Module: check_mk
Branch: master
Commit: 13c465bdef508c6b9e2ec45e54708ce0f00b96d2
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=13c465bdef508c…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jul 15 10:30:27 2014 +0200
WATO folder permissions are only exported to NagVis when configured
WATO exports the configured users, roles and permissions to NagVis to make
it possible to restrict access by using the permissions configured within
Multisite. In most cases the folder related permissions are not needed and
might take a lot of time to compute / process. So disabled the export
of the folder related permissions by default and made configurable using
the option {export_folder_permissions}.
---
.werks/1057 | 13 +++++++++++++
ChangeLog | 1 +
web/plugins/config/builtin.py | 3 +++
web/plugins/userdb/hook_auth.py | 10 ++++++++--
web/plugins/wato/check_mk_configuration.py | 15 +++++++++++++++
5 files changed, 40 insertions(+), 2 deletions(-)
diff --git a/.werks/1057 b/.werks/1057
new file mode 100644
index 0000000..3b79771
--- /dev/null
+++ b/.werks/1057
@@ -0,0 +1,13 @@
+Title: WATO folder permissions are only exported to NagVis when configured
+Level: 1
+Component: wato
+Version: 1.2.5i5
+Date: 1405412830
+Class: feature
+
+WATO exports the configured users, roles and permissions to NagVis to make
+it possible to restrict access by using the permissions configured within
+Multisite. In most cases the folder related permissions are not needed and
+might take a lot of time to compute / process. So disabled the export
+of the folder related permissions by default and made configurable using
+the option {export_folder_permissions}.
diff --git a/ChangeLog b/ChangeLog
index 0ab6b7c..3e54b39 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -59,6 +59,7 @@
WATO:
* 0825 WATO: Hover menu of user online state shows the last seen date/time now
+ * 1057 WATO folder permissions are only exported to NagVis when configured...
* 0990 FIX: Fix HTTP error handling in bulk inventory...
* 1004 FIX: Fix exception when saving rules, caused by empty item
* 0947 FIX: WATO snapshots: fixed missing files on restoring nagvis backup domains
diff --git a/web/plugins/config/builtin.py b/web/plugins/config/builtin.py
index bc00a9e..61a8e0b 100644
--- a/web/plugins/config/builtin.py
+++ b/web/plugins/config/builtin.py
@@ -237,3 +237,6 @@ default_user_profile = {
lock_on_logon_failures = False
user_localizations = default_user_localizations
+
+# Write WATO folder permissions to auth.php file
+export_folder_permissions = False
diff --git a/web/plugins/userdb/hook_auth.py b/web/plugins/userdb/hook_auth.py
index 771807c..896ee6b 100644
--- a/web/plugins/userdb/hook_auth.py
+++ b/web/plugins/userdb/hook_auth.py
@@ -207,8 +207,14 @@ function may($username, $need_permission) {
def create_auth_file(callee, users):
make_nagios_directory(g_auth_base_dir)
- import wato # HACK: cleanup!
- create_php_file(callee, users, config.get_role_permissions(),
wato.get_folder_permissions_of_users(users))
+
+ if config.export_folder_permissions:
+ import wato # HACK: cleanup!
+ folder_permissions = wato.get_folder_permissions_of_users(users)
+ else:
+ folder_permissions = {}
+
+ create_php_file(callee, users, config.get_role_permissions(), folder_permissions)
hooks.register('users-saved', lambda users:
create_auth_file("users-saved", users))
hooks.register('roles-saved', lambda x:
create_auth_file("roles-saved", load_users()))
diff --git a/web/plugins/wato/check_mk_configuration.py
b/web/plugins/wato/check_mk_configuration.py
index b7ea47e..a550b26 100644
--- a/web/plugins/wato/check_mk_configuration.py
+++ b/web/plugins/wato/check_mk_configuration.py
@@ -978,6 +978,21 @@ register_configvar(group,
domain = "multisite"
)
+
+register_configvar(group,
+ "export_folder_permissions",
+ Checkbox(
+ title = _("Export WATO folder permissions"),
+ label = _("Make WATO folder permissions usable e.g. by NagVis"),
+ help = _("It is possible to create maps representing the WATO folder
hierarchy within "
+ "NagVis by naming the maps like the folders are named internally.
To make the "
+ "restriction of access to the maps as comfortable as possible, the
permissions "
+ "configured within WATO can be exported to NagVis."),
+ default_value = False,
+ ),
+ domain = "multisite"
+)
+
#.
# .--Check_MK------------------------------------------------------------.
# | ____ _ _ __ __ _ __ |