tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't allow users to delete objects that weren't created using the API 

refs #9082
This commit is contained in:
Gunnar Beutner 2015-08-18 08:17:34 +02:00 committed by Michael Friedrich
parent d118b71a2a
commit 60a30d50f6
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/remote/createobjecthandler.cpp
View File

@ -61,6 +61,7 @@ bool CreateObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& r
builder->SetType(type->GetName());
builder->SetName(name);
builder->SetScope(ScriptGlobal::GetGlobals());
builder->SetModule("_api");
Array::Ptr templates = params->Get("templates");

9
lib/remote/deleteobjecthandler.cpp
View File

@ -65,6 +65,13 @@ bool DeleteObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& r
Dictionary::Ptr result1 = new Dictionary();
result1->Set("type", type->GetName());
result1->Set("name", obj->GetName());
results->Add(result1);
if (obj->GetModule() != "_api") {
result1->Set("code", 500);
result1->Set("status", "Object cannot be deleted because it was not created using the API.");
continue;
}
ConfigItem::Ptr item = ConfigItem::GetObject(type->GetName(), obj->GetName());
@ -82,8 +89,6 @@ bool DeleteObjectHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& r
result1->Set("code", 500);
result1->Set("status", "Object could not be deleted: " + DiagnosticInformation(ex));
}
results->Add(result1);
}
Dictionary::Ptr result = new Dictionary();