[icinga-checkins] icinga.org: icinga-web/master: * Additional credential check in API ( fixes #2305)

git at icinga.org git at icinga.org
Wed Feb 15 16:49:29 CET 2012


Module: icinga-web
Branch: master
Commit: 0c238c248969e722f6f31e0d9ed4f3b9be6188b9
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=0c238c248969e722f6f31e0d9ed4f3b9be6188b9

Author: Jannis Mosshammer <jannis.mosshammer at netways.de>
Date:   Wed Feb  8 14:00:37 2012 +0100

* Additional credential check in API (fixes #2305)

---

 app/modules/Api/actions/ApiCommandAction.class.php |    2 +-
 app/modules/Api/actions/ApiSearchAction.class.php  |    4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/modules/Api/actions/ApiCommandAction.class.php b/app/modules/Api/actions/ApiCommandAction.class.php
index 566dde5..f8ce0dd 100644
--- a/app/modules/Api/actions/ApiCommandAction.class.php
+++ b/app/modules/Api/actions/ApiCommandAction.class.php
@@ -11,7 +11,7 @@ class Api_ApiCommandAction extends IcingaApiBaseAction {
     }
 
     public function executeWrite(AgaviRequestDataHolder $rd) {
-        if (!$this->context->getUser()->isAuthenticated()) {
+        if (!$this->context->getUser()->isAuthenticated() || !$this->context->getUser()->hasCredential('icinga.user')) {
 	        return array('Api', 'GenericError');
 	    }
 
diff --git a/app/modules/Api/actions/ApiSearchAction.class.php b/app/modules/Api/actions/ApiSearchAction.class.php
index 5c6ade4..be1f3dd 100644
--- a/app/modules/Api/actions/ApiSearchAction.class.php
+++ b/app/modules/Api/actions/ApiSearchAction.class.php
@@ -51,8 +51,8 @@ class Api_ApiSearchAction extends IcingaApiBaseAction {
 
     public function executeRead(AgaviRequestDataHolder $rd) {
         
-        if (!$this->context->getUser()->isAuthenticated()) {
-	        return array('Api', 'GenericError');
+        if (!$this->context->getUser()->isAuthenticated() || !$this->context->getUser()->hasCredential('icinga.user')) {
+            return array('Api', 'GenericError');
 	    }
         
         $context = $this->getContext();





More information about the icinga-checkins mailing list