tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-07-25 06:34:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix: /v1/console should only use a single permission

Browse Source 
fixes #10563
This commit is contained in:
Michael Friedrich 2015-11-08 14:17:13 +01:00
parent 1c8531fc0d
commit e6159ca86a
2 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/9-icinga2-api.md
View File

@ -209,8 +209,7 @@ Available permissions for specific URL endpoints:
objects/delete/<type> | /v1/objects | Yes objects/delete/<type> | /v1/objects | Yes
status/query/<type> | /v1/status | Yes status/query/<type> | /v1/status | Yes
events/<type> | /v1/events | No events/<type> | /v1/events | No
console/execute-script | /v1/console | No console | /v1/console | No
console/auto-complete-script | /v1/console | No
The required actions or types can be replaced by using a wildcard match ("*"). The required actions or types can be replaced by using a wildcard match ("*").

2
lib/remote/consolehandler.cpp
View File

@ -81,7 +81,7 @@ bool ConsoleHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& reques
String methodName = request.RequestUrl->GetPath()[2]; String methodName = request.RequestUrl->GetPath()[2];
String permission = "console/" + methodName; String permission = "console";
FilterUtility::CheckPermission(user, permission); FilterUtility::CheckPermission(user, permission);
String session = HttpUtility::GetLastParameter(params, "session"); String session = HttpUtility::GetLastParameter(params, "session");