Module: check_mk
Branch: master
Commit: 221fb4ef63dd4dfe801107e92b8c1a7af1c80b6e
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=221fb4ef63dd4d…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Nov 17 15:09:27 2017 +0100
5530 FIX Clicking on "Edit dashboard" accidentially copied dashboards with
"publish to others"
When one clicks on "Edit dashboard" to edit the currently visible dashboard and
the dashboard
is not owned by this user, the dashboard is cloned in the context of the current user.
This
is intended and equal to, for example, the views.
What was unintended is the fact that the "public" flag of the cloned dashboards
was not forced
to be forced. This way all users (with enough permissions) were publishing their cloned
views
leading to strang situations where from time to time a user could see different
dashboards.
The "Make this dashboard available for other users" is forced to be unchecked.
This way a user
clones the dashboard for himself in the first place.
Change-Id: Id4e99498f697646460dcaf67091ff95a4260bd5b
---
.werks/5530 | 20 ++++++++++++++++++++
web/htdocs/dashboard.py | 1 +
2 files changed, 21 insertions(+)
diff --git a/.werks/5530 b/.werks/5530
new file mode 100644
index 0000000..d18b93a
--- /dev/null
+++ b/.werks/5530
@@ -0,0 +1,20 @@
+Title: Clicking on "Edit dashboard" accidentially copied dashboards with
"publish to others"
+Level: 1
+Component: multisite
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.5.0i1
+Date: 1510927527
+
+When one clicks on "Edit dashboard" to edit the currently visible dashboard and
the dashboard
+is not owned by this user, the dashboard is cloned in the context of the current user.
This
+is intended and equal to, for example, the views.
+
+What was unintended is the fact that the "public" flag of the cloned dashboards
was not forced
+to be forced. This way all users (with enough permissions) were publishing their cloned
views
+leading to strang situations where from time to time a user could see different
dashboards.
+
+The "Make this dashboard available for other users" is forced to be unchecked.
This way a user
+clones the dashboard for himself in the first place.
diff --git a/web/htdocs/dashboard.py b/web/htdocs/dashboard.py
index 145935e..8389e33 100644
--- a/web/htdocs/dashboard.py
+++ b/web/htdocs/dashboard.py
@@ -314,6 +314,7 @@ def load_dashboard_with_cloning(name, edit = True):
# cloned now!
board = copy.deepcopy(board)
board['owner'] = config.user.id
+ board['public'] = False
dashboards[(config.user.id, name)] = board
available_dashboards[name] = board