tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

monitoring/security: Add missing permission checks of command actions

This commit is contained in:
Eric Lippmann 2015-02-03 17:36:16 +01:00
parent 2f254851e3
commit 5b5ad0acb9
3 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/monitoring/application/controllers/HostsController.php
View File

@ -169,6 +169,8 @@ class Monitoring_HostsController extends Controller
*/ */
public function acknowledgeProblemAction() public function acknowledgeProblemAction()
{ {
$this->assertPermission('monitoring/command/acknowledge-problem');
$this->view->title = $this->translate('Acknowledge Host Problems'); $this->view->title = $this->translate('Acknowledge Host Problems');
$this->handleCommandForm(new AcknowledgeProblemCommandForm()); $this->handleCommandForm(new AcknowledgeProblemCommandForm());
} }
@ -178,6 +180,8 @@ class Monitoring_HostsController extends Controller
*/ */
public function rescheduleCheckAction() public function rescheduleCheckAction()
{ {
$this->assertPermission('monitoring/command/schedule-check');
$this->view->title = $this->translate('Reschedule Host Checks'); $this->view->title = $this->translate('Reschedule Host Checks');
$this->handleCommandForm(new ScheduleHostCheckCommandForm()); $this->handleCommandForm(new ScheduleHostCheckCommandForm());
} }
@ -187,6 +191,8 @@ class Monitoring_HostsController extends Controller
*/ */
public function scheduleDowntimeAction() public function scheduleDowntimeAction()
{ {
$this->assertPermission('monitoring/command/downtime/schedule');
$this->view->title = $this->translate('Schedule Host Downtimes'); $this->view->title = $this->translate('Schedule Host Downtimes');
$this->handleCommandForm(new ScheduleHostDowntimeCommandForm()); $this->handleCommandForm(new ScheduleHostDowntimeCommandForm());
} }
@ -196,6 +202,8 @@ class Monitoring_HostsController extends Controller
*/ */
public function processCheckResultAction() public function processCheckResultAction()
{ {
$this->assertPermission('monitoring/command/process-check-result');
$this->view->title = $this->translate('Submit Passive Host Check Results'); $this->view->title = $this->translate('Submit Passive Host Check Results');
$this->handleCommandForm(new ProcessCheckResultCommandForm()); $this->handleCommandForm(new ProcessCheckResultCommandForm());
} }

8
modules/monitoring/application/controllers/ServicesController.php
View File

@ -218,6 +218,8 @@ class Monitoring_ServicesController extends Controller
*/ */
public function acknowledgeProblemAction() public function acknowledgeProblemAction()
{ {
$this->assertPermission('monitoring/command/acknowledge-problem');
$this->view->title = $this->translate('Acknowledge Service Problems'); $this->view->title = $this->translate('Acknowledge Service Problems');
$this->handleCommandForm(new AcknowledgeProblemCommandForm()); $this->handleCommandForm(new AcknowledgeProblemCommandForm());
} }
@ -227,6 +229,8 @@ class Monitoring_ServicesController extends Controller
*/ */
public function rescheduleCheckAction() public function rescheduleCheckAction()
{ {
$this->assertPermission('monitoring/command/schedule-check');
$this->view->title = $this->translate('Reschedule Service Checks'); $this->view->title = $this->translate('Reschedule Service Checks');
$this->handleCommandForm(new ScheduleServiceCheckCommandForm()); $this->handleCommandForm(new ScheduleServiceCheckCommandForm());
} }
@ -236,6 +240,8 @@ class Monitoring_ServicesController extends Controller
*/ */
public function scheduleDowntimeAction() public function scheduleDowntimeAction()
{ {
$this->assertPermission('monitoring/command/downtime/schedule');
$this->view->title = $this->translate('Schedule Service Downtimes'); $this->view->title = $this->translate('Schedule Service Downtimes');
$this->handleCommandForm(new ScheduleServiceDowntimeCommandForm()); $this->handleCommandForm(new ScheduleServiceDowntimeCommandForm());
} }
@ -245,6 +251,8 @@ class Monitoring_ServicesController extends Controller
*/ */
public function processCheckResultAction() public function processCheckResultAction()
{ {
$this->assertPermission('monitoring/command/process-check-result');
$this->view->title = $this->translate('Submit Passive Service Check Results'); $this->view->title = $this->translate('Submit Passive Service Check Results');
$this->handleCommandForm(new ProcessCheckResultCommandForm()); $this->handleCommandForm(new ProcessCheckResultCommandForm());
} }

1
modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php
View File

@ -142,6 +142,7 @@ abstract class MonitoredObjectController extends Controller
public function deleteCommentAction() public function deleteCommentAction()
{ {
$this->assertHttpMethod('POST'); $this->assertHttpMethod('POST');
$this->assertPermission('monitoring/command/comment/delete');
$this->handleCommandForm(new DeleteCommentCommandForm()); $this->handleCommandForm(new DeleteCommentCommandForm());
} }