[icinga-checkins] icinga.org: icinga2/master: Fix default behavior when none of the specified objects pass the user' s permission filter

git at icinga.org git at icinga.org
Mon Jun 13 08:52:44 CEST 2016


Module: icinga2
Branch: master
Commit: 40720523999ea46d2d36cf12b4bcf6beb3b5d558
URL:    https://git.icinga.org/?p=icinga2.git;a=commit;h=40720523999ea46d2d36cf12b4bcf6beb3b5d558

Author: Gunnar Beutner <gunnar.beutner at netways.de>
Date:   Mon Jun 13 08:52:03 2016 +0200

Fix default behavior when none of the specified objects pass the user's permission filter

fixes #11926

---

 lib/remote/filterutility.cpp |   15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/remote/filterutility.cpp b/lib/remote/filterutility.cpp
index d9f50e7..c3f2049 100644
--- a/lib/remote/filterutility.cpp
+++ b/lib/remote/filterutility.cpp
@@ -211,10 +211,13 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
 			attr = "name";
 
 		if (query->Contains(attr)) {
-			Object::Ptr target = provider->GetTargetByName(type, HttpUtility::GetLastParameter(query, attr));
+			String name = HttpUtility::GetLastParameter(query, attr);
+			Object::Ptr target = provider->GetTargetByName(type, name);
 
-			if (FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
-				result.push_back(target);
+			if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
+				BOOST_THROW_EXCEPTION(ScriptError("Access denied to object '" + name + "' of type '" + type + "'"));
+
+			result.push_back(target);
 		}
 
 		attr = provider->GetPluralName(type);
@@ -227,8 +230,10 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
 				BOOST_FOREACH(const String& name, names) {
 					Object::Ptr target = provider->GetTargetByName(type, name);
 
-					if (FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
-						result.push_back(target);
+					if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
+						BOOST_THROW_EXCEPTION(ScriptError("Access denied to object '" + name + "' of type '" + type + "'"));
+
+					result.push_back(target);
 				}
 			}
 		}



More information about the icinga-checkins mailing list