[checkmk-commits] Check_MK Git: check_mk: #1935 WATO Web-API: Reduced number configurable role permissions

Andreas Boesl ab at mathias-kettner.de
Wed Feb 4 15:46:16 CET 2015


Module: check_mk
Branch: master
Commit: 6415d9a7df43c61e565996d64d3a3a0f1e87662c
URL:    http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=6415d9a7df43c61e565996d64d3a3a0f1e87662c

Author: Andreas Boesl <ab at mathias-kettner.de>
Date:   Wed Feb  4 15:46:08 2015 +0100

#1935 WATO Web-API: Reduced number configurable role permissions

The WATO Web-API now has only one permission left (use API at all).
The permission itself has been moved to <i>WATO -> Access to Web-API</i>.

---

 .werks/1935                  |   10 +++++++++
 ChangeLog                    |    1 +
 web/htdocs/webapi.py         |   46 ++++++------------------------------------
 web/plugins/webapi/webapi.py |   40 ------------------------------------
 4 files changed, 17 insertions(+), 80 deletions(-)

diff --git a/.werks/1935 b/.werks/1935
new file mode 100644
index 0000000..1d3c0de
--- /dev/null
+++ b/.werks/1935
@@ -0,0 +1,10 @@
+Title: WATO Web-API: Reduced number configurable role permissions
+Level: 1
+Component: wato
+Compatible: compat
+Version: 1.2.7i1
+Date: 1423060960
+Class: feature
+
+The WATO Web-API now has only one permission left (use API at all).
+The permission itself has been moved to <i>WATO -> Access to Web-API</i>.
diff --git a/ChangeLog b/ChangeLog
index 7a8e64d..6a5c58e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -184,6 +184,7 @@
     * 1674 ibm_svc_license / other license checks: now able to configure limits...
             NOTE: Please refer to the migration notes!
     * 1934 WATO Web-API: Documentation is finally available...
+    * 1935 WATO Web-API: Reduced number configurable role permissions...
     * 1761 FIX: Ruleset search is now consistent for host & serviceparameters and manual checks
     * 1765 FIX: Fixed bug when generating nagvis backends while having sites with livestatus proxy configured...
     * 1789 FIX: Fix preview of passive checks in WATO list of services
diff --git a/web/htdocs/webapi.py b/web/htdocs/webapi.py
index 96e53aa..9d74ec5 100644
--- a/web/htdocs/webapi.py
+++ b/web/htdocs/webapi.py
@@ -50,36 +50,12 @@ def load_plugins():
     # are loaded).
     loaded_with_language = current_language
 
-    config.declare_permission("webapi.api_allowed", _("API accessible"),
-                                                    _("This permissions specifies if the role "\
-                                                      "is able to use web API functions at all"),
+    config.declare_permission("wato.api_allowed", _("Access to Web-API"),
+                                                  _("This permissions specifies if the role "\
+                                                    "is able to use Web-API functions. It is only available "\
+                                                    "for automation users."),
                               config.builtin_role_ids)
 
-    # Declare permissions for all api actions
-    config.declare_permission_section("webapi", _("Web API"), do_sort = True)
-    for name, settings in api_actions.items():
-        full_description  = "%s<br>API function <tt>{site}/check_mk/webapi.py?action=%s</tt>" % (settings.get("description",""), name)
-        example_request = settings.get("example_request")
-        if example_request:
-            full_description += "<br>"
-            if example_request[0]:
-                full_description += "<br>Optional GET parameters<br><table>"
-                for entry in example_request[0]:
-                    full_description += "<tr><td><tt>%s</tt></td><td>%s</td></tr>" % entry
-                full_description += "</table>"
-            if example_request[1]:
-                full_description +=  "<br>Example request ( Json formatted POST parameter <tt>request=</tt> ):<br>"
-                try:
-                    import json
-                    full_description += "<pre>%s</pre>" % json.dumps(example_request[1], sort_keys = True, indent = 2)
-                except:
-                    full_description += "<pre>%s</pre>" % pprint.pformat(example_request[1])
-
-        config.declare_permission("webapi.%s" % name,
-                settings["title"],
-                full_description,
-                config.builtin_role_ids)
-
 g_api = None
 
 def page_api():
@@ -89,14 +65,13 @@ def page_api():
         if not config.user.get("automation_secret"):
             raise MKAuthException("The WATO API is only available for automation users")
 
-        config.need_permission("webapi.api_allowed")
+        config.need_permission("wato.use")
+        config.need_permission("wato.api_allowed")
 
         action = html.var('action')
         if action not in api_actions:
             raise MKUserError(None, "Unknown API action %s" % html.attrencode(action))
 
-        config.need_permission("webapi.%s" % action)
-
         # Create API instance
         g_api = API()
 
@@ -128,19 +103,10 @@ def page_api():
         if api_actions[action].get("locking", True):
             g_api.lock_wato()
 
-        if html.var("debug_webapi"):
-            if api_actions[action]["example_request"]:
-                example_request = api_actions[action]["example_request"]
-                for entry, description in example_request[0]:
-                    key, value = entry.split("=")
-                    html.set_var(key, value)
-                request_object = example_request[1]
 
         action_response = api_actions[action]["handler"](request_object)
         response = { "result_code": 0, "result": action_response }
     except Exception, e:
-        #import traceback
-        #html.debug(traceback.format_exc().replace("\n","<br>"))
         response = { "result_code": 1, "result": str(e) }
 
     output_format = html.var("output_format", "json")
diff --git a/web/plugins/webapi/webapi.py b/web/plugins/webapi/webapi.py
index ce38c60..7a447d6 100644
--- a/web/plugins/webapi/webapi.py
+++ b/web/plugins/webapi/webapi.py
@@ -46,18 +46,6 @@ def action_add_host(request):
 
 api_actions["add_host"] = {
     "handler"         : action_add_host,
-    "title"           : _("Add a host to WATO"),
-    "description"     : _("This webservice allows you to add a new host."),
-    "example_request" : ([("create_folders=1", _("If set to 1 (default) create non-existing folders"))],
-                         { "attributes": {
-                                    "tag_criticality": "prod",
-                                    "tag_agent": "cmk-agent",
-                                    "alias": "Alias of testhost",
-                                    "ipaddress": "127.0.0.1",
-                                },
-                          "folder": "server",
-                          "hostname": "testhost"
-                         }),
     "locking"         : True,
 }
 
@@ -77,17 +65,6 @@ def action_edit_host(request):
 
 api_actions["edit_host"] = {
     "handler"     : action_edit_host,
-    "title"       : _("Edit a host in WATO"),
-    "description" : _("Allows you to modify the host attributes in WATO, but can not change a hosts folder.<br>"\
-                      "If you want to unset a host_tag specify it with <tt>tag_agent=False</tt>."),
-    "example_request" : ([],
-                         { "attributes": {
-                                    "tag_agent": "snmp-only",
-                                    "site": "slave"
-                                },
-                           "unset_attributes": ["tag_criticality"],
-                           "hostname": "testhost"
-                         }),
     "locking"     : True,
 }
 
@@ -108,10 +85,6 @@ def action_get_host(request):
 
 api_actions["get_host"] = {
     "handler"         : action_get_host,
-    "title"           : _("Get host data from WATO"),
-    "description"     : _("Returns the host_attributes of the given hostname"),
-    "example_request" : ( [("effective_attributes=0", _("If set to 1 (default=0) also get attributes from parent folders"))],
-                          { "hostname": "testhost" } ),
     "locking"         : False,
 }
 
@@ -127,10 +100,6 @@ def action_delete_host(request):
 
 api_actions["delete_host"] = {
     "handler"     : action_delete_host,
-    "title"       : _("Delete host in WATO"),
-    "description" : _("Deletes the given hostname in WATO"),
-    "example_request" : ( [],
-                          { "hostname": "testhost" } ),
     "locking"     : True,
 }
 
@@ -148,10 +117,6 @@ def action_discover_services(request):
 
 api_actions["discover_services"] = {
     "handler"     : action_discover_services,
-    "title"       : _("Host service discovery"),
-    "description" : _("Starts a service discovery for the given hostname."),
-    "example_request" : ( [("mode=new",_("Available modes: new, remove, fixall, refresh"))],
-                          { "hostname": "testhost" } ),
     "locking"     : True,
 }
 
@@ -169,11 +134,6 @@ def action_activate_changes(request):
 
 api_actions["activate_changes"] = {
     "handler"         : action_activate_changes,
-    "title"           : _("Activate changes"),
-    "description"     : _("Activates changes. The user still needs the required permissions to do so."),
-    "example_request" : ( [("allow_foreign_changes=0", _("If set to 1 (default=0) proceed if there are foreign changes")),
-                           ("mode=dirty", _("Available modes: dirty (only dirty sites), all (all sites), specific (use sites set in request)"))],
-                          { "sites": ["slave", "localsite"] }),
     "locking"         : True,
 }
 



More information about the checkmk-commits mailing list