[icinga-checkins] icinga.org: icingaweb2-module-director/master: inspect: enforce permissions

git at icinga.org git at icinga.org
Thu Nov 3 11:50:14 CET 2016


Module: icingaweb2-module-director
Branch: master
Commit: d00644956474072afa5c59a8eedc5c8507a549fa
URL:    https://git.icinga.org/?p=icingaweb2-module-director.git;a=commit;h=d00644956474072afa5c59a8eedc5c8507a549fa

Author: Thomas Gelf <thomas at gelf.net>
Date:   Thu Nov  3 11:49:04 2016 +0100

inspect: enforce permissions

fixes #11763
fixes #11764

---

 application/controllers/EndpointController.php         |    1 +
 application/controllers/InspectController.php          |    6 ++++++
 .../Director/ProvidedHook/Monitoring/HostActions.php   |   16 +++++++++++-----
 .../ProvidedHook/Monitoring/ServiceActions.php         |    5 +++++
 4 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/application/controllers/EndpointController.php b/application/controllers/EndpointController.php
index 93be515..5e64e2b 100644
--- a/application/controllers/EndpointController.php
+++ b/application/controllers/EndpointController.php
@@ -8,6 +8,7 @@ class EndpointController extends ObjectController
 {
     public function init()
     {
+        $this->assertPermission('director/inspect');
         parent::init();
         if ($this->object && $this->object->hasApiUser()) {
             $params['endpoint'] = $this->object->object_name;
diff --git a/application/controllers/InspectController.php b/application/controllers/InspectController.php
index 668bd36..65525de 100644
--- a/application/controllers/InspectController.php
+++ b/application/controllers/InspectController.php
@@ -6,6 +6,12 @@ use Icinga\Module\Director\Web\Controller\ActionController;
 
 class InspectController extends ActionController
 {
+    public function init()
+    {
+        $this->assertPermission('director/inspect');
+        parent::init();
+    }
+
     public function typesAction()
     {
         $api = $this->api();
diff --git a/library/Director/ProvidedHook/Monitoring/HostActions.php b/library/Director/ProvidedHook/Monitoring/HostActions.php
index 24f8d86..3ae3538 100644
--- a/library/Director/ProvidedHook/Monitoring/HostActions.php
+++ b/library/Director/ProvidedHook/Monitoring/HostActions.php
@@ -6,6 +6,7 @@ use Exception;
 use Icinga\Application\Config;
 use Icinga\Module\Director\Db;
 use Icinga\Module\Director\Objects\IcingaHost;
+use Icinga\Module\Director\Util;
 use Icinga\Module\Monitoring\Hook\HostActionsHook;
 use Icinga\Module\Monitoring\Object\Host;
 use Icinga\Web\Url;
@@ -29,16 +30,21 @@ class HostActions extends HostActionsHook
         }
 
         if (IcingaHost::exists($host->host_name, $db)) {
-            return array(
+            $actions = array(
                 'Modify' => Url::fromPath(
                     'director/host/edit',
                     array('name' => $host->host_name)
-                ),
-                'Inspect' => Url::fromPath(
-                    'director/inspect/object',
-                    array('type' => 'host', 'plural' => 'hosts', 'name' => $host->host_name)
                 )
             );
+
+            if (Util::hasPermission('director/inspect')) {
+                $actions['Inspect'] = Url::fromPath(
+                    'director/inspect/object',
+                    array('type' => 'host', 'plural' => 'hosts', 'name' => $host->host_name)
+                );
+            }
+
+            return $actions;
         } else {
             return array();
         }
diff --git a/library/Director/ProvidedHook/Monitoring/ServiceActions.php b/library/Director/ProvidedHook/Monitoring/ServiceActions.php
index 4c9414c..65b8507 100644
--- a/library/Director/ProvidedHook/Monitoring/ServiceActions.php
+++ b/library/Director/ProvidedHook/Monitoring/ServiceActions.php
@@ -6,6 +6,7 @@ use Exception;
 use Icinga\Application\Config;
 use Icinga\Module\Director\Db;
 use Icinga\Module\Director\Objects\IcingaHost;
+use Icinga\Module\Director\Util;
 use Icinga\Module\Monitoring\Hook\ServiceActionsHook;
 use Icinga\Module\Monitoring\Object\Service;
 use Icinga\Web\Url;
@@ -23,6 +24,10 @@ class ServiceActions extends ServiceActionsHook
 
     protected function getThem(Service $service)
     {
+        if (! Util::hasPermission('director/inspect')) {
+            return array();
+        }
+
         $db = $this->db();
         if (! $db) {
             return array();



More information about the icinga-checkins mailing list