a host to WATO"),
- "description" : _("This webservice allows you to add a new
host."),
- "example_request" : ([("create_folders=1", _("If set to 1
(default) create non-existing folders"))],
- { "attributes": {
- "tag_criticality": "prod",
- "tag_agent": "cmk-agent",
- "alias": "Alias of testhost",
- "ipaddress": "127.0.0.1",
- },
- "folder": "server",
- "hostname": "testhost"
- }),
"locking" : True,
}
@@ -77,17 +65,6 @@ def action_edit_host(request):
api_actions["edit_host"] = {
"handler" : action_edit_host,
- "title" : _("Edit a host in WATO"),
- "description" : _("Allows you to modify the host attributes in WATO,
but can not change a hosts folder.<br>"\
- "If you want to unset a host_tag specify it with
<tt>tag_agent=False</tt>."),
- "example_request" : ([],
- { "attributes": {
- "tag_agent": "snmp-only",
- "site": "slave"
- },
- "unset_attributes": ["tag_criticality"],
- "hostname": "testhost"
- }),
"locking" : True,
}
@@ -108,10 +85,6 @@ def action_get_host(request):
api_actions["get_host"] = {
"handler" : action_get_host,
- "title" : _("Get host data from WATO"),
- "description" : _("Returns the host_attributes of the given
hostname"),
- "example_request" : ( [("effective_attributes=0", _("If set
to 1 (default=0) also get attributes from parent folders"))],
- { "hostname": "testhost" } ),
"locking" : False,
}
@@ -127,10 +100,6 @@ def action_delete_host(request):
api_actions["delete_host"] = {
"handler" : action_delete_host,
- "title" : _("Delete host in WATO"),
- "description" : _("Deletes the given hostname in WATO"),
- "example_request" : ( [],
- { "hostname": "testhost" } ),
"locking" : True,
}
@@ -148,10 +117,6 @@ def action_discover_services(request):
api_actions["discover_services"] = {
"handler" : action_discover_services,
- "title" : _("Host service discovery"),
- "description" : _("Starts a service discovery for the given
hostname."),
- "example_request" : ( [("mode=new",_("Available modes: new,
remove, fixall, refresh"))],
- { "hostname": "testhost" } ),
"locking" : True,
}
@@ -169,11 +134,6 @@ def action_activate_changes(request):
api_actions["activate_changes"] = {
"handler" : action_activate_changes,
- "title" : _("Activate changes"),
- "description" : _("Activates changes. The user still needs the
required permissions to do so."),
- "example_request" : ( [("allow_foreign_changes=0", _("If set
to 1 (default=0) proceed if there are foreign changes")),
- ("mode=dirty", _("Available modes: dirty (only
dirty sites), all (all sites), specific (use sites set in request)"))],
- { "sites": ["slave", "localsite"]
}),
"locking" : True,
}