tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 07:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

monitoring/security: Guard delete comment action

Browse Source
This commit is contained in:
Eric Lippmann 2015-02-03 16:11:56 +01:00
parent d701f9a354
commit 4ef5f0c813
2 changed files with 50 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
library/Icinga/Web/Widget/FilterEditor.php
View File

@ -123,26 +123,55 @@ class FilterEditor extends AbstractWidget
{ {
$found = false; $found = false;
if ($filter->isChain() && $filter->getOperatorName() === 'AND') { if ($filter->isChain() && $filter->getOperatorName() === 'AND') {
foreach ($filter->filters() as $f) { if (is_array($column)) {
if ($f->isExpression() foreach ($filter->filters() as $f) {
&& $f->getColumn() === $column if ($f->isChain() && $f->getOperatorName() === 'OR') {
&& $f->getSign() === $sign
) { }
$f->setExpression($expression); }
$found = true; } else {
break; foreach ($filter->filters() as $f) {
if ($f->isExpression()
&& $f->getColumn() === $column
&& $f->getSign() === $sign
) {
$f->setExpression($expression);
$found = true;
break;
}
} }
} }
} elseif ($filter->isExpression()) { } elseif ($filter->isExpression() && $filter->getSign() === $sign) {
if ($filter->getColumn() === $column && $filter->getSign() === $sign) { if (is_array($column)) {
if (in_array($filter->getColumn(), $column)) {
$or = Filter::matchAny();
foreach ($column as $col) {
$or->addFilter(
Filter::expression($col, $sign, $expression)
);
}
$filter = $filter->andFilter($or);
$found = true;
}
} elseif ($filter->getColumn() === $column) {
$filter->setExpression($expression); $filter->setExpression($expression);
$found = true; $found = true;
} }
} }
if (! $found) { if (! $found) {
$filter = $filter->andFilter( if (is_array($column)) {
Filter::expression($column, $sign, $expression) $or = Filter::matchAny();
); foreach ($column as $col) {
$or->addFilter(
Filter::expression($col, $sign, $expression)
);
}
$filter = $filter->andFilter($or);
} else {
$filter = $filter->andFilter(
Filter::expression($column, $sign, $expression)
);
}
} }
return $filter; return $filter;
} }
@ -183,25 +212,25 @@ class FilterEditor extends AbstractWidget
// TODO: Ask the view for (multiple) search columns // TODO: Ask the view for (multiple) search columns
switch($request->getActionName()) { switch($request->getActionName()) {
case 'services': case 'services':
$searchCol = 'service_description'; $searchCols = array('service_description', 'service_display_name');
break; break;
case 'hosts': case 'hosts':
$searchCol = 'host_name'; $searchCols = array('host_name', 'host_display_name');
break; break;
case 'hostgroups': case 'hostgroups':
$searchCol = 'hostgroup'; $searchCols = array('hostgroup', 'hostgroup_alias');
break; break;
case 'servicegroups': case 'servicegroups':
$searchCol = 'servicegroup'; $searchCols = array('servicegroup', 'servicegroup_alias');
break; break;
default: default:
$searchCol = null; $searchCols = null;
} }
if ($searchCol === null) { if ($searchCols === null) {
throw new Exception('Cannot search here'); throw new Exception('Cannot search here');
} }
$filter = $this->mergeRootExpression($filter, $searchCol, '=', "*$search*"); $filter = $this->mergeRootExpression($filter, $searchCols, '=', "*$search*");
} else { } else {
list($k, $v) = preg_split('/=/', $search); list($k, $v) = preg_split('/=/', $search);

1
modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php
View File

@ -142,6 +142,7 @@ abstract class MonitoredObjectController extends Controller
public function deleteCommentAction() public function deleteCommentAction()
{ {
$this->assertHttpMethod('POST'); $this->assertHttpMethod('POST');
$this->assertPermission('monitoring/command/comment/delete');
$this->handleCommandForm(new DeleteCommentCommandForm()); $this->handleCommandForm(new DeleteCommentCommandForm());
} }