From bb7f1cd24b803180c7ddea382b5c736e57ee836a Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Thu, 5 Dec 2019 08:50:51 +0100 Subject: [PATCH] monitoring: Apply permission `no-monitoring/contacts` where applicable --- .../controllers/ListController.php | 9 ++++++ .../controllers/ShowController.php | 5 +++ .../partials/object/detail-content.phtml | 2 ++ modules/monitoring/configuration.php | 32 ++++++++++++------- .../Controller/MonitoredObjectController.php | 15 ++++++--- 5 files changed, 46 insertions(+), 17 deletions(-) diff --git a/modules/monitoring/application/controllers/ListController.php b/modules/monitoring/application/controllers/ListController.php index 737475199..ca923ba00 100644 --- a/modules/monitoring/application/controllers/ListController.php +++ b/modules/monitoring/application/controllers/ListController.php @@ -3,6 +3,7 @@ namespace Icinga\Module\Monitoring\Controllers; +use Icinga\Security\SecurityException; use Icinga\Web\Form; use Zend_Form; use Icinga\Data\Filter\Filter; @@ -308,6 +309,10 @@ class ListController extends Controller */ public function contactsAction() { + if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) { + throw new SecurityException('No permission for %s', 'monitoring/contacts'); + } + $this->addTitleTab( 'contacts', $this->translate('Contacts'), @@ -387,6 +392,10 @@ class ListController extends Controller */ public function contactgroupsAction() { + if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) { + throw new SecurityException('No permission for %s', 'monitoring/contacts'); + } + $this->addTitleTab( 'contactgroups', $this->translate('Contact Groups'), diff --git a/modules/monitoring/application/controllers/ShowController.php b/modules/monitoring/application/controllers/ShowController.php index 2af7d46d8..da495eee4 100644 --- a/modules/monitoring/application/controllers/ShowController.php +++ b/modules/monitoring/application/controllers/ShowController.php @@ -5,6 +5,7 @@ namespace Icinga\Module\Monitoring\Controllers; use Icinga\Module\Monitoring\Backend; use Icinga\Module\Monitoring\Controller; +use Icinga\Security\SecurityException; use Icinga\Web\Url; /** @@ -28,6 +29,10 @@ class ShowController extends Controller public function contactAction() { + if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) { + throw new SecurityException('No permission for %s', 'monitoring/contacts'); + } + $contactName = $this->params->getRequired('contact_name'); $this->getTabs()->add('contact-detail', [ diff --git a/modules/monitoring/application/views/scripts/partials/object/detail-content.phtml b/modules/monitoring/application/views/scripts/partials/object/detail-content.phtml index 3ab6dab17..0dc4572ec 100644 --- a/modules/monitoring/application/views/scripts/partials/object/detail-content.phtml +++ b/modules/monitoring/application/views/scripts/partials/object/detail-content.phtml @@ -26,7 +26,9 @@ render('show/components/notifications.phtml') ?> + hasPermission('*') || ! $this->hasPermission('no-monitoring/contacts')): ?> render('show/components/contacts.phtml') ?> +
diff --git a/modules/monitoring/configuration.php b/modules/monitoring/configuration.php index 9da2f77aa..867ffc43d 100644 --- a/modules/monitoring/configuration.php +++ b/modules/monitoring/configuration.php @@ -1,6 +1,8 @@ providePermission( @@ -216,18 +218,24 @@ $section->add(N_('Hostgroups'), array( 'url' => 'monitoring/list/hostgroups', 'priority' => 60 )); -$section->add(N_('Contacts'), array( - 'icon' => 'user', - 'description' => $this->translate('List contacts'), - 'url' => 'monitoring/list/contacts', - 'priority' => 70 -)); -$section->add(N_('Contactgroups'), array( - 'icon' => 'users', - 'description' => $this->translate('List users'), - 'url' => 'monitoring/list/contactgroups', - 'priority' => 70 -)); + +// Checking the permission here since navigation items don't support negating permissions +$auth = Auth::getInstance(); +if ($auth->hasPermission('*') || ! $auth->hasPermission('no-monitoring/contacts')) { + $section->add(N_('Contacts'), array( + 'icon' => 'user', + 'description' => $this->translate('List contacts'), + 'url' => 'monitoring/list/contacts', + 'priority' => 70 + )); + $section->add(N_('Contactgroups'), array( + 'icon' => 'users', + 'description' => $this->translate('List users'), + 'url' => 'monitoring/list/contactgroups', + 'priority' => 70 + )); +} + $section->add(N_('Comments'), array( 'icon' => 'chat-empty', 'description' => $this->translate('List comments'), diff --git a/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php b/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php index f4a1d44d2..4d07ca8b9 100644 --- a/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php +++ b/modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php @@ -149,11 +149,16 @@ abstract class MonitoredObjectController extends Controller || $this->getRequest()->getHeader('Accept') === 'application/json' ) { $payload = (array) $this->object->properties; - $payload += array( - 'contacts' => $this->object->contacts->fetchPairs(), - 'contact_groups' => $this->object->contactgroups->fetchPairs(), - 'vars' => $this->object->customvars - ); + $payload['vars'] = $this->object->customvars; + + if ($this->hasPermission('*') || ! $this->hasPermission('no-monitoring/contacts')) { + $payload['contacts'] = $this->object->contacts->fetchPairs(); + $payload['contact_groups'] = $this->object->contactgroups->fetchPairs(); + } else { + $payload['contacts'] = []; + $payload['contact_groups'] = []; + } + $groupName = $this->object->getType() . 'groups'; $payload[$groupName] = $this->object->$groupName; $this->getResponse()->json()