View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
707 | RackTables | default | public | 2013-01-02 13:24 | 2013-03-02 23:13 |
Reporter | blaza-pl | Assigned To | adoom42 | ||
Priority | low | Severity | tweak | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 0.20.3 | ||||
Target Version | 0.20.4 | Fixed in Version | 0.20.4 | ||
Summary | 707: Hide conrols in Cacti tab when user has no permissions | ||||
Description | When user has no permissions to add/delete Cacti graphs but has permissions to the Cacti tab he should not see the control buttons and forms. | ||||
Steps To Reproduce | Create a user that cat access the Cacti tab but cannot add or delete graphs: deny {cacti_user} and ({$op_del} or {$op_add}) allow {cacti_user} and {$tab_cacti} Login as Cacti user and go to cacti tab. | ||||
Additional Information | I have created a patch to hide the controls when user doesn/t have permissions. | ||||
Tags | No tags attached. | ||||
cacti-perms.patch (2,138 bytes)
--- ../RackTables-0.20.3/wwwroot/inc/interface.php 2012-12-19 17:30:47.000000000 +0100 +++ /var/www/racktables/inc/interface.php 2013-01-02 13:13:47.421506476 +0100 @@ -8564,7 +8564,7 @@ foreach ($servers as $server) $options[$server['id']] = "${server['id']}: ${server['base_url']}"; startPortlet ('Cacti Graphs'); - if (getConfigVar ('ADDNEW_AT_TOP') == 'yes') + if (getConfigVar ('ADDNEW_AT_TOP') == 'yes' && permitted('object','cacti','add')) printNewItemTR ($options); echo "<table cellspacing=\"0\" cellpadding=\"10\" align=\"center\" width=\"50%\">"; foreach (getCactiGraphsForObject ($object_id) as $graph_id => $graph) @@ -8573,14 +8573,19 @@ $text = "(graph ${graph_id} on server ${graph['server_id']})"; echo "<tr><td>"; echo "<a href='${cacti_url}/graph.php?action=view&local_graph_id=${graph_id}&rra_id=all' target='_blank'>"; - echo "<img src='index.php?module=image&img=cactigraph&object_id=${object_id}&server_id=${graph['server_id']}&graph_id=${graph_id}' alt='${text}' title='${text}'></a></td>"; - echo "<td><a href='" . makeHrefProcess (array ('op' => 'del', 'server_id' => $graph['server_id'], 'graph_id' => $graph_id)); - echo "' onclick=\"javascript:return confirm('Are you sure you want to delete the graph?')\">"; - echo getImageHREF ('Cut', 'Unlink graph') . "</a> ${graph['caption']}"; + echo "<img src='index.php?module=image&img=cactigraph&object_id=${object_id}&server_id=${graph['server_id']}&graph_id=${graph_id}' alt='${text}' title='${text}'></a></td><td>"; + if(permitted('object','cacti','del')) + { + echo "<a href='" . makeHrefProcess (array ('op' => 'del', 'server_id' => $graph['server_id'], 'graph_id' => $graph_id)); + echo "' onclick=\"javascript:return confirm('Are you sure you want to delete the graph?')\">"; + echo getImageHREF ('Cut', 'Unlink graph') . "</a>"; + } + echo " ${graph['caption']}"; + echo "</td></tr>"; } echo '</table>'; - if (getConfigVar ('ADDNEW_AT_TOP') != 'yes') + if (getConfigVar ('ADDNEW_AT_TOP') != 'yes' && permitted('object','cacti','add')) printNewItemTR ($options); finishPortlet (); } |
|
Thanks for the patch. | |
Date Modified | Username | Field | Change |
---|---|---|---|
2013-01-02 13:24 | blaza-pl | New Issue | |
2013-01-02 13:24 | blaza-pl | File Added: cacti-perms.patch | |
2013-03-02 23:13 | adoom42 | Note Added: 0001185 | |
2013-03-02 23:13 | adoom42 | Assigned To | => adoom42 |
2013-03-02 23:13 | adoom42 | Status | new => closed |
2013-03-02 23:13 | adoom42 | Resolution | open => fixed |
2013-03-02 23:13 | adoom42 | Fixed in Version | => 0.20.4 |
2013-03-02 23:13 | adoom42 | Target Version | => 0.20.4 |